View | Details | Raw Unified | Return to bug 203701 | Differences between
and this patch

Collapse All | Expand All

(-)files/patch-src__ssl.c (+37 lines)
Line 0 Link Here
1 
diff -urN webjob-1.9.0.old/src/ssl.c webjob-1.9.0.new/src/ssl.c
2 
--- src/ssl.c	2012-01-07 02:56:14.000000000 -0500
3 
+++ src/ssl.c	2016-01-13 11:23:02.096297912 -0500
4 
@@ -241,7 +241,7 @@
5 
    *
6 
    *********************************************************************
7 
    */
8 
-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
9 
+  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
10 
   if (psProperties->psslCTX == NULL)
11 
   {
12 
     ERR_error_string(ERR_get_error(), acLocalError);
13 
@@ -252,6 +252,24 @@
14 
   /*-
15 
    *********************************************************************
16 
    *
17 
+   * Disable protocol versions that are no longer safe to use.
18 
+   *
19 
+   *********************************************************************
20 
+   */
21 
+  SSL_CTX_set_options
22 
+  (
23 
+    psProperties->psslCTX,
24 
+    (
25 
+        SSL_OP_NO_SSLv2
26 
+      | SSL_OP_NO_SSLv3
27 
+      | SSL_OP_NO_TLSv1
28 
+      | SSL_OP_NO_TLSv1_1
29 
+    )
30 
+  );
31 
+
32 
+  /*-
33 
+   *********************************************************************
34 
+   *
35 
    * Setup SSL certificate verification. Load the bundled certificate
36 
    * authorities file. A common name (CN) and a positive chain length
37 
    * must be specified to activate PEER verification. If you want to
(-)files/patch-tools__webjob-dsvtool__ssl.c (+37 lines)
Line 0 Link Here
1 
diff -urN webjob-1.9.0.old/tools/webjob-dsvtool/ssl.c webjob-1.9.0.new/tools/webjob-dsvtool/ssl.c
2 
--- tools/webjob-dsvtool/ssl.c	2012-01-07 02:56:14.000000000 -0500
3 
+++ tools/webjob-dsvtool/ssl.c	2016-01-13 11:29:48.274246265 -0500
4 
@@ -241,7 +241,7 @@
5 
    *
6 
    *********************************************************************
7 
    */
8 
-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
9 
+  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
10 
   if (psProperties->psslCTX == NULL)
11 
   {
12 
     ERR_error_string(ERR_get_error(), acLocalError);
13 
@@ -252,6 +252,24 @@
14 
   /*-
15 
    *********************************************************************
16 
    *
17 
+   * Disable protocol versions that are no longer safe to use.
18 
+   *
19 
+   *********************************************************************
20 
+   */
21 
+  SSL_CTX_set_options
22 
+  (
23 
+    psProperties->psslCTX,
24 
+    (
25 
+        SSL_OP_NO_SSLv2
26 
+      | SSL_OP_NO_SSLv3
27 
+      | SSL_OP_NO_TLSv1
28 
+      | SSL_OP_NO_TLSv1_1
29 
+    )
30 
+  );
31 
+
32 
+  /*-
33 
+   *********************************************************************
34 
+   *
35 
    * Setup SSL certificate verification. Load the bundled certificate
36 
    * authorities file. A common name (CN) and a positive chain length
37 
    * must be specified to activate PEER verification. If you want to

Return to bug 203701