From f60a92b5112efccad95c57bd251d8c19d893b9b6 Mon Sep 17 00:00:00 2001
From: "Sergio R. Caprile" <scaprile@cesanta.com>
Date: Tue, 9 Jul 2024 12:35:10 -0300
Subject: [PATCH] SSL_CTX_new can fail SSLv23_ methods deprecated

---
 mongoose.c        | 8 ++++++--
 src/tls_openssl.c | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/mongoose.c b/mongoose.c
index fbf87bfdfd..f38d37b9c2 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -12567,8 +12567,12 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
     s_initialised++;
   }
   MG_DEBUG(("%lu Setting TLS", c->id));
-  tls->ctx = c->is_client ? SSL_CTX_new(SSLv23_client_method())
-                          : SSL_CTX_new(SSLv23_server_method());
+  tls->ctx = c->is_client ? SSL_CTX_new(TLS_client_method())
+                          : SSL_CTX_new(TLS_server_method());
+  if (tls->ctx == NULL) {
+    mg_error(c, "SSL_CTX_new");
+    goto fail;
+  }
 #ifdef MG_TLS_SSLKEYLOGFILE
   SSL_CTX_set_keylog_callback(tls->ctx, ssl_keylog_cb);
 #endif
diff --git a/src/tls_openssl.c b/src/tls_openssl.c
index aaf703fc69..d19d7764b6 100644
--- a/src/tls_openssl.c
+++ b/src/tls_openssl.c
@@ -134,8 +134,12 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
     s_initialised++;
   }
   MG_DEBUG(("%lu Setting TLS", c->id));
-  tls->ctx = c->is_client ? SSL_CTX_new(SSLv23_client_method())
-                          : SSL_CTX_new(SSLv23_server_method());
+  tls->ctx = c->is_client ? SSL_CTX_new(TLS_client_method())
+                          : SSL_CTX_new(TLS_server_method());
+  if (tls->ctx == NULL) {
+    mg_error(c, "SSL_CTX_new");
+    goto fail;
+  }
 #ifdef MG_TLS_SSLKEYLOGFILE
   SSL_CTX_set_keylog_callback(tls->ctx, ssl_keylog_cb);
 #endif