Attachment #161871 for bug #198980

View | Details | Raw Unified | Return to bug 198980 | Differences between
Collapse All | Expand All




--- ck_ssl.c.orig	2011-07-06 15:03:32.000000000 +0200
+++ ck_ssl.c	2015-10-03 14:42:36.360598285 +0200
@@ -1054,11 +1054,15 @@ ssl_display_comp(SSL * ssl)
     if (ssl == NULL)
         return;
 
+#ifndef OPENSSL_NO_COMP
     if (ssl->expand == NULL || ssl->expand->meth == NULL)
+#endif
         printf("Compression: None\r\n");
+#ifndef OPENSSL_NO_COMP
     else {
         printf("Compression: %s\r\n",ssl->expand->meth->name);
     }
+#endif
 }
 
 int
@@ -1483,9 +1487,13 @@ the build.\r\n\r\n");
         }
         debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
 
+#ifndef OPENSSL_NO_EGD
         rc1 = RAND_egd(ssl_rnd_file);
         debug(F111,"ssl_once_init","RAND_egd()",rc1);
-        if ( rc1 <= 0 ) {
+        if ( rc1 <= 0 ) 
+#endif
+	{
+
             rc2 = RAND_load_file(ssl_rnd_file, -1);
             debug(F111,"ssl_once_init","RAND_load_file()",rc1);
         }
@@ -1579,10 +1587,12 @@ ssl_tn_init(mode) int mode;
             /* This can fail because we do not have RSA available */
             if ( !ssl_ctx ) {
                 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+#ifndef OPENSSL_NO_SSL3
                 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
             }
             if ( !ssl_ctx ) {
                 debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+#endif
                 last_ssl_mode = -1;
                 return(0);
             }
@@ -1593,8 +1603,10 @@ ssl_tn_init(mode) int mode;
             /* This can fail because we do not have RSA available */
             if ( !tls_ctx ) {
                 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+#ifndef OPENSSL_NO_SSL3
                 tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
             }
+#endif /* OPENSSL_NO_SSL3 */
 #endif /* COMMENT */
             if ( !tls_ctx ) {
                 debug(F110,"ssl_tn_init","TLSv1_client_method failed",0);
@@ -1611,10 +1623,12 @@ ssl_tn_init(mode) int mode;
             /* This can fail because we do not have RSA available */
             if ( !ssl_ctx ) {
                 debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
+#ifndef OPENSSL_NO_SSL3
                 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
             }
             if ( !ssl_ctx ) {
                 debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+#endif
                 last_ssl_mode = -1;
                 return(0);
             }
@@ -2161,7 +2175,9 @@ ssl_http_init(hostname) char * hostname;
         /* This can fail because we do not have RSA available */
         if ( !tls_http_ctx ) {
             debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
+#ifndef OPENSSL_NO_SSL3
             tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+#endif
         }
 #endif /* COMMENT */
         if ( !tls_http_ctx ) {




--- ckcftp.c.orig	2011-07-14 18:17:30.000000000 +0200
+++ ckcftp.c	2015-10-03 14:48:01.112575165 +0200
@@ -10196,15 +10196,21 @@ ssl_auth() {
 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
 #endif
     if (auth_type && !strcmp(auth_type,"TLS")) {
+#ifndef OPENSSL_NO_SSL3
         ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
+#endif
         if (!ssl_ftp_ctx)
           return(0);
         SSL_CTX_set_options(ssl_ftp_ctx,
                             SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
                             );
     } else {
+#ifndef OPENSSL_NO_SSL3
         ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() : 
                                   SSLv3_client_method());
+#else
+        ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif
         if (!ssl_ftp_ctx)
           return(0);
         SSL_CTX_set_options(ssl_ftp_ctx,




--- ckcssl.h.orig	1999-09-21 04:08:20.000000000 +0200
+++ ckcssl.h	2015-10-03 14:35:05.123628000 +0200
@@ -71,13 +71,15 @@ _PROTOTYP(int ssl_client_verify_callback
 #define SSL_CTX_free                     ck_SSL_CTX_free
 #define SSL_CTX_set_default_passwd_cb    ck_SSL_CTX_set_default_passwd_cb
 #define SSLv23_method                    ck_SSLv23_method
+#ifndef OPENSSL_NO_SSL3
 #define SSLv3_method                     ck_SSLv3_method
+#define SSLv3_client_method              ck_SSLv3_client_method
+#define SSLv3_server_method              ck_SSLv3_server_method
+#endif
 #define TLSv1_method                     ck_TLSv1_method
 #define SSLv23_client_method             ck_SSLv23_client_method
-#define SSLv3_client_method              ck_SSLv3_client_method
 #define TLSv1_client_method              ck_TLSv1_client_method
 #define SSLv23_server_method             ck_SSLv23_server_method
-#define SSLv3_server_method              ck_SSLv3_server_method
 #define TLSv1_server_method              ck_TLSv1_server_method
 #define SSL_library_init                 ck_SSL_library_init
 #define SSL_state_string                 ck_SSL_state_string

