diff options
Diffstat (limited to 'ACE/debian/patches/93-no-sslv3.diff')
| -rw-r--r-- | ACE/debian/patches/93-no-sslv3.diff | 185 |
1 files changed, 185 insertions, 0 deletions
diff --git a/ACE/debian/patches/93-no-sslv3.diff b/ACE/debian/patches/93-no-sslv3.diff new file mode 100644 index 00000000000..d462d59f0d3 --- /dev/null +++ b/ACE/debian/patches/93-no-sslv3.diff @@ -0,0 +1,185 @@ +diffACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp +index 9212ffe..95cd66b 100644 +Index: ace-6.3.2+dfsg/ace/SSL/SSL_Context.cpp +=================================================================== +--- ace-6.3.2+dfsg.orig/ace/SSL/SSL_Context.cpp ++++ ace-6.3.2+dfsg/ace/SSL/SSL_Context.cpp +@@ -238,26 +238,6 @@ ACE_SSL_Context::set_mode (int mode) + + switch (mode) + { +-#if !defined (OPENSSL_NO_SSL2) +- case ACE_SSL_Context::SSLv2_client: +- method = ::SSLv2_client_method (); +- break; +- case ACE_SSL_Context::SSLv2_server: +- method = ::SSLv2_server_method (); +- break; +- case ACE_SSL_Context::SSLv2: +- method = ::SSLv2_method (); +- break; +-#endif /* OPENSSL_NO_SSL2 */ +- case ACE_SSL_Context::SSLv3_client: +- method = ::SSLv3_client_method (); +- break; +- case ACE_SSL_Context::SSLv3_server: +- method = ::SSLv3_server_method (); +- break; +- case ACE_SSL_Context::SSLv3: +- method = ::SSLv3_method (); +- break; + case ACE_SSL_Context::SSLv23_client: + method = ::SSLv23_client_method (); + break; +@@ -267,39 +247,8 @@ ACE_SSL_Context::set_mode (int mode) + case ACE_SSL_Context::SSLv23: + method = ::SSLv23_method (); + break; +- case ACE_SSL_Context::TLSv1_client: +- method = ::TLSv1_client_method (); +- break; +- case ACE_SSL_Context::TLSv1_server: +- method = ::TLSv1_server_method (); +- break; +- case ACE_SSL_Context::TLSv1: +- method = ::TLSv1_method (); +- break; +-#if defined(TLS1_1_VERSION) && (TLS_MAX_VERSION >= TLS1_1_VERSION) +- case ACE_SSL_Context::TLSv1_1_client: +- method = ::TLSv1_1_client_method (); +- break; +- case ACE_SSL_Context::TLSv1_1_server: +- method = ::TLSv1_1_server_method (); +- break; +- case ACE_SSL_Context::TLSv1_1: +- method = ::TLSv1_1_method (); +- break; +-#endif +-#if defined(TLS1_2_VERSION) && (TLS_MAX_VERSION >= TLS1_2_VERSION) +- case ACE_SSL_Context::TLSv1_2_client: +- method = ::TLSv1_2_client_method (); +- break; +- case ACE_SSL_Context::TLSv1_2_server: +- method = ::TLSv1_2_server_method (); +- break; +- case ACE_SSL_Context::TLSv1_2: +- method = ::TLSv1_2_method (); +- break; +-#endif + default: +- method = ::SSLv3_method (); ++ method = ::SSLv23_method (); + break; + } + +@@ -485,16 +434,7 @@ ACE_SSL_Context::load_trusted_ca (const + + // For TLS/SSL servers scan all certificates in ca_file and ca_dir and + // list them as acceptable CAs when requesting a client certificate. +- if (mode_ == SSLv23 +- || mode_ == SSLv23_server +- || mode_ == TLSv1 +- || mode_ == TLSv1_server +-#if !defined (OPENSSL_NO_SSL2) +- || mode_ == SSLv2 +- || mode_ == SSLv2_server +-#endif /* !OPENSSL_NO_SSL2 */ +- || mode_ == SSLv3 +- || mode_ == SSLv3_server) ++ if (mode_ == SSLv23 || mode_ == SSLv23_server) + { + // Note: