Wed Nov 7 13:51:14 UTC 2012 Johnny Willemsen <jwillemsen@remedy.nl>

* ace/SSL/SSL_Context.h: * ace/SSL/SSL_Context.cpp: * protocols/ace/INet/HTTP_Simple_exec.cpp: Resolve compile problems with OpenSSL on recent debian/ubuntu versions which don't ship SSLv2 anymore * debian/patches/series: * debian/patches/35_disable_sslv2.diff: Patch is not needed anymore
author: Johnny Willemsen <jwillemsen@remedy.nl> 2012-11-07 13:52:17 +0000
committer: Johnny Willemsen <jwillemsen@remedy.nl> 2012-11-07 13:52:17 +0000
commit: 2e43338ba3ad4eaa4cbbc96d3704850a0696eef2 (patch)
tree: b44cc20f25f0ef2f5961b12803cdd203fa5c16e9
parent: 9462ab86ef8035465c8ea7c066c1f5e5a0912f50 (diff)
download: ATCD-2e43338ba3ad4eaa4cbbc96d3704850a0696eef2.tar.gz
6 files changed, 32 insertions, 123 deletions
diff --git a/ACE/ChangeLog b/ACE/ChangeLog
index 6c8c04ffc16..d2fc8979b69 100644
--- a/ACE/ChangeLog
+++ b/ACE/ChangeLog
@@ -1,3 +1,15 @@
+Wed Nov  7 13:51:14 UTC 2012  Johnny Willemsen  <jwillemsen@remedy.nl>
+
+        * ace/SSL/SSL_Context.h:
+        * ace/SSL/SSL_Context.cpp:
+        * protocols/ace/INet/HTTP_Simple_exec.cpp:
+          Resolve compile problems with OpenSSL on recent debian/ubuntu
+          versions which don't ship SSLv2 anymore
+
+        * debian/patches/series:
+        * debian/patches/35_disable_sslv2.diff:
+          Patch is not needed anymore
+
 Sat Oct 20 14:13:07 UTC 2012  Douglas C. Schmidt  <schmidt@dre.vanderbilt.edu>
 
         * ace/Timer_Hash_T.h: Added a forward declaration of
diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp
index cca47377cde..4da213484a7 100644
--- a/ACE/ace/SSL/SSL_Context.cpp
+++ b/ACE/ace/SSL/SSL_Context.cpp
@@ -236,6 +236,7 @@ ACE_SSL_Context::set_mode (int mode)
 
   switch (mode)
     {
+#if !defined (OPENSSL_NO_SSL2)
     case ACE_SSL_Context::SSLv2_client:
       method = ::SSLv2_client_method ();
       break;
@@ -245,6 +246,7 @@ ACE_SSL_Context::set_mode (int mode)
     case ACE_SSL_Context::SSLv2:
       method = ::SSLv2_method ();
       break;
+#endif /* OPENSSL_NO_SSL2 */
     case ACE_SSL_Context::SSLv3_client:
       method = ::SSLv3_client_method ();
       break;
@@ -339,10 +341,12 @@ ACE_SSL_Context::load_trusted_ca (const char* ca_file,
       || mode_ == SSLv23_server
       || mode_ == TLSv1
       || mode_ == TLSv1_server
-      || mode_ == SSLv3
-      || mode_ == SSLv3_server
+#if !defined (OPENSSL_NO_SSL2)
       || mode_ == SSLv2
-      || mode_ == SSLv2_server)
+      || mode_ == SSLv2_server
+#endif /* !OPENSSL_NO_SSL2 */
+      || mode_ == SSLv3
+      || mode_ == SSLv3_server)
     {
       // Note: The STACK_OF(X509_NAME) pointer is a copy of the pointer in
       // the CTX; any changes to it by way of these function calls will
diff --git a/ACE/ace/SSL/SSL_Context.h b/ACE/ace/SSL/SSL_Context.h
index 438fb19eb81..252613d389a 100644
--- a/ACE/ace/SSL/SSL_Context.h
+++ b/ACE/ace/SSL/SSL_Context.h
@@ -104,10 +104,12 @@ public:
 
   enum {
     INVALID_METHOD = -1,