Return to bug 198980

Line 0 Link Here

(-)comms/kermit/files/patch-ck__ssl.c (+80 lines)
		1	--- ck_ssl.c.orig 2011-07-06 15:03:32.000000000 +0200
		2	+++ ck_ssl.c 2015-10-03 14:42:36.360598285 +0200
		3	@@ -1054,11 +1054,15 @@ ssl_display_comp(SSL * ssl)
		4	if (ssl == NULL)
		5	return;
		6
		7	+#ifndef OPENSSL_NO_COMP
		8	if (ssl->expand == NULL \|\| ssl->expand->meth == NULL)
		9	+#endif
		10	printf("Compression: None\r\n");
		11	+#ifndef OPENSSL_NO_COMP
		12	else {
		13	printf("Compression: %s\r\n",ssl->expand->meth->name);
		14	}
		15	+#endif
		16	}
		17
		18	int
		19	@@ -1483,9 +1487,13 @@ the build.\r\n\r\n");
		20	}
		21	debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
		22
		23	+#ifndef OPENSSL_NO_EGD
		24	rc1 = RAND_egd(ssl_rnd_file);
		25	debug(F111,"ssl_once_init","RAND_egd()",rc1);
		26	- if ( rc1 <= 0 ) {
		27	+ if ( rc1 <= 0 )
		28	+#endif
		29	+ {
		30	+
		31	rc2 = RAND_load_file(ssl_rnd_file, -1);
		32	debug(F111,"ssl_once_init","RAND_load_file()",rc1);
		33	}
		34	@@ -1579,10 +1587,12 @@ ssl_tn_init(mode) int mode;
		35	/* This can fail because we do not have RSA available */
		36	if ( !ssl_ctx ) {
		37	debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
		38	+#ifndef OPENSSL_NO_SSL3
		39	ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
		40	}
		41	if ( !ssl_ctx ) {
		42	debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
		43	+#endif
		44	last_ssl_mode = -1;
		45	return(0);
		46	}
		47	@@ -1593,8 +1603,10 @@ ssl_tn_init(mode) int mode;
		48	/* This can fail because we do not have RSA available */
		49	if ( !tls_ctx ) {
		50	debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
		51	+#ifndef OPENSSL_NO_SSL3
		52	tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
		53	}
		54	+#endif /* OPENSSL_NO_SSL3 */
		55	#endif /* COMMENT */
		56	if ( !tls_ctx ) {
		57	debug(F110,"ssl_tn_init","TLSv1_client_method failed",0);
		58	@@ -1611,10 +1623,12 @@ ssl_tn_init(mode) int mode;
		59	/* This can fail because we do not have RSA available */
		60	if ( !ssl_ctx ) {
		61	debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
		62	+#ifndef OPENSSL_NO_SSL3
		63	ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
		64	}
65	if ( !ssl_ctx ) {
66	debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
67	+#endif
68	last_ssl_mode = -1;
69	return(0);
70	}
71	@@ -2161,7 +2175,9 @@ ssl_http_init(hostname) char * hostname;
72	/* This can fail because we do not have RSA available */
73	if ( !tls_http_ctx ) {
74	debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
75	+#ifndef OPENSSL_NO_SSL3
76	tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
77	+#endif
78	}
79	#endif /* COMMENT */
80	if ( !tls_http_ctx ) {

Line 0 Link Here

(-)comms/kermit/files/patch-ckcftp.c (+24 lines)
	1	--- ckcftp.c.orig 2011-07-14 18:17:30.000000000 +0200
	2	+++ ckcftp.c 2015-10-03 14:48:01.112575165 +0200
	3	@@ -10196,15 +10196,21 @@ ssl_auth() {
	4	#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
	5	#endif
	6	if (auth_type && !strcmp(auth_type,"TLS")) {
	7	+#ifndef OPENSSL_NO_SSL3
	8	ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
	9	+#endif
	10	if (!ssl_ftp_ctx)
	11	return(0);
	12	SSL_CTX_set_options(ssl_ftp_ctx,
	13	SSL_OP_SINGLE_DH_USE\|SSL_OP_EPHEMERAL_RSA
	14	);
	15	} else {
	16	+#ifndef OPENSSL_NO_SSL3
	17	ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() :
	18	SSLv3_client_method());
	19	+#else
	20	+ ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
	21	+#endif
	22	if (!ssl_ftp_ctx)
	23	return(0);
	24	SSL_CTX_set_options(ssl_ftp_ctx,

Line 0 Link Here

(-)comms/kermit/files/patch-ckcssl.h (+20 lines)
	1	--- ckcssl.h.orig 1999-09-21 04:08:20.000000000 +0200
	2	+++ ckcssl.h 2015-10-03 14:35:05.123628000 +0200
	3	@@ -71,13 +71,15 @@ _PROTOTYP(int ssl_client_verify_callback
	4	#define SSL_CTX_free ck_SSL_CTX_free
	5	#define SSL_CTX_set_default_passwd_cb ck_SSL_CTX_set_default_passwd_cb
	6	#define SSLv23_method ck_SSLv23_method
	7	+#ifndef OPENSSL_NO_SSL3
	8	#define SSLv3_method ck_SSLv3_method
	9	+#define SSLv3_client_method ck_SSLv3_client_method
	10	+#define SSLv3_server_method ck_SSLv3_server_method
	11	+#endif
	12	#define TLSv1_method ck_TLSv1_method
	13	#define SSLv23_client_method ck_SSLv23_client_method
	14	-#define SSLv3_client_method ck_SSLv3_client_method
	15	#define TLSv1_client_method ck_TLSv1_client_method
	16	#define SSLv23_server_method ck_SSLv23_server_method
	17	-#define SSLv3_server_method ck_SSLv3_server_method
	18	#define TLSv1_server_method ck_TLSv1_server_method
	19	#define SSL_library_init ck_SSL_library_init
	20	#define SSL_state_string ck_SSL_state_string