Revise ASecureSocket::OpenSSLProtocol and associated Client/Server methods

[408b7f8b]

ASecureSocket::OpenSSLProtocol is used in ASecureSocket::SetUpCtxClient and ASecureSocket::SetUpCtxServer for defining the correct socket method. As now all client and server methods besides "TLS_client_method()" and "TLS_server_method()" are deprecated, ASecureSocket::OpenSSLProtocol should be revised. Also, the current ASecureSocket::OpenSSLProtocol does not allow choosing TLS v1.2 or v1.1.

I'd propose to add "TLS" to ASecureSocket::OpenSSLProtocol and add

ASecureSocket::SetUpCtxClient case OpenSSLProtocol::TLS: Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_client_method()); break;

ASecureSocket::SetUpCtxServer case OpenSSLProtocol::TLS: Socket.m_pMTHDSSL = const_cast<SSL_METHOD*>(TLS_server_method()); break;

Thanks!

[embeddedmz]

Hello, That sounds good ! You can make a pull request and I will merge it. Thanks.

[408b7f8b]

See #4

[embeddedmz]

Merged ! Thanks !

Compiles and works fine under Ubuntu 18 but not under Centos 7 : the TLS_client_method() and TLS_server_method() are not available in the older versions of OpenSSL. I had to compile and install the latest version somewhere on my Centos 7 machine and modify the CMakeLists.txt to make it compile.

Maybe we should use a macro or something to let the library compiles with the older versions of OpenSSL (example : https://github.com/xrootd/xrootd/issues/355)

[408b7f8b]

I'd put a single outcommented define via the CMakeLists.txt, like "add_compile_definitions(NO_FLEXIBLE_METHOD)", that may be activated. The new methods are available in all current OpenSSL versions (1.0.2 and 1.1.0), and as OpenSSL is the last library one shouldn't keep up to date ^^, I wouldn't put that much work into it.

[embeddedmz]

Are you sure for the 1.0.2 version ? because In Centos 7, the version that you can install via yum is "1.0.2k".

[408b7f8b]

Excuse me, I meant 1.0.2q and 1.1.0j.