From 6742cf6b0b70238c9b02e3ebeb457d732a3103da Mon Sep 17 00:00:00 2001
From: sthen <sthen@openbsd.org>
Date: Sat, 18 Jul 2015 21:32:20 +0000
Subject: [PATCH] guard SSLv3_method

---
 .../patch-src_lib_ecore_con_ecore_con_ssl_c   | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 x11/e17/ecore/patches/patch-src_lib_ecore_con_ecore_con_ssl_c

diff --git a/x11/e17/ecore/patches/patch-src_lib_ecore_con_ecore_con_ssl_c b/x11/e17/ecore/patches/patch-src_lib_ecore_con_ecore_con_ssl_c
new file mode 100644
index 00000000000..40502303ac8
--- /dev/null
+++ b/x11/e17/ecore/patches/patch-src_lib_ecore_con_ecore_con_ssl_c
@@ -0,0 +1,34 @@
+$OpenBSD: patch-src_lib_ecore_con_ecore_con_ssl_c,v 1.1 2015/07/18 21:32:20 sthen Exp $
+--- src/lib/ecore_con/ecore_con_ssl.c.orig	Sat Jul 18 15:12:36 2015
++++ src/lib/ecore_con/ecore_con_ssl.c	Sat Jul 18 15:31:39 2015
+@@ -1556,8 +1556,14 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server
+    if (ssl_type & ECORE_CON_USE_SSL2)
+      return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
+ 
++#ifdef OPENSSL_NO_SSL3
++   if (ssl_type & ECORE_CON_USE_SSL3)
++     return ECORE_CON_SSL_ERROR_NOT_SUPPORTED;
++#endif
++
+    switch (ssl_type)
+      {
++#ifndef OPENSSL_NO_SSL3
+       case ECORE_CON_USE_SSL3:
+       case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
+         if (!svr->created)
+@@ -1565,9 +1571,15 @@ _ecore_con_ssl_server_prepare_openssl(Ecore_Con_Server
+         else
+           SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(SSLv3_server_method())));
+         break;
++#endif
+ 
+       case ECORE_CON_USE_TLS:
+       case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
++	/*
++	 * XXX TLSv1_method restricts to TLSv1.0 only (disabling 1.1+).
++	 * SSLv23_method allows 1.1+ also, but requires options to be set
++	 * in order to disable SSLv2/3.
++	 */
+         if (!svr->created)
+           SSL_ERROR_CHECK_GOTO_ERROR(!(svr->ssl_ctx = SSL_CTX_new(TLSv1_client_method())));
+         else