diff options
author | Johnny Willemsen <jwillemsen@remedy.nl> | 2012-11-07 13:52:17 +0000 |
---|---|---|
committer | Johnny Willemsen <jwillemsen@remedy.nl> | 2012-11-07 13:52:17 +0000 |
commit | b90f360effa2927abb665a27b53f7050003c101f (patch) | |
tree | b44cc20f25f0ef2f5961b12803cdd203fa5c16e9 /ACE | |
parent | b2282f3411c390c1e531d11e5b852a9717dfdd2d (diff) | |
download | ATCD-b90f360effa2927abb665a27b53f7050003c101f.tar.gz |
Wed Nov 7 13:51:14 UTC 2012 Johnny Willemsen <jwillemsen@remedy.nl>
* ace/SSL/SSL_Context.h:
* ace/SSL/SSL_Context.cpp:
* protocols/ace/INet/HTTP_Simple_exec.cpp:
Resolve compile problems with OpenSSL on recent debian/ubuntu
versions which don't ship SSLv2 anymore
* debian/patches/series:
* debian/patches/35_disable_sslv2.diff:
Patch is not needed anymore
Diffstat (limited to 'ACE')
-rw-r--r-- | ACE/ChangeLog | 12 | ||||
-rw-r--r-- | ACE/ace/SSL/SSL_Context.cpp | 10 | ||||
-rw-r--r-- | ACE/ace/SSL/SSL_Context.h | 4 | ||||
-rw-r--r-- | ACE/debian/patches/35_disable_sslv2.diff | 114 | ||||
-rw-r--r-- | ACE/debian/patches/series | 1 | ||||
-rw-r--r-- | ACE/protocols/ace/INet/HTTP_Simple_exec.cpp | 14 |
6 files changed, 32 insertions, 123 deletions
diff --git a/ACE/ChangeLog b/ACE/ChangeLog index 6c8c04ffc16..d2fc8979b69 100644 --- a/ACE/ChangeLog +++ b/ACE/ChangeLog @@ -1,3 +1,15 @@ +Wed Nov 7 13:51:14 UTC 2012 Johnny Willemsen <jwillemsen@remedy.nl> + + * ace/SSL/SSL_Context.h: + * ace/SSL/SSL_Context.cpp: + * protocols/ace/INet/HTTP_Simple_exec.cpp: + Resolve compile problems with OpenSSL on recent debian/ubuntu + versions which don't ship SSLv2 anymore + + * debian/patches/series: + * debian/patches/35_disable_sslv2.diff: + Patch is not needed anymore + Sat Oct 20 14:13:07 UTC 2012 Douglas C. Schmidt <schmidt@dre.vanderbilt.edu> * ace/Timer_Hash_T.h: Added a forward declaration of diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp index cca47377cde..4da213484a7 100644 --- a/ACE/ace/SSL/SSL_Context.cpp +++ b/ACE/ace/SSL/SSL_Context.cpp @@ -236,6 +236,7 @@ ACE_SSL_Context::set_mode (int mode) switch (mode) { +#if !defined (OPENSSL_NO_SSL2) case ACE_SSL_Context::SSLv2_client: method = ::SSLv2_client_method (); break; @@ -245,6 +246,7 @@ ACE_SSL_Context::set_mode (int mode) case ACE_SSL_Context::SSLv2: method = ::SSLv2_method (); break; +#endif /* OPENSSL_NO_SSL2 */ case ACE_SSL_Context::SSLv3_client: method = ::SSLv3_client_method (); break; @@ -339,10 +341,12 @@ ACE_SSL_Context::load_trusted_ca (const char* ca_file, || mode_ == SSLv23_server || mode_ == TLSv1 || mode_ == TLSv1_server - || mode_ == SSLv3 - || mode_ == SSLv3_server +#if !defined (OPENSSL_NO_SSL2) || mode_ == SSLv2 - || mode_ == SSLv2_server) + || mode_ == SSLv2_server +#endif /* !OPENSSL_NO_SSL2 */ + || mode_ == SSLv3 + || mode_ == SSLv3_server) { // Note: The STACK_OF(X509_NAME) pointer is a copy of the pointer in // the CTX; any changes to it by way of these function calls will diff --git a/ACE/ace/SSL/SSL_Context.h