Attachment #165527 for bug #203701

Lines 3-9 Link Here

(-)Makefile (-1 / +1 lines)
3		3
4	PORTNAME= webjob	4	PORTNAME= webjob
5	PORTVERSION= 1.9.0	5	PORTVERSION= 1.9.0
6	PORTREVISION= 1	6	PORTREVISION= 2
7	CATEGORIES= sysutils security	7	CATEGORIES= sysutils security
8	MASTER_SITES= SF	8	MASTER_SITES= SF
9		9




diff -urN webjob-1.9.0.old/src/ssl.c webjob-1.9.0.new/src/ssl.c
--- src/ssl.c	2012-01-07 02:56:14.000000000 -0500
+++ src/ssl.c	2016-01-13 14:46:53.396007393 -0500
@@ -241,7 +241,7 @@
    *
    *********************************************************************
    */
-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
+  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
   if (psProperties->psslCTX == NULL)
   {
     ERR_error_string(ERR_get_error(), acLocalError);
@@ -252,6 +252,26 @@
   /*-
    *********************************************************************
    *
+   * Disable protocol versions that are no longer safe to use.
+   *
+   *********************************************************************
+   */
+  SSL_CTX_set_options
+  (
+    psProperties->psslCTX,
+    (
+        SSL_OP_NO_SSLv2
+      | SSL_OP_NO_SSLv3
+      | SSL_OP_NO_TLSv1
+#ifdef SSL_OP_NO_TLSv1_1
+      | SSL_OP_NO_TLSv1_1
+#endif
+    )
+  );
+
+  /*-
+   *********************************************************************
+   *
    * Setup SSL certificate verification. Load the bundled certificate
    * authorities file. A common name (CN) and a positive chain length
    * must be specified to activate PEER verification. If you want to




diff -urN webjob-1.9.0.old/tools/webjob-dsvtool/ssl.c webjob-1.9.0.new/tools/webjob-dsvtool/ssl.c
--- tools/webjob-dsvtool/ssl.c	2012-01-07 02:56:14.000000000 -0500
+++ tools/webjob-dsvtool/ssl.c	2016-01-13 14:47:04.981833035 -0500
@@ -241,7 +241,7 @@
    *
    *********************************************************************
    */
-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
+  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
   if (psProperties->psslCTX == NULL)
   {
     ERR_error_string(ERR_get_error(), acLocalError);
@@ -252,6 +252,26 @@
   /*-
    *********************************************************************
    *
+   * Disable protocol versions that are no longer safe to use.
+   *
+   *********************************************************************
+   */
+  SSL_CTX_set_options
+  (
+    psProperties->psslCTX,
+    (
+        SSL_OP_NO_SSLv2
+      | SSL_OP_NO_SSLv3
+      | SSL_OP_NO_TLSv1
+#ifdef SSL_OP_NO_TLSv1_1
+      | SSL_OP_NO_TLSv1_1
+#endif
+    )
+  );
+
+  /*-
+   *********************************************************************
+   *
    * Setup SSL certificate verification. Load the bundled certificate
    * authorities file. A common name (CN) and a positive chain length
    * must be specified to activate PEER verification. If you want to

Return to bug 203701

Line 0 Link Here

(-)files/patch-src__ssl.c (+39 lines)
	1	diff -urN webjob-1.9.0.old/src/ssl.c webjob-1.9.0.new/src/ssl.c
	2	--- src/ssl.c 2012-01-07 02:56:14.000000000 -0500
	3	+++ src/ssl.c 2016-01-13 14:46:53.396007393 -0500
	4	@@ -241,7 +241,7 @@
	5	*
	6	*********************************************************************
	7	*/
	8	- psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
	9	+ psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
	10	if (psProperties->psslCTX == NULL)
	11	{
	12	ERR_error_string(ERR_get_error(), acLocalError);
	13	@@ -252,6 +252,26 @@
	14	/*-
	15	*********************************************************************
	16	*
	17	+ * Disable protocol versions that are no longer safe to use.
	18	+ *
	19	+ *********************************************************************
	20	+ */
	21	+ SSL_CTX_set_options
	22	+ (
	23	+ psProperties->psslCTX,
	24	+ (
	25	+ SSL_OP_NO_SSLv2
	26	+ \| SSL_OP_NO_SSLv3
	27	+ \| SSL_OP_NO_TLSv1
	28	+#ifdef SSL_OP_NO_TLSv1_1
	29	+ \| SSL_OP_NO_TLSv1_1
	30	+#endif
	31	+ )
	32	+ );
	33	+
	34	+ /*-
	35	+ *********************************************************************
	36	+ *
	37	* Setup SSL certificate verification. Load the bundled certificate
	38	* authorities file. A common name (CN) and a positive chain length
	39	* must be specified to activate PEER verification. If you want to

Line 0 Link Here

(-)files/patch-tools__webjob-dsvtool__ssl.c (+39 lines)
	1	diff -urN webjob-1.9.0.old/tools/webjob-dsvtool/ssl.c webjob-1.9.0.new/tools/webjob-dsvtool/ssl.c
	2	--- tools/webjob-dsvtool/ssl.c 2012-01-07 02:56:14.000000000 -0500
	3	+++ tools/webjob-dsvtool/ssl.c 2016-01-13 14:47:04.981833035 -0500
	4	@@ -241,7 +241,7 @@
	5	*
	6	*********************************************************************
	7	*/
	8	- psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
	9	+ psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
	10	if (psProperties->psslCTX == NULL)
	11	{
	12	ERR_error_string(ERR_get_error(), acLocalError);
	13	@@ -252,6 +252,26 @@
	14	/*-
	15	*********************************************************************
	16	*
	17	+ * Disable protocol versions that are no longer safe to use.
	18	+ *
	19	+ *********************************************************************
	20	+ */
	21	+ SSL_CTX_set_options
	22	+ (
	23	+ psProperties->psslCTX,
	24	+ (
	25	+ SSL_OP_NO_SSLv2
	26	+ \| SSL_OP_NO_SSLv3
	27	+ \| SSL_OP_NO_TLSv1
	28	+#ifdef SSL_OP_NO_TLSv1_1
	29	+ \| SSL_OP_NO_TLSv1_1
	30	+#endif
	31	+ )
	32	+ );
	33	+
	34	+ /*-
	35	+ *********************************************************************
	36	+ *
	37	* Setup SSL certificate verification. Load the bundled certificate
	38	* authorities file. A common name (CN) and a positive chain length
	39	* must be specified to activate PEER verification. If you want to