+#if !defined (OPENSSL_NO_SSL2)
     SSLv2_client = 1,
     SSLv2_server,
     SSLv2,
-    SSLv3_client,
+#endif /* !OPENSSL_NO_SSL2 */
+    SSLv3_client = 4,
     SSLv3_server,
     SSLv3,
     SSLv23_client,
diff --git a/ACE/debian/patches/35_disable_sslv2.diff b/ACE/debian/patches/35_disable_sslv2.diff
deleted file mode 100644
index efa0461cc6c..00000000000
--- a/ACE/debian/patches/35_disable_sslv2.diff
+++ /dev/null
@@ -1,114 +0,0 @@
-Description: SSLv2 was disabled in Debian in OpenSSL 1.0.0d, remove it from ACE too
-Forwarded: yes
-Author: Pau Garcia i Quiles <pgquiles@elpauer.org>
-Last-Update: 2011-04-26
-
---- a/ace/SSL/SSL_Context.cpp
-+++ b/ace/SSL/SSL_Context.cpp
-@@ -236,15 +236,6 @@ ACE_SSL_Context::set_mode (int mode)
- 
-   switch (mode)
-     {
--    case ACE_SSL_Context::SSLv2_client:
--      method = ::SSLv2_client_method ();
--      break;
--    case ACE_SSL_Context::SSLv2_server:
--      method = ::SSLv2_server_method ();
--      break;
--    case ACE_SSL_Context::SSLv2:
--      method = ::SSLv2_method ();
--      break;
-     case ACE_SSL_Context::SSLv3_client:
-       method = ::SSLv3_client_method ();
-       break;
-@@ -254,15 +245,6 @@ ACE_SSL_Context::set_mode (int mode)
-     case ACE_SSL_Context::SSLv3:
-       method = ::SSLv3_method ();
-       break;
--    case ACE_SSL_Context::SSLv23_client:
--      method = ::SSLv23_client_method ();
--      break;
--    case ACE_SSL_Context::SSLv23_server:
--      method = ::SSLv23_server_method ();
--      break;
--    case ACE_SSL_Context::SSLv23:
--      method = ::SSLv23_method ();
--      break;
-     case ACE_SSL_Context::TLSv1_client:
-       method = ::TLSv1_client_method ();
-       break;
-@@ -335,14 +317,10 @@ ACE_SSL_Context::load_trusted_ca (const
- 
-   // For TLS/SSL servers scan all certificates in ca_file and ca_dir and
-   // list them as acceptable CAs when requesting a client certificate.
--  if (mode_ == SSLv23
--      || mode_ == SSLv23_server
--      || mode_ == TLSv1
-+  if (mode_ == TLSv1
-       || mode_ == TLSv1_server
-       || mode_ == SSLv3
--      || mode_ == SSLv3_server
--      || mode_ == SSLv2
--      || mode_ == SSLv2_server)
-+      || mode_ == SSLv3_server)
-     {
-       // Note: The STACK_OF(X509_NAME) pointer is a copy of the pointer in
-       // the CTX; any changes to it by way of these function calls will
---- a/ace/SSL/SSL_Context.h
-+++ b/ace/SSL/SSL_Context.h
-@@ -82,16 +82,16 @@ public:
- 
-   enum {
-     INVALID_METHOD = -1,
--    SSLv2_client = 1,
-+/*    SSLv2_client = 1,
-     SSLv2_server,
--    SSLv2,
--    SSLv3_client,
-+    SSLv2, */
-+    SSLv3_client = 4,
-     SSLv3_server,
-     SSLv3,
--    SSLv23_client,
-+/*    SSLv23_client,
-     SSLv23_server,
--    SSLv23,
--    TLSv1_client,
-+    SSLv23, */
-+    TLSv1_client = 10,
-     TLSv1_server,
-     TLSv1
-   };
-@@ -114,7 +114,7 @@ public:
-    * If the mode is not set, then the class automatically initializes
-    * itself to the default mode.
