diff -cr stunnel-3.22/options.c stunnel-3.22-new/options.c *** stunnel-3.22/options.c Sun Dec 23 21:08:51 2001 --- stunnel-3.22-new/options.c Tue Feb 19 14:21:11 2002 *************** *** 84,91 **** options.random_bytes=RANDOM_BYTES; options.output_file=NULL; options.local_ip=NULL; opterr=0; ! while ((c = getopt(argc, argv, "A:a:cp:v:d:fTl:L:r:s:g:t:u:n:N:hC:D:O:E:R:WB:VP:S:o:I:")) != EOF) switch (c) { case 'A': safecopy(options.cert_file,optarg); --- 84,92 ---- options.random_bytes=RANDOM_BYTES; options.output_file=NULL; options.local_ip=NULL; + options.method=NULL; opterr=0; ! while ((c = getopt(argc, argv, "A:a:cp:v:d:fTl:L:r:s:g:t:u:m:n:N:hC:D:O:E:R:WB:VP:S:o:I:")) != EOF) switch (c) { case 'A': safecopy(options.cert_file,optarg); *************** *** 230,235 **** --- 231,239 ---- print_info(); } break; + case 'm': + options.method=optarg; + break; case 'V': print_version(); exit(0); *************** *** 344,349 **** --- 348,354 ---- #ifndef USE_WIN32 "[-P { dir/ | filename | none } ] " + "\n\t[-m method]" "\n\t[-d [host:]port [-f] ] " "\n\t[-r [host:]port | { -l | -L } program [-- args] ] " #else *************** *** 391,396 **** --- 396,402 ---- "\n -P arg\tspecify pid file { dir/ | filename | none }" #endif "\n -C list\tset permitted SSL ciphers" + "\n -m method\tset SSL method: ssl2, ssl3, tls1" #if SSLEAY_VERSION_NUMBER >= 0x0090581fL "\n -E socket\tpath to Entropy Gathering Daemon socket" #ifdef EGD_SOCKET diff -cr stunnel-3.22/prototypes.h stunnel-3.22-new/prototypes.h *** stunnel-3.22/prototypes.h Sun Nov 11 20:16:01 2001 --- stunnel-3.22-new/prototypes.h Tue Feb 19 14:14:31 2002 *************** *** 111,116 **** --- 111,117 ---- int cert_defaults; char *output_file; u32 *local_ip; + char *method; } server_options; typedef enum { diff -cr stunnel-3.22/ssl.c stunnel-3.22-new/ssl.c *** stunnel-3.22/ssl.c Sun Dec 23 20:46:03 2001 --- stunnel-3.22-new/ssl.c Tue Feb 19 14:15:57 2002 *************** *** 71,85 **** SSL_CTX *ctx; /* global SSL context */ void context_init() { /* init SSL */ if(!init_prng()) log(LOG_INFO, "PRNG seeded successfully"); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); if(options.option&OPT_CLIENT) { ! ctx=SSL_CTX_new(SSLv3_client_method()); } else { /* Server mode */ ! ctx=SSL_CTX_new(SSLv23_server_method()); #ifndef NO_RSA SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); #endif /* NO_RSA */ --- 71,106 ---- SSL_CTX *ctx; /* global SSL context */ void context_init() { /* init SSL */ + SSL_METHOD *meth; if(!init_prng()) log(LOG_INFO, "PRNG seeded successfully"); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); if(options.option&OPT_CLIENT) { ! if (options.method == NULL) ! meth = SSLv23_client_method(); ! else if (strcmp(options.method, "ssl2") == 0) ! meth = SSLv2_client_method(); ! else if (strcmp(options.method, "ssl3") == 0) ! meth = SSLv3_client_method(); ! else if (strcmp(options.method, "tls1") == 0) ! meth = TLSv1_client_method(); ! else ! meth = SSLv23_client_method(); ! ctx=SSL_CTX_new(meth); } else { /* Server mode */ ! if (options.method == NULL) ! meth = SSLv23_server_method(); ! else if (strcmp(options.method, "ssl2") == 0) ! meth = SSLv2_server_method(); ! else if (strcmp(options.method, "ssl3") == 0) ! meth = SSLv3_server_method(); ! else if (strcmp(options.method, "tls1") == 0) ! meth = TLSv1_server_method(); ! else ! meth = SSLv23_server_method(); ! ctx=SSL_CTX_new(meth); #ifndef NO_RSA SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); #endif /* NO_RSA */