Attachment #165525 for bug #203693

Lines 3-9 Link Here

(-)Makefile (-2 / +2 lines)
3		3
4	PORTNAME= ftimes	4	PORTNAME= ftimes
5	PORTVERSION= 3.11.0	5	PORTVERSION= 3.11.0
6	PORTREVISION= 1	6	PORTREVISION= 2
7	CATEGORIES= security sysutils	7	CATEGORIES= security sysutils
8	MASTER_SITES= SF	8	MASTER_SITES= SF
9		9
Lines 53-59 Link Here
53	${WRKSRC}/tools/zipmap/zipmap	53	${WRKSRC}/tools/zipmap/zipmap
54		54
55	OPTIONS_DEFINE= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS SSL XMAGIC	55	OPTIONS_DEFINE= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS SSL XMAGIC
56	OPTIONS_DEFAULT= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS SSL XMAGIC	56	OPTIONS_DEFAULT= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS XMAGIC
57	DBM_TOOLS_DESC= Install DBM tools	57	DBM_TOOLS_DESC= Install DBM tools
58	DIG_TOOLS_DESC= Install dig tools	58	DIG_TOOLS_DESC= Install dig tools
59	FILE_HOOKS_DESC= Include file hooks support	59	FILE_HOOKS_DESC= Include file hooks support




diff -urN ftimes-3.11.0.old/src/ssl.c ftimes-3.11.0.new/src/ssl.c
--- src/ssl.c	2014-07-18 02:40:44.000000000 -0400
+++ src/ssl.c	2016-01-13 14:32:56.784443262 -0500
@@ -251,7 +251,7 @@
    *
    *********************************************************************
    */
-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
+  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
   if (psProperties->psslCTX == NULL)
   {
     ERR_error_string(ERR_get_error(), acLocalError);
@@ -262,6 +262,26 @@
   /*-
    *********************************************************************
    *
+   * Disable protocol versions that are no longer safe to use.
+   *
+   *********************************************************************
+   */
+  SSL_CTX_set_options
+  (
+    psProperties->psslCTX,
+    (
+        SSL_OP_NO_SSLv2
+      | SSL_OP_NO_SSLv3
+      | SSL_OP_NO_TLSv1
+#ifdef SSL_OP_NO_TLSv1_1
+      | SSL_OP_NO_TLSv1_1
+#endif
+    )
+  );
+
+  /*-
+   *********************************************************************
+   *
    * Setup SSL certificate verification. Load the bundled certificate
    * authorities file. A common name (CN) and a positive chain length
    * must be specified to activate PEER verification. If you want to

Return to bug 203693

Line 0 Link Here

(-)files/patch-src__ssl.c (+39 lines)
	1	diff -urN ftimes-3.11.0.old/src/ssl.c ftimes-3.11.0.new/src/ssl.c
	2	--- src/ssl.c 2014-07-18 02:40:44.000000000 -0400
	3	+++ src/ssl.c 2016-01-13 14:32:56.784443262 -0500
	4	@@ -251,7 +251,7 @@
	5	*
	6	*********************************************************************
	7	*/
	8	- psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
	9	+ psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
	10	if (psProperties->psslCTX == NULL)
	11	{
	12	ERR_error_string(ERR_get_error(), acLocalError);
	13	@@ -262,6 +262,26 @@
	14	/*-
	15	*********************************************************************
	16	*
	17	+ * Disable protocol versions that are no longer safe to use.
	18	+ *
	19	+ *********************************************************************
	20	+ */
	21	+ SSL_CTX_set_options
	22	+ (
	23	+ psProperties->psslCTX,
	24	+ (
	25	+ SSL_OP_NO_SSLv2
	26	+ \| SSL_OP_NO_SSLv3
	27	+ \| SSL_OP_NO_TLSv1
	28	+#ifdef SSL_OP_NO_TLSv1_1
	29	+ \| SSL_OP_NO_TLSv1_1
	30	+#endif
	31	+ )
	32	+ );
	33	+
	34	+ /*-
	35	+ *********************************************************************
	36	+ *
	37	* Setup SSL certificate verification. Load the bundled certificate
	38	* authorities file. A common name (CN) and a positive chain length
	39	* must be specified to activate PEER verification. If you want to