webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssl: compile with sslv2 support but disable

Browse Source 
the new default breaks the ABI so we need to compile in but
disable it with a patch.
This commit is contained in:
Arne Fitzenreiter
2016-03-02 21:31:07 +01:00
parent 5d95fd5af1
commit 353e08cd77
3 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lfs/openssl
View File

@@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
ifeq "$(MACHINE)" "i586"

18
src/patches/openssl-1.0.2g-disable-sslv2v3.patch Normal file
View File

@@ -0,0 +1,18 @@
diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
+++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
/*
- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
- * explicitly clear this option via either of SSL_CTX_clear_options() or
+ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
+ * explicitly clear these options via either of SSL_CTX_clear_options() or
* SSL_clear_options().
*/
- ret->options |= SSL_OP_NO_SSLv2;
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
return (ret);
err:

12
src/patches/openssl-disable-sslv2-sslv3.patch
View File

@@ -1,12 +0,0 @@
--- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100
+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100
@@ -1892,6 +1892,9 @@
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
return (ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);