The STACK_OF(X509_NAME) pointer is a copy of the pointer in + // the CTX; any changes to it by way of these function calls will +Index: ace-6.3.2+dfsg/ace/SSL/SSL_Context.h +=================================================================== +--- ace-6.3.2+dfsg.orig/ace/SSL/SSL_Context.h ++++ ace-6.3.2+dfsg/ace/SSL/SSL_Context.h +@@ -104,26 +104,9 @@ public: + + enum { + INVALID_METHOD = -1, +-#if !defined (OPENSSL_NO_SSL2) +- SSLv2_client = 1, +- SSLv2_server, +- SSLv2, +-#endif /* !OPENSSL_NO_SSL2 */ +- SSLv3_client = 4, +- SSLv3_server, +- SSLv3, + SSLv23_client, + SSLv23_server, + SSLv23, +- TLSv1_client, +- TLSv1_server, +- TLSv1, +- TLSv1_1_client, +- TLSv1_1_server, +- TLSv1_1, +- TLSv1_2_client, +- TLSv1_2_server, +- TLSv1_2 + }; + + /// Constructor +Index: ace-6.3.2+dfsg/protocols/ace/INet/HTTPS_Context.cpp +=================================================================== +--- ace-6.3.2+dfsg.orig/protocols/ace/INet/HTTPS_Context.cpp ++++ ace-6.3.2+dfsg/protocols/ace/INet/HTTPS_Context.cpp +@@ -16,7 +16,7 @@ namespace ACE + namespace HTTPS + { + +- int Context::ssl_mode_ = ACE_SSL_Context::SSLv3; ++ int Context::ssl_mode_ = ACE_SSL_Context::SSLv23; + bool Context::ssl_strict_ = false; + bool Context::ssl_once_ = true; + int Context::ssl_depth_ = 0; +Index: ace-6.3.2+dfsg/protocols/examples/INet/HTTP_Simple_exec.cpp +=================================================================== +--- ace-6.3.2+dfsg.orig/protocols/examples/INet/HTTP_Simple_exec.cpp ++++ ace-6.3.2+dfsg/protocols/examples/INet/HTTP_Simple_exec.cpp +@@ -16,7 +16,7 @@ u_short proxy_port = ACE::HTTP::URL::HTT + ACE_CString url; + ACE_CString outfile; + #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1 +-int ssl_mode = ACE_SSL_Context::SSLv3; ++int ssl_mode = ACE_SSL_Context::SSLv23; + bool verify_peer = true; + bool ignore_verify = false; + ACE_CString certificate; +@@ -33,11 +33,6 @@ usage (void) + std::cout << "\t-p <port> \t\tproxy port to connect to\n"; + std::cout << "\t-o <filename> \t\tfile to write output to\n"; + #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1 +- std::cout << "\t-v <ssl version>\t\tSSL version to use: "; +-#if !defined (OPENSSL_NO_SSL2) +- std::cout << "2, "; +-#endif /* OPENSSL_NO_SSL2 */ +- std::cout << "23, 3\n"; + std::cout << "\t-n \t\tno peer certificate verification\n"; + std::cout << "\t-i \t\tignore peer certificate verification failures\n"; + std::cout << "\t-c <filename> \t\tcertificate file (PEM format)\n"; +@@ -77,23 +72,6 @@ parse_args (int argc, ACE_TCHAR *argv [] + break; + + #if defined (ACE_HAS_SSL) && ACE_HAS_SSL == 1 +- case 'v': +- { +- ACE_CString ver = ACE_TEXT_ALWAYS_CHAR (get_opt.opt_arg ()); +- if (ver == "23") +- ssl_mode = ACE_SSL_Context::SSLv23; +-#if !defined (OPENSSL_NO_SSL2) +- else if (ver == "2") +- ssl_mode = ACE_SSL_Context::SSLv2; +-#endif /* ! OPENSSL_NO_SSL2*/ +- else if (ver != "3") // default mode +- { +- std::cerr << "ERROR: Invalid SSL mode [" << ver << "] specfied!" << std::endl; +- return false; +- } +- } +- break; +- + case 'n': + verify_peer = false; + break; |