From 65d3c9047f5a254a7690178b514655d7b7d7f6f6 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 17 Oct 2021 17:21:09 +0900
Subject: [PATCH] Replace TLSv23_method with TLS_method

---
 examples/client.c          | 2 +-
 examples/libevent-client.c | 2 +-
 examples/libevent-server.c | 2 +-
 src/HttpServer.cc          | 2 +-
 src/h2load.cc              | 2 +-
 src/nghttp.cc              | 2 +-
 src/shrpx_tls.cc           | 4 ++--
 src/shrpx_tls_test.cc      | 4 ++--
 8 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/examples/client.c b/examples/client.c
index 22f585f7..40bfd238 100644
--- a/examples/client.c
+++ b/examples/client.c
@@ -544,7 +544,7 @@ static void fetch_uri(const struct URI *uri) {
   if (fd == -1) {
     die("Could not open file descriptor");
   }
-  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+  ssl_ctx = SSL_CTX_new(TLS_client_method());
   if (ssl_ctx == NULL) {
     dief("SSL_CTX_new", ERR_error_string(ERR_get_error(), NULL));
   }
diff --git a/examples/libevent-client.c b/examples/libevent-client.c
index e7c78cf5..2debd7b8 100644
--- a/examples/libevent-client.c
+++ b/examples/libevent-client.c
@@ -328,7 +328,7 @@ static int select_next_proto_cb(SSL *ssl, unsigned char **out,
 /* Create SSL_CTX. */
 static SSL_CTX *create_ssl_ctx(void) {
   SSL_CTX *ssl_ctx;
-  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+  ssl_ctx = SSL_CTX_new(TLS_client_method());
   if (!ssl_ctx) {
     errx(1, "Could not create SSL/TLS context: %s",
          ERR_error_string(ERR_get_error(), NULL));
diff --git a/examples/libevent-server.c b/examples/libevent-server.c
index a30a5e89..9f4e1281 100644
--- a/examples/libevent-server.c
+++ b/examples/libevent-server.c
@@ -143,7 +143,7 @@ static int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
 static SSL_CTX *create_ssl_ctx(const char *key_file, const char *cert_file) {
   SSL_CTX *ssl_ctx;
 
-  ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+  ssl_ctx = SSL_CTX_new(TLS_server_method());
   if (!ssl_ctx) {
     errx(1, "Could not create SSL/TLS context: %s",
          ERR_error_string(ERR_get_error(), NULL));
diff --git a/src/HttpServer.cc b/src/HttpServer.cc
index dacb4b15..e82310e9 100644
--- a/src/HttpServer.cc
+++ b/src/HttpServer.cc
@@ -2110,7 +2110,7 @@ int HttpServer::run() {
   std::vector<unsigned char> next_proto;
 
   if (!config_->no_tls) {
-    ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+    ssl_ctx = SSL_CTX_new(TLS_server_method());
     if (!ssl_ctx) {
       std::cerr << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
       return -1;
diff --git a/src/h2load.cc b/src/h2load.cc
index 6a58d1ae..46962cd5 100644
--- a/src/h2load.cc
+++ b/src/h2load.cc
@@ -2811,7 +2811,7 @@ int main(int argc, char **argv) {
   act.sa_handler = SIG_IGN;
   sigaction(SIGPIPE, &act, nullptr);
 
-  auto ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+  auto ssl_ctx = SSL_CTX_new(TLS_client_method());
   if (!ssl_ctx) {
     std::cerr << "Failed to create SSL_CTX: "
               << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
diff --git a/src/nghttp.cc b/src/nghttp.cc
index 30ef26d3..5d62baef 100644
--- a/src/nghttp.cc
+++ b/src/nghttp.cc
@@ -2268,7 +2268,7 @@ int communicate(
   auto loop = EV_DEFAULT;
   SSL_CTX *ssl_ctx = nullptr;
   if (scheme == "https") {
-    ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+    ssl_ctx = SSL_CTX_new(TLS_client_method());
     if (!ssl_ctx) {
       std::cerr << "[ERROR] Failed to create SSL_CTX: "
                 << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc
index e332ba63..7913d86a 100644
--- a/src/shrpx_tls.cc
+++ b/src/shrpx_tls.cc
@@ -927,7 +927,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
                             neverbleed_t *nb
 #endif // HAVE_NEVERBLEED
 ) {
-  auto ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+  auto ssl_ctx = SSL_CTX_new(TLS_server_method());
   if (!ssl_ctx) {
     LOG(FATAL) << ERR_error_string(ERR_get_error(), nullptr);
     DIE();
@@ -1694,7 +1694,7 @@ SSL_CTX *create_ssl_client_context(
     int (*next_proto_select_cb)(SSL *s, unsigned char **out,
                                 unsigned char *outlen, const unsigned char *in,
                                 unsigned int inlen, void *arg)) {
-  auto ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+  auto ssl_ctx = SSL_CTX_new(TLS_client_method());
   if (!ssl_ctx) {
     LOG(FATAL) << ERR_error_string(ERR_get_error(), nullptr);
     DIE();
diff --git a/src/shrpx_tls_test.cc b/src/shrpx_tls_test.cc
index 0f130f60..ef80a1a7 100644
--- a/src/shrpx_tls_test.cc
+++ b/src/shrpx_tls_test.cc
@@ -121,7 +121,7 @@ void test_shrpx_tls_cert_lookup_tree_add_ssl_ctx(void) {
 
   static constexpr char nghttp2_certfile[] =
       NGHTTP2_SRC_DIR "/test.nghttp2.org.pem";
-  auto nghttp2_ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+  auto nghttp2_ssl_ctx = SSL_CTX_new(TLS_server_method());
   auto nghttp2_ssl_ctx_del = defer(SSL_CTX_free, nghttp2_ssl_ctx);
   auto nghttp2_tls_ctx_data = std::make_unique<tls::TLSContextData>();
   nghttp2_tls_ctx_data->cert_file = nghttp2_certfile;
@@ -132,7 +132,7 @@ void test_shrpx_tls_cert_lookup_tree_add_ssl_ctx(void) {
 
   static constexpr char examples_certfile[] =
       NGHTTP2_SRC_DIR "/test.example.com.pem";
-  auto examples_ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+  auto examples_ssl_ctx = SSL_CTX_new(TLS_server_method());
   auto examples_ssl_ctx_del = defer(SSL_CTX_free, examples_ssl_ctx);
   auto examples_tls_ctx_data = std::make_unique<tls::TLSContextData>();
   examples_tls_ctx_data->cert_file = examples_certfile;