225949 – Base openssl is inconsistent in handling SSLv3

Bug 225949 - Base openssl is inconsistent in handling SSLv3

Summary: Base openssl is inconsistent in handling SSLv3

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	11.1-RELEASE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-02-16 10:53 UTC by bc979
Modified:	2021-10-09 16:58 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description bc979 2018-02-16 10:53:25 UTC

/usr/include/openssl/ssl.h includes the line
#define OPENSSL_NO_SSL2
As a result, the SSLv2 features are not available and are not in the man file.

However, there is no equivalent for SSL3.  OPENSSL_NO_SSL3 is not defined anywhere.  Thus the SSLv3 functions like SSLv3_server_method should be available.  However, they do not appear in the man pages and cannot be linked to.  As a result, qpopper will not properly build on 11.1-RELEASE.

The interesting aspect of this is ssl.h does include the defines for the server methods if OPENSSL_NO_SSL2_METHOD or OPENSSL_NO_SSL3_METHOD is not defined.  I think at least the SSLv3_server_method (and client_method) should be linkable.

Comment 1 Piotr Pawel Stefaniak freebsd_committer

2021-10-09 16:58:09 UTC

I can't find OPENSSL_NO_SSL2 anywhere in the file or its history. If you mean SSL_OP_NO_SSLv2 then that's been disabled in all supported branches.