use SSLv23 method (it support SSLv2, v3 and TLSv1) instead of only TLSv1 method as some server (gmail) don't support TLSv1 method. fixes #3786
This commit is contained in:
parent
2f6106bda5
commit
1d745c1c9d
|
@ -758,8 +758,10 @@ class NonBlockingTLS(PlugIn):
|
||||||
log.debug("_startSSL_pyOpenSSL called")
|
log.debug("_startSSL_pyOpenSSL called")
|
||||||
tcpsock = self._owner.Connection
|
tcpsock = self._owner.Connection
|
||||||
# FIXME: should method be configurable?
|
# FIXME: should method be configurable?
|
||||||
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
|
# Some gmail server don't support TLSv1, but only SSLv3, so use method
|
||||||
#tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
|
# that allow SSLv2, v3 and TLSv1
|
||||||
|
#tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
|
||||||
|
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
|
||||||
tcpsock.ssl_errnum = 0
|
tcpsock.ssl_errnum = 0
|
||||||
tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER, self._ssl_verify_callback)
|
tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER, self._ssl_verify_callback)
|
||||||
cacerts = os.path.join(common.gajim.DATA_DIR, 'other', 'cacerts.pem')
|
cacerts = os.path.join(common.gajim.DATA_DIR, 'other', 'cacerts.pem')
|
||||||
|
|
Loading…
Reference in New Issue