+Description: Add DISABLE_SSLV3 compile-time option
+ Needed to link with Debian's openssl, which has ssl3_{client,server}_method() disabled.
+Author: Ian Beckwith <ianb@erislabs.net>
+Forwarded: fdc@columbia.edu
+Last-Update: 2015-12-14
Index: ckermit/ck_ssl.c
===================================================================
--- ckermit.orig/ck_ssl.c
}
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
-+#endif
++#endif /* DISABLE_SSLV3 */
last_ssl_mode = -1;
return(0);
}
}
if ( !ssl_ctx ) {
debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
-+#endif
++#endif /* DISABLE_SSLV3 */
last_ssl_mode = -1;
return(0);
}
+ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv3
-+#endif
++#endif /* DISABLE_SSLV3 */
+ );
SSL_CTX_set_options(tls_ctx,
- SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA);
+ SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv3
-+#endif
++#endif /* DISABLE_SSLV3 */
+ );
SSL_CTX_set_info_callback(ssl_ctx,ssl_client_info_callback);
+ SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv3
-+#endif
++#endif /* DISABLE_SSLV3 */
+ );
SSL_CTX_set_info_callback(tls_http_ctx,ssl_client_info_callback);
SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
-+#endif
++#endif /* DISABLE_SSLV3 */
);
} else {
ssl_ftp_ctx = SSL_CTX_new(client_method);
SSL_OP_SINGLE_DH_USE|SSL_OP_EPHEMERAL_RSA
+#ifdef DISABLE_SSLV3
+ |SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3
-+#endif
++#endif /* DISABLE_SSLV3 */
);
}
SSL_CTX_set_default_passwd_cb(ssl_ftp_ctx,