From 93a4f283d314782309469ff2c6d3ce8629854db3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
Date: Tue, 21 Oct 2014 14:19:48 +0200
Subject: [PATCH] sslv2/sslv3/zlib bconds; discussion about their default state
 in progress on devel lists

---
 openssl.spec | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/openssl.spec b/openssl.spec
index 9bca391..39543f5 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -3,6 +3,9 @@
 #
 # Conditional build:
 %bcond_without	tests	# don't perform "make tests"
+%bcond_with	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_with	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_with	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
 %bcond_with	purify	# Compile openssl with \-DPURIFY, useful when one wants to
 			# use valgrind debugger against openssl-linked programs
 
@@ -271,9 +274,9 @@ PERL="%{__perl}" \
 	--libdir=%{_lib} \
 	shared \
 	threads \
-	no-ssl2 \
-	no-ssl3 \
-	no-zlib \
+	%{!?with_sslv2:no-}ssl2 \
+	%{!?with_sslv3:no-}ssl3 \
+	%{!?with_zlib:no-}zlib \
 	enable-camelia \
 	enable-cms \
 	enable-idea \
-- 
2.43.0