b/ACE/ace/SSL/SSL_Context.h index 438fb19eb81..252613d389a 100644 --- a/ACE/ace/SSL/SSL_Context.h +++ b/ACE/ace/SSL/SSL_Context.h @@ -104,10 +104,12 @@ public: enum { INVALID_METHOD = -1, +#if !defined (OPENSSL_NO_SSL2) SSLv2_client = 1, SSLv2_server, SSLv2, - SSLv3_client, +#endif /* !OPENSSL_NO_SSL2 */ + SSLv3_client = 4, SSLv3_server, SSLv3, SSLv23_client, diff --git a/ACE/debian/patches/35_disable_sslv2.diff b/ACE/debian/patches/35_disable_sslv2.diff deleted file mode 100644 index efa0461cc6c..00000000000 --- a/ACE/debian/patches/35_disable_sslv2.diff +++ /dev/null @@ -1,114 +0,0 @@ -Description: SSLv2 was disabled in Debian in OpenSSL 1.0.0d, remove it from ACE too -Forwarded: yes -Author: Pau Garcia i Quiles <pgquiles@elpauer.org> -Last-Update: 2011-04-26 - ---- a/ace/SSL/SSL_Context.cpp -+++ b/ace/SSL/SSL_Context.cpp -@@ -236,15 +236,6 @@ ACE_SSL_Context::set_mode (int mode) - - switch (mode) - { -- case ACE_SSL_Context::SSLv2_client: -- method = ::SSLv2_client_method (); -- break; -- case ACE_SSL_Context::SSLv2_server: -- method = ::SSLv2_server_method (); -- break; -- case ACE_SSL_Context::SSLv2: -- method = ::SSLv2_method (); -- break; - case ACE_SSL_Context::SSLv3_client: - method = ::SSLv3_client_method (); - break; -@@ -254,15 +245,6 @@ ACE_SSL_Context::set_mode (int mode) - case ACE_SSL_Context::SSLv3: - method = ::SSLv3_method (); - break; -- case ACE_SSL_Context::SSLv23_client: -- method = ::SSLv23_client_method (); -- break; -- case ACE_SSL_Context::SSLv23_server: -- method = ::SSLv23_server_method (); -- break; -- case ACE_SSL_Context::SSLv23: -- method = ::SSLv23_method (); -- break; - case ACE_SSL_Context::TLSv1_client: - method = ::TLSv1_client_method (); - break; -@@ -335,14 +317,10 @@ ACE_SSL_Context::load_trusted_ca (const - - // For TLS/SSL servers scan all certificates in ca_file and ca_dir and - // list them as acceptable CAs when requesting a client certificate. -- if (mode_ == SSLv23 -- || mode_ == SSLv23_server -- || mode_ == TLSv1 -+ if (mode_ == TLSv1 - || mode_ == TLSv1_server - || mode_ == SSLv3 -- || mode_ == SSLv3_server -- || mode_ == SSLv2 -- || mode_ == SSLv2_server) -+ || mode_ == SSLv3_server) - { - // Note: The STACK_OF(X509_NAME) pointer is a copy of the pointer in - // the CTX; any changes to it by way of these function calls will ---- a/ace/SSL/SSL_Context.h -+++ b/ace/SSL/SSL_Context.h -@@ -82,16 +82,16 @@ public: - - enum { - INVALID_METHOD = -1, -- SSLv2_client = 1, -+/* SSLv2_client = 1, - SSLv2_server, -- SSLv2, -- SSLv3_client, -+ SSLv2, */ -+ SSLv3_client = 4, - SSLv3_server, - SSLv3, -- SSLv23_client, -+/* SSLv23_client, - SSLv23_server, -- SSLv23, -- TLSv1_client, -+ SSLv23, */ -+ TLSv1_client = 10, - TLSv1_server, - TLSv1 - }; -@@ -114,7 +114,7 @@ public: - * If the mode is not set, then the class automatically initializes - * itself to the default mode. - */ -- int set_mode (int mode = ACE_SSL_Context::SSLv23); -+ int set_mode (int mode = ACE_SSL_Context::SSLv3); - - int