guard SSLv3_client_method() with #ifndef OPENSSL_NO_SSL3

2015-07-18 15:43:44 +00:00 · 2015-07-18 15:43:44 +00:00 · 88a52fdf3e
commit 88a52fdf3e
parent 576adabbab
1 changed files with 25 additions and 0 deletions
--- a/net/haproxy/patches/patch-src_ssl_sock_c
+++ b/net/haproxy/patches/patch-src_ssl_sock_c
@ -0,0 +1,25 @@
+$OpenBSD: patch-src_ssl_sock_c,v 1.1 2015/07/18 15:43:44 sthen Exp $
+--- src/ssl_sock.c.orig	Sat Jul 18 09:40:46 2015
+++ src/ssl_sock.c	Sat Jul 18 09:42:45 2015
+@@ -1405,8 +1405,10 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, 
+ 		ssloptions |= SSL_OP_NO_TLSv1_2;
+ 	if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
+ 		ssloptions |= SSL_OP_NO_TICKET;
+#ifndef OPENSSL_NO_SSL3
+ 	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
+ 		SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
+#endif
+ 	if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
+ 		SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
+ #if SSL_OP_NO_TLSv1_1
+@@ -1750,8 +1752,10 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struc
+ 		options |= SSL_OP_NO_TLSv1_2;
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
+ 		options |= SSL_OP_NO_TICKET;
+#ifndef OPENSSL_NO_SSL3
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
+ 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
+#endif
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
+ 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
+ #if SSL_OP_NO_TLSv1_1