$OpenBSD: patch-kcontrol_crypto_crypto_cpp,v 1.3 2012/06/28 18:52:18 jasper Exp $ Allow building against OpenSSL without SSLv2 support. --- kcontrol/crypto/crypto.cpp.orig Sun Oct 1 13:31:49 2006 +++ kcontrol/crypto/crypto.cpp Thu Jun 28 01:46:27 2012 @@ -272,33 +272,14 @@ QString whatstr; " replaced SSL in protocols such as POP3 and SMTP."); QWhatsThis::add(mUseTLS, whatstr); - mUseSSLv2 = new QCheckBox(i18n("Enable SSLv&2"), tabSSL); - connect(mUseSSLv2, SIGNAL(clicked()), SLOT(configChanged())); - grid->addWidget(mUseSSLv2, 1, 0); - whatstr = i18n("SSL v2 is the second revision of the SSL protocol." - " It is most common to enable v2 and v3."); - QWhatsThis::add(mUseSSLv2, whatstr); - mUseSSLv3 = new QCheckBox(i18n("Enable SSLv&3"), tabSSL); connect(mUseSSLv3, SIGNAL(clicked()), SLOT(configChanged())); grid->addWidget(mUseSSLv3, 1, 1); whatstr = i18n("SSL v3 is the third revision of the SSL protocol." - " It is most common to enable v2 and v3."); + " It is most common to enable v3."); QWhatsThis::add(mUseSSLv3, whatstr); -#ifdef HAVE_SSL - SSLv2Box = new QListView(tabSSL, "v2ciphers"); - (void) SSLv2Box->addColumn(i18n("SSLv2 Ciphers to Use")); - whatstr = i18n("Select the ciphers you wish to enable when using the" - " SSL v2 protocol. The actual protocol used will be" - " negotiated with the server at connection time."); - QWhatsThis::add(SSLv2Box, whatstr); - SSLv2Box->setSelectionMode(QListView::NoSelection); - - grid->addWidget( SSLv2Box, 2, 0 ); - connect( mUseSSLv2, SIGNAL( toggled( bool ) ), - SSLv2Box, SLOT( setEnabled( bool ))); -#else +#ifndef HAVE_SSL QLabel *nossllabel = new QLabel(i18n("SSL ciphers cannot be configured" " because this module was not linked" " with OpenSSL."), tabSSL); @@ -876,9 +857,6 @@ void KCryptoConfig::load( bool useDefaults ) config->setGroup("TLS"); mUseTLS->setChecked(config->readBoolEntry("Enabled", true)); - config->setGroup("SSLv2"); - mUseSSLv2->setChecked(config->readBoolEntry("Enabled", true)); - config->setGroup("SSLv3"); mUseSSLv3->setChecked(config->readBoolEntry("Enabled", true)); @@ -913,23 +891,14 @@ void KCryptoConfig::load( bool useDefaults ) oPath->setURL(config->readPathEntry("Path")); #endif - config->setGroup("SSLv2"); - CipherItem *item = static_cast(SSLv2Box->firstChild()); - while ( item ) { - item->setOn(config->readBoolEntry(item->configName(), - item->bits() >= 56)); - item = static_cast(item->nextSibling()); - } - config->setGroup("SSLv3"); - item = static_cast(SSLv3Box->firstChild()); + CipherItem *item = static_cast(SSLv3Box->firstChild()); while ( item ) { item->setOn(config->readBoolEntry(item->configName(), item->bits() >= 56)); item = static_cast(item->nextSibling()); } - SSLv2Box->setEnabled( mUseSSLv2->isChecked() ); SSLv3Box->setEnabled( mUseSSLv3->isChecked() ); QStringList groups = policies->groupList(); @@ -1030,8 +999,7 @@ void KCryptoConfig::load( bool useDefaults ) void KCryptoConfig::save() { #ifdef HAVE_SSL - if (!mUseSSLv2->isChecked() && - !mUseSSLv3->isChecked()) + if (!mUseSSLv3->isChecked()) KMessageBox::information(this, i18n("If you do not select at least one" " SSL algorithm, either SSL will not" " work or the application may be" @@ -1041,9 +1009,6 @@ void KCryptoConfig::save() config->setGroup("TLS"); config->writeEntry("Enabled", mUseTLS->isChecked()); - config->setGroup("SSLv2"); - config->writeEntry("Enabled", mUseSSLv2->isChecked()); - config->setGroup("SSLv3"); config->writeEntry("Enabled", mUseSSLv3->isChecked()); @@ -1072,25 +1037,8 @@ void KCryptoConfig::save() #endif int ciphercount = 0; - config->setGroup("SSLv2"); - CipherItem *item = static_cast(SSLv2Box->firstChild()); - while ( item ) { - if (item->isOn()) { - config->writeEntry(item->configName(), true); - ciphercount++; - } else config->writeEntry(item->configName(), false); - - item = static_cast(item->nextSibling()); - } - - if (mUseSSLv2->isChecked() && ciphercount == 0) - KMessageBox::information(this, i18n("If you do not select at least one" - " cipher, SSLv2 will not work."), - i18n("SSLv2 Ciphers")); - - ciphercount = 0; config->setGroup("SSLv3"); - item = static_cast(SSLv3Box->firstChild()); + CipherItem *item = static_cast(SSLv3Box->firstChild()); while ( item ) { if (item->isOn()) { config->writeEntry(item->configName(), true); @@ -1251,18 +1199,12 @@ void KCryptoConfig::slotSelectCipher(int id) { void KCryptoConfig::cwCompatible() { #ifdef HAVE_SSL CipherItem *item; - for ( item = static_cast(SSLv2Box->firstChild()); item; - item = static_cast(item->nextSibling()) ) { - item->setOn( item->bits() >= 56 && item->bits() <= 128 ); - } - for ( item = static_cast(SSLv3Box->firstChild()); item; item = static_cast(item->nextSibling()) ) { item->setOn( item->bits() >= 56 && item->bits() <= 128 ); } mUseTLS->setChecked(true); - mUseSSLv2->setChecked(true); mUseSSLv3->setChecked(true); configChanged(); #endif @@ -1272,11 +1214,6 @@ void KCryptoConfig::cwCompatible() { void KCryptoConfig::cwUS() { #ifdef HAVE_SSL CipherItem *item; - for ( item = static_cast(SSLv2Box->firstChild()); item; - item = static_cast(item->nextSibling()) ) { - item->setOn( item->bits() >= 128 ); - } - for ( item = static_cast(SSLv3Box->firstChild()); item; item = static_cast(item->nextSibling()) ) { item->setOn( item->bits() >= 128 ); @@ -1290,11 +1227,6 @@ void KCryptoConfig::cwUS() { void KCryptoConfig::cwExp() { #ifdef HAVE_SSL CipherItem *item; - for ( item = static_cast(SSLv2Box->firstChild()); item; - item = static_cast(item->nextSibling()) ) { - item->setOn( item->bits() <= 56 && item->bits() > 0); - } - for ( item = static_cast(SSLv3Box->firstChild()); item; item = static_cast(item->nextSibling()) ) { item->setOn( item->bits() <= 56 && item->bits() > 0); @@ -1308,18 +1240,12 @@ void KCryptoConfig::cwExp() { void KCryptoConfig::cwAll() { #ifdef HAVE_SSL CipherItem *item; - for ( item = static_cast(SSLv2Box->firstChild()); item; - item = static_cast(item->nextSibling()) ) { - item->setOn( true ); - } - for ( item = static_cast(SSLv3Box->firstChild()); item; item = static_cast(item->nextSibling()) ) { item->setOn( true ); } mUseTLS->setChecked(true); - mUseSSLv2->setChecked(true); mUseSSLv3->setChecked(true); configChanged(); #endif @@ -2321,12 +2247,11 @@ bool KCryptoConfig::loadCiphers() { unsigned int i; SSL_CTX *ctx; SSL *ssl; -SSL_METHOD *meth; +const SSL_METHOD *meth; - SSLv2Box->clear(); SSLv3Box->clear(); - meth = SSLv2_client_method(); + meth = SSLv3_client_method(); SSLeay_add_ssl_algorithms(); ctx = SSL_CTX_new(meth); if (ctx == NULL) return false; @@ -2337,35 +2262,7 @@ SSL_METHOD *meth; CipherItem *item; for (i=0; ; i++) { int j, k; - SSL_CIPHER *sc; - sc = (meth->get_cipher)(i); - if (!sc) - break; - // Leak of sc*? - QString scn(sc->name); - if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) { - continue; - } - k = SSL_CIPHER_get_bits(sc, &j); - - item = new CipherItem( SSLv2Box, sc->name, k, j, this ); - } - - if (ctx) SSL_CTX_free(ctx); - if (ssl) SSL_free(ssl); - - // We repeat for SSLv3 - meth = SSLv3_client_method(); - SSLeay_add_ssl_algorithms(); - ctx = SSL_CTX_new(meth); - if (ctx == NULL) return false; - - ssl = SSL_new(ctx); - if (!ssl) return false; - - for (i=0; ; i++) { - int j, k; - SSL_CIPHER *sc; + const SSL_CIPHER *sc; sc = (meth->get_cipher)(i); if (!sc) break;