--- /dev/null
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Tue, 19 Apr 2016 21:32:07 +0200
+Subject: [PATCH] consider OPENSSL_NO_SSL3
+
+and avoid using SSLv3 code when not provided by openssl.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ ck_ssl.c | 8 ++++++++
+ ckcftp.c | 5 +++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/ck_ssl.c b/ck_ssl.c
+index 428fb7ca6f98..3640d8f07fa8 100644
+--- a/ck_ssl.c
++++ b/ck_ssl.c
+@@ -1579,7 +1579,9 @@ ssl_tn_init(mode) int mode;
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+ ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
++#endif
+ }
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+@@ -1593,7 +1595,9 @@ ssl_tn_init(mode) int mode;
+ /* This can fail because we do not have RSA available */
+ if ( !tls_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+ tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
++#endif
+ }
+ #endif /* COMMENT */
+ if ( !tls_ctx ) {
+@@ -1611,7 +1615,9 @@ ssl_tn_init(mode) int mode;
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+ ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
++#endif
+ }
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+@@ -2161,7 +2167,9 @@ ssl_http_init(hostname) char * hostname;
+ /* This can fail because we do not have RSA available */
+ if ( !tls_http_ctx ) {
+ debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+ tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
++#endif
+ }
+ #endif /* COMMENT */
+ if ( !tls_http_ctx ) {
+diff --git a/ckcftp.c b/ckcftp.c
+index 66c7940dedc2..d718323faac4 100644
+--- a/ckcftp.c
++++ b/ckcftp.c
+@@ -10195,6 +10195,7 @@ ssl_auth() {
+ #ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
+ #endif
++#ifndef OPENSSL_NO_SSL3
+ if (auth_type && !strcmp(auth_type,"TLS")) {
+ ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
+ if (!ssl_ftp_ctx)
+@@ -10205,6 +10206,10 @@ ssl_auth() {
+ } else {
+ ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() :
+ SSLv3_client_method());
++#else
++ {
++ ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
++#endif
+ if (!ssl_ftp_ctx)
+ return(0);
+ SSL_CTX_set_options(ssl_ftp_ctx,
+--
+2.8.0.rc3
+
--- /dev/null
+--- ckermit-8.0.211/ckucmd.c~ 2004-01-07 19:04:04.000000000 +0100
++++ ckermit-8.0.211/ckucmd.c 2018-09-15 22:40:21.511061428 +0200
+@@ -7115,7 +7115,6 @@ cmdconchk() {
+ #ifdef NOARROWKEYS
+ debug(F101,"cmdconchk NOARROWKEYS x","",0);
+ #else
+- debug(F101,"cmdconchk stdin->_cnt","",stdin->_cnt);
+ x = stdin->_cnt;
+ #endif /* NOARROWKEYS */
+ #endif /* VMS */
+@@ -7123,7 +7122,6 @@ cmdconchk() {
+ if (x < 0) x = 0;
+ #else /* USE_FILE_CNT */
+ #ifdef USE_FILE__CNT /* HP-UX */
+- debug(F101,"cmdconchk stdin->__cnt","",stdin->__cnt);
+ x = stdin->__cnt;
+ if (x == 0) x = conchk();
+ if (x < 0) x = 0;
projects / packages / ckermit.git / commitdiff