guard SSLv3_method

x11/e17/ecore/patches/patch-src_lib_ecore_con_ecore_con_ssl_c

@@ -0,0 +1,34 @@
+$OpenBSD: patch-src_lib_ecore_con_ecore_con_ssl_c,v 1.1 2015/07/18 21:32:20 sthen Exp $
+--- src/lib/ecore_con/ecore_con_ssl.c.orig	Sat Jul 18 15:12:36 2015
++++ src/lib/ecore_con/ecore_con_ssl.c	Sat Jul 18 15:31:39 2015
+@@ -1556,8 +1556,14 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server
+    if (ssl_type & ECORE_CON_USE_SSL2)
+      return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
+ 
++#ifdef OPENSSL_NO_SSL3
++   if (ssl_type & ECORE_CON_USE_SSL3)
++     return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
++#endif
++
+    switch (ssl_type)
+      {
++#ifndef OPENSSL_NO_SSL3
+       case ECORE_CON_USE_SSL3:
+       case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
+         if (!svr->created)
+@@ -1565,9 +1571,15 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server
+         else
+           SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv3_server_method())));
+         break;
++#endif
+ 
+       case ECORE_CON_USE_TLS:
+       case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
++	/*
++	 * XXX TLSv1_method restricts to TLSv1.0 only (disabling 1.1+).
++	 * SSLv23_method allows 1.1+ also, but requires options to be set
++	 * in order to disable SSLv2/3.
++	 */
+         if (!svr->created)
+           SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(TLSv1_client_method())));
+         else