[Icecast-dev] [PATCH] [libshout] tls: compile with OpenSSL 1.1.0

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Thu Nov 16 08:03:34 UTC 2017

The init functions are not longer required in OpenSSL 1.1 so I dropped

TLSv1_client_method() should not be used because it enables only the
TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable
all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3
is theoretically possible but as of today those protocols are usually
build-time disabled.
To avoid all this OpenSSL 1.1 provides TLS_client_method() which is aim
to provide to highest TLS protocol version (same as
SSLv23_client_method() but it is deprecated in 1.1).

Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 src/tls.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index d1af607c0014..fc8a748f3ecf 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -24,6 +24,7 @@
 #include <shout/shout.h>
+#include <string.h>
 #include "shout_private.h"
 #ifndef XXX_HAVE_X509_check_host
@@ -61,16 +62,20 @@ shout_tls_t *shout_tls_new(shout_t *self, sock_t socket)
 static inline int tls_setup(shout_tls_t *tls)
-    SSL_METHOD *meth;
+    const SSL_METHOD *meth;
-    meth = TLSv1_client_method();
+    meth = SSLv23_client_method();
     if (!meth)
         goto error;
+    meth = TLS_client_method();
     tls->ssl_ctx = SSL_CTX_new(meth);
     if (!tls->ssl_ctx)

More information about the Icecast-dev mailing list