get_mode (void) const; - ---- a/protocols/ace/INet/HTTP_Simple_exec.cpp -+++ b/protocols/ace/INet/HTTP_Simple_exec.cpp -@@ -35,7 +35,7 @@ usage (void) - std::cout << "\t-p <port> \t\tproxy port to connect to\n"; - std::cout << "\t-o <filename> \t\tfile to write output to\n"; - #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1 -- std::cout << "\t-v <ssl version>\t\tSSL version to use: 2, 23, 3\n"; -+ std::cout << "\t-v <ssl version>\t\tSSL version to use: '3' for SSLv3 or '1' for TLS 1.0\n"; - std::cout << "\t-n \t\tno peer certificate verification\n"; - std::cout << "\t-i \t\tignore peer certificate verification failures\n"; - std::cout << "\t-c <filename> \t\tcertificate file (PEM format)\n"; -@@ -78,10 +78,8 @@ parse_args (int argc, ACE_TCHAR *argv [] - case 'v': - { - ACE_CString ver = ACE_TEXT_ALWAYS_CHAR (get_opt.opt_arg ()); -- if (ver == "2") -- ssl_mode = ACE_SSL_Context::SSLv2; -- else if (ver == "23") -- ssl_mode = ACE_SSL_Context::SSLv23; -+ if (ver == "1") -+ ssl_mode = ACE_SSL_Context::TLSv1; - else if (ver != "3") // default mode - { - std::cerr << "ERROR: Invalid SSL mode [" << ver << "] specfied!" << std::endl; diff --git a/ACE/debian/patches/series b/ACE/debian/patches/series index c64bad37c0d..0cbc4d987cf 100644 --- a/ACE/debian/patches/series +++ b/ACE/debian/patches/series @@ -2,7 +2,6 @@ reduce-doxygen-doc.diff 15-fix-lzo-flags.diff 20-versioned_libs.diff 34-bts386713.diff -35_disable_sslv2.diff 90-patch-mpc-basedir.diff 91-patch-dg-basedir.diff 92-default-ACE_ROOT.diff diff --git a/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp b/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp index 65805c2c582..9dda462b99a 100644 --- a/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp +++ b/ACE/protocols/ace/INet/HTTP_Simple_exec.cpp @@ -35,7 +35,11 @@ usage (void) std::cout << "\t-p <port> \t\tproxy port to connect to\n"; std::cout << "\t-o <filename> \t\tfile to write output to\n"; #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1 - std::cout << "\t-v <ssl version>\t\tSSL version to use: 2, 23, 3\n"; + std::cout << "\t-v <ssl version>\t\tSSL version to use: "; +#if !defined (OPENSSL_NO_SSL2) + std::cout << "2, "; +#endif /* OPENSSL_NO_SSL2 */ + std::cout << "23, 3\n"; std::cout << "\t-n \t\tno peer certificate verification\n"; std::cout << "\t-i \t\tignore peer certificate verification failures\n"; std::cout << "\t-c <filename> \t\tcertificate file (PEM format)\n"; @@ -78,10 +82,12 @@ parse_args (int argc, ACE_TCHAR *argv []) case 'v': { ACE_CString ver = ACE_TEXT_ALWAYS_CHAR (get_opt.opt_arg ()); - if (ver == "2") - ssl_mode = ACE_SSL_Context::SSLv2; - else if (ver == "23") + if (ver == "23") ssl_mode = ACE_SSL_Context::SSLv23; +#if !defined (OPENSSL_NO_SSL2) + else if (ver == "2") + ssl_mode = ACE_SSL_Context::SSLv2; +#endif /* ! OPENSSL_NO_SSL2*/ else if (ver != "3") // default mode { std::cerr << "ERROR: Invalid SSL mode [" << ver << "] specfied!" << std::endl; |