add openssl-freefilesync

author: B Stack <bgstack15@gmail.com> 2019-07-15 23:54:24 -0400
committer: B Stack <bgstack15@gmail.com> 2019-07-15 23:54:24 -0400
commit: 91fad0b6c330c35129b069fab8bdf5c4ba479ddf (patch)
tree: 46587604ba44237161655b5b0aa946bf5ebf515d /openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch
parent: freefilesync 10.14 rpm rc1 (diff)
download: stackrpms-91fad0b6c330c35129b069fab8bdf5c4ba479ddf.tar.gz
stackrpms-91fad0b6c330c35129b069fab8bdf5c4ba479ddf.tar.bz2
stackrpms-91fad0b6c330c35129b069fab8bdf5c4ba479ddf.zip
1 files changed, 91 insertions, 0 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch
new file mode 100644
index 0000000..fdec0a8
--- /dev/null
+++ b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch
@@ -0,0 +1,91 @@
+diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
+--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3	2018-07-16 18:08:20.000487628 +0200
++++ openssl-1.1.1-pre8/apps/s_client.c	2018-07-16 18:16:40.070186323 +0200
+@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
+     if (sdebug)
+         ssl_ctx_security_debug(ctx, sdebug);
+ 
++    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
++        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
++
+     if (!config_ctx(cctx, ssl_args, ctx))
+         goto end;
+ 
+diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
+--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3	2018-07-16 18:08:20.000487628 +0200
++++ openssl-1.1.1-pre8/apps/s_server.c	2018-07-16 18:17:17.300055551 +0200
+@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
+     if (sdebug)
+         ssl_ctx_security_debug(ctx, sdebug);
+ 
++    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
++        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
++
+     if (!config_ctx(cctx, ssl_args, ctx))
+         goto end;
+ 
+diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
+--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3	2018-06-20 16:48:13.000000000 +0200
++++ openssl-1.1.1-pre8/ssl/ssl_lib.c	2018-07-16 18:08:20.001487652 +0200
+@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+      */
+     ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+ 
++    if (meth->version != SSL3_VERSION) {
++        /*
++         * Disable SSLv3 by default.  Applications can
++         * re-enable it by configuring
++         * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
++         * or by using the SSL_CONF API.
++         */
++        ret->options |= SSL_OP_NO_SSLv3;
++    }
++
+     ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+ 
+     /*
+diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
+--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3	2018-06-20 16:48:15.000000000 +0200
++++ openssl-1.1.1-pre8/test/ssl_test.c	2018-07-16 18:18:34.806865121 +0200
+@@ -443,6 +443,7 @@ static int test_handshake(int idx)
+             SSL_TEST_SERVERNAME_CB_NONE) {
+             if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
+                 goto err;
++            SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
+             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
+                                                          TLS_MAX_VERSION)))
+                 goto err;
+@@ -464,6 +465,8 @@ static int test_handshake(int idx)
+             if (!TEST_ptr(resume_server_ctx)
+                     || !TEST_ptr(resume_client_ctx))
+                 goto err;
++            SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
++            SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
+         }
+     }
+ 
+@@ -477,6 +480,9 @@ static int test_handshake(int idx)
+             || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
+         goto err;
+ 
++    SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
++    SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
++
+     if (!SSL_CTX_config(server_ctx, "server")
+         || !SSL_CTX_config(client_ctx, "client")) {
+         goto err;
+diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
+--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3	2018-06-20 16:48:15.000000000 +0200
++++ openssl-1.1.1-pre8/test/ssltest_old.c	2018-07-16 18:08:20.002487676 +0200
+@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
+         ERR_print_errors(bio_err);
+         goto end;
+     }
++
++    SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
++    SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
++    SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
++
+     /*
+      * Since we will use low security ciphersuites and keys for testing set
+      * security level to zero by default. Tests can override this by adding
author	B Stack <bgstack15@gmail.com>	2019-07-15 23:54:24 -0400
committer	B Stack <bgstack15@gmail.com>	2019-07-15 23:54:24 -0400
commit	91fad0b6c330c35129b069fab8bdf5c4ba479ddf (patch)
tree	46587604ba44237161655b5b0aa946bf5ebf515d /openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch
parent	freefilesync 10.14 rpm rc1 (diff)
download	stackrpms-91fad0b6c330c35129b069fab8bdf5c4ba479ddf.tar.gz stackrpms-91fad0b6c330c35129b069fab8bdf5c4ba479ddf.tar.bz2 stackrpms-91fad0b6c330c35129b069fab8bdf5c4ba479ddf.zip