From 1f4804f98759460c62aa5923596a847228daa371 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
Date: Fri, 28 Sep 2018 14:07:48 +0200
Subject: [PATCH] - rel 23; disable ssl v2/3

---
 openssl.patch | 30 ++++++++++++++++++++++++++++++
 php.spec      |  3 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/openssl.patch b/openssl.patch
index 7abb957..d054a1b 100644
--- a/openssl.patch
+++ b/openssl.patch
@@ -974,3 +974,33 @@ diff -ur php-5.4.45/ext/openssl.org/openssl.c php-5.4.45/ext/openssl/openssl.c
  
  	if (len >= 0) {
  		data[len] = 0;
+--- php-5.4.45/ext/openssl/xp_ssl.c~	2015-09-01 22:09:37.000000000 +0200
++++ php-5.4.45/ext/openssl/xp_ssl.c	2018-09-28 14:06:51.890385590 +0200
+@@ -339,8 +339,13 @@ static inline int php_openssl_setup_cryp
+ 			break;
+ #endif
+ 		case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
++#ifdef OPENSSL_NO_SSL3
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
++			return -1;
++#else
+ 			sslsock->is_client = 1;
+ 			method = SSLv3_client_method();
++#endif
+ 			break;
+ 		case STREAM_CRYPTO_METHOD_TLS_CLIENT:
+ 			sslsock->is_client = 1;
+@@ -351,8 +356,13 @@ static inline int php_openssl_setup_cryp
+ 			method = SSLv23_server_method();
+ 			break;
+ 		case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
++#ifdef OPENSSL_NO_SSL3
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
++			return -1;
++#else
+ 			sslsock->is_client = 0;
+ 			method = SSLv3_server_method();
++#endif
+ 			break;
+ 		case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
+ #ifdef OPENSSL_NO_SSL2
diff --git a/php.spec b/php.spec
index a50c838..8eed496 100644
--- a/php.spec
+++ b/php.spec
@@ -138,7 +138,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	22
+%define		rel	23
 %define		orgname	php
 %define		ver_suffix 54
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -2203,6 +2203,7 @@ for sapi in $sapis; do
 	esac
 
 	%configure \
+	CFLAGS="%{rpmcflags} -DOPENSSL_NO_SSL2=1 -DOPENSSL_NO_SSL3=1" \
 	EXTRA_LDFLAGS="%{rpmldflags}" \
 	$sapi_args \
 %if "%{!?configure_cache:0}%{?configure_cache}" == "0"
-- 
2.44.0