From 3031debfd67e17abbd92d861b40488eb8f956445 Mon Sep 17 00:00:00 2001 From: Martijn Otto Date: Wed, 11 Mar 2020 09:16:30 +0100 Subject: [PATCH 1/2] Bump downloaded boost version to 1.72 --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c46097358..4d1a39127 100644 --- a/README.md +++ b/README.md @@ -332,13 +332,13 @@ If you are using the older Raspbian Jessie image, compiling Monero is a bit more * Then, install the dependencies for Monero except `libunwind` and `libboost-all-dev` -* Install the latest version of boost (this may first require invoking `apt-get remove --purge libboost*` to remove a previous version if you're not using a clean install): +* Install the latest version of boost (this may first require invoking `apt-get remove --purge libboost*-dev` to remove a previous version if you're not using a clean install): ```bash cd - wget https://sourceforge.net/projects/boost/files/boost/1.64.0/boost_1_64_0.tar.bz2 - tar xvfo boost_1_64_0.tar.bz2 - cd boost_1_64_0 + wget https://sourceforge.net/projects/boost/files/boost/1.72.0/boost_1_72_0.tar.bz2 + tar xvfo boost_1_72_0.tar.bz2 + cd boost_1_72_0 ./bootstrap.sh sudo ./b2 ``` From 6079042ccefe7d93cf6a09007c068aa0c9a8978c Mon Sep 17 00:00:00 2001 From: Martijn Otto Date: Wed, 11 Mar 2020 09:28:02 +0100 Subject: [PATCH 2/2] Use boost::asio::ssl::context::sslv23 for backwards compatibility All the insecure protocols that this enables are then disabled, so they cannot be actually used. The end-result is the same. --- contrib/epee/src/net_ssl.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/epee/src/net_ssl.cpp b/contrib/epee/src/net_ssl.cpp index 946499129..d7bb62049 100644 --- a/contrib/epee/src/net_ssl.cpp +++ b/contrib/epee/src/net_ssl.cpp @@ -289,7 +289,9 @@ ssl_options_t::ssl_options_t(std::vector> fingerprints boost::asio::ssl::context ssl_options_t::create_context() const { - boost::asio::ssl::context ssl_context{boost::asio::ssl::context::tls}; + // note: this enables a lot of old and insecure protocols, which we + // promptly disable below - if the result is actually used + boost::asio::ssl::context ssl_context{boost::asio::ssl::context::sslv23}; if (!bool(*this)) return ssl_context;