From cfab0846605d6f885914ef552f4f29f609aa4996 Mon Sep 17 00:00:00 2001
From: Alfredo Luque <alfredo@blacklab.capital>
Date: Mon, 13 Mar 2017 10:53:46 -0400
Subject: [PATCH] use fallback for older versions of boost for TLS 1.2 support

---
 CMakeLists.txt   | 7 ++++++-
 client_https.hpp | 8 +++++++-
 server_https.hpp | 8 +++++++-
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c94399b7..a2d37669 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,10 +11,15 @@ set(BOOST_COMPONENTS system thread filesystem date_time)
 if("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
     if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9)
         set(BOOST_COMPONENTS ${BOOST_COMPONENTS} regex)
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DUSE_BOOST_REGEX")
+        message("legacy GCC detected: boost regex")
+        add_definitions(-DUSE_BOOST_REGEX)
     endif()
 endif()
 find_package(Boost 1.53.0 COMPONENTS ${BOOST_COMPONENTS} REQUIRED)
+if(Boost_MINOR_VERSION LESS 58)
+    message("legacy boost detected: using TLS 1.2 workaround")
+    add_definitions(-DBOOST_TLS12_FALLBACK)
+endif()
 include_directories(SYSTEM ${Boost_INCLUDE_DIR})
 
 if(APPLE)
diff --git a/client_https.hpp b/client_https.hpp
index 248f5b1c..d9c0987d 100644
--- a/client_https.hpp
+++ b/client_https.hpp
@@ -13,7 +13,13 @@ namespace SimpleWeb {
         Client(const std::string& server_port_path, bool verify_certificate=true, 
                 const std::string& cert_file=std::string(), const std::string& private_key_file=std::string(), 
                 const std::string& verify_file=std::string()) : 
-                ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::tlsv12) {
+#ifdef BOOST_TLS12_FALLBACK
+            ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::sslv23) {
+            long disallow_ssl_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; 
+            context.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | disallow_ssl_flags);
+#else
+            ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::tlsv12) {
+#endif
             if(cert_file.size()>0 && private_key_file.size()>0) {
                 context.use_certificate_chain_file(cert_file);
                 context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
diff --git a/server_https.hpp b/server_https.hpp
index 309a5ddd..8eca905a 100644
--- a/server_https.hpp
+++ b/server_https.hpp
@@ -25,7 +25,13 @@ namespace SimpleWeb {
         }
         
         Server(const std::string& cert_file, const std::string& private_key_file, const std::string& verify_file=std::string()):
-                ServerBase<HTTPS>::ServerBase(443), context(boost::asio::ssl::context::tlsv12) {
+#ifdef BOOST_TLS12_FALLBACK
+            ServerBase<HTTPS>::ServerBase(443), context(boost::asio::ssl::context::sslv23) {
+            long disallow_ssl_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+            context.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | disallow_ssl_flags);
+#else
+            ServerBase<HTTPS>::ServerBase(443), context(boost::asio::ssl::context::tlsv12) {
+#endif
             context.use_certificate_chain_file(cert_file);
             context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);