-    */
--  int set_mode (int mode = ACE_SSL_Context::SSLv23);
-+  int set_mode (int mode = ACE_SSL_Context::SSLv3);
- 
-   int get_mode (void) const;
- 
---- a/protocols/ace/INet/HTTP_Simple_exec.cpp
-+++ b/protocols/ace/INet/HTTP_Simple_exec.cpp
-@@ -35,7 +35,7 @@ usage (void)
-   std::cout << "\t-p <port>       \t\tproxy port to connect to\n";
-   std::cout << "\t-o <filename>   \t\tfile to write output to\n";
- #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1
--  std::cout << "\t-v <ssl version>\t\tSSL version to use: 2, 23, 3\n";
-+  std::cout << "\t-v <ssl version>\t\tSSL version to use: '3' for SSLv3 or '1' for TLS 1.0\n";
-   std::cout << "\t-n              \t\tno peer certificate verification\n";
-   std::cout << "\t-i              \t\tignore peer certificate verification failures\n";
-   std::cout << "\t-c <filename>   \t\tcertificate file (PEM format)\n";
-@@ -78,10 +78,8 @@ parse_args (int argc, ACE_TCHAR *argv []
-         case 'v':
-           {
-             ACE_CString ver = ACE_TEXT_ALWAYS_CHAR (get_opt.opt_arg ());
--            if (ver == "2")
--              ssl_mode = ACE_SSL_Context::SSLv2;
--            else if (ver == "23")
--              ssl_mode = ACE_SSL_Context::SSLv23;
-+            if (ver == "1")
-+              ssl_mode = ACE_SSL_Context::TLSv1;
-             else if (ver != "3") // default mode
-               {
-                 std::cerr << "ERROR: Invalid SSL mode [" << ver << "] specfied!" << std::endl;
diff --git a/ACE/debian/patches/series b/ACE/debian/patches/series
index c64bad37c0d..0cbc4d987cf 100644
--- a/ACE/debian/patches/series
+++ b/ACE/debian/patches/series
@@ -2,7 +2,6 @@ reduce-doxygen-doc.diff
 15-fix-lzo-flags.diff
 20-versioned_libs.diff
 34-bts386713.diff
-35_disable_sslv2.diff
 90-patch-mpc-basedir.diff
 91-patch-dg-basedir.diff
 92-default-ACE_ROOT.diff
diff --git a/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp b/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp
index 65805c2c582..9dda462b99a 100644
--- a/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp
+++ b/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp
@@ -35,7 +35,11 @@ usage (void)
   std::cout << "\t-p <port>       \t\tproxy port to connect to\n";
   std::cout << "\t-o <filename>   \t\tfile to write output to\n";
 #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1
-  std::cout << "\t-v <ssl version>\t\tSSL version to use: 2, 23, 3\n";
+  std::cout << "\t-v <ssl version>\t\tSSL version to use: ";
+#if !defined (OPENSSL_NO_SSL2)
+  std::cout << "2, ";
+#endif /* OPENSSL_NO_SSL2 */
+  std::cout << "23, 3\n";
   std::cout << "\t-n              \t\tno peer certificate verification\n";
   std::cout << "\t-i              \t\tignore peer certificate verification failures\n";
   std::cout << "\t-c <filename>   \t\tcertificate file (PEM format)\n";
@@ -78,10 +82,12 @@ parse_args (int argc, ACE_TCHAR *argv [])
         case 'v':
           {
             ACE_CString ver = ACE_TEXT_ALWAYS_CHAR (get_opt.opt_arg ());
-            if (ver == "2")
-              ssl_mode = ACE_SSL_Context::SSLv2;
-            else if (ver == "23")
+            if (ver == "23")
               ssl_mode = ACE_SSL_Context::SSLv23;
+#if !defined (OPENSSL_NO_SSL2)
+            else if (ver == "2")
+              ssl_mode = ACE_SSL_Context::SSLv2;
+#endif /* ! OPENSSL_NO_SSL2*/
             else if (ver != "3") // default mode
               {
                 std::cerr << "ERROR: Invalid SSL mode [" << ver << "] specfied!" << std::endl;
author	Johnny Willemsen <jwillemsen@remedy.nl>	2012-11-07 13:52:17 +0000
committer	Johnny Willemsen <jwillemsen@remedy.nl>	2012-11-07 13:52:17 +0000
commit	2e43338ba3ad4eaa4cbbc96d3704850a0696eef2 (patch)
tree	b44cc20f25f0ef2f5961b12803cdd203fa5c16e9
parent	9462ab86ef8035465c8ea7c066c1f5e5a0912f50 (diff)
download	ATCD-2e43338ba3ad4eaa4cbbc96d3704850a0696eef2.tar.gz