1 From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
2 Date: Tue, 19 Apr 2016 21:32:07 +0200
3 Subject: [PATCH] consider OPENSSL_NO_SSL3
5 and avoid using SSLv3 code when not provided by openssl.
7 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
11 2 files changed, 13 insertions(+)
13 diff --git a/ck_ssl.c b/ck_ssl.c
14 index 428fb7ca6f98..3640d8f07fa8 100644
17 @@ -1579,7 +1579,9 @@ ssl_tn_init(mode) int mode;
18 /* This can fail because we do not have RSA available */
20 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
21 +#ifndef OPENSSL_NO_SSL3
22 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
26 debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
27 @@ -1593,7 +1595,9 @@ ssl_tn_init(mode) int mode;
28 /* This can fail because we do not have RSA available */
30 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
31 +#ifndef OPENSSL_NO_SSL3
32 tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
37 @@ -1611,7 +1615,9 @@ ssl_tn_init(mode) int mode;
38 /* This can fail because we do not have RSA available */
40 debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
41 +#ifndef OPENSSL_NO_SSL3
42 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
46 debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
47 @@ -2161,7 +2167,9 @@ ssl_http_init(hostname) char * hostname;
48 /* This can fail because we do not have RSA available */
49 if ( !tls_http_ctx ) {
50 debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
51 +#ifndef OPENSSL_NO_SSL3
52 tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
56 if ( !tls_http_ctx ) {
57 diff --git a/ckcftp.c b/ckcftp.c
58 index 66c7940dedc2..d718323faac4 100644
61 @@ -10195,6 +10195,7 @@ ssl_auth() {
62 #ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
63 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
65 +#ifndef OPENSSL_NO_SSL3
66 if (auth_type && !strcmp(auth_type,"TLS")) {
67 ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
69 @@ -10205,6 +10206,10 @@ ssl_auth() {
71 ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() :
72 SSLv3_client_method());
75 + ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
79 SSL_CTX_set_options(ssl_ftp_ctx,