From: Nicolas Thill <nico@openwrt.org>
Date: Mon, 18 Dec 2006 17:07:01 +0000 (+0000)
Subject: disable SSLv2
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;h=7fc9774395ec3be7c8384f157141aa361b0b040b

disable SSLv2


SVN-Revision: 5843
---

diff --git a/admin/monit/patches/01-no_sslv2.patch b/admin/monit/patches/01-no_sslv2.patch
new file mode 100644
index 0000000000..646fb4be58
--- /dev/null
+++ b/admin/monit/patches/01-no_sslv2.patch
@@ -0,0 +1,16 @@
+diff -ruN monit-4.6-old/ssl.c monit-4.6-new/ssl.c
+--- monit-4.6-old/ssl.c	2005-08-07 22:26:47.000000000 +0200
++++ monit-4.6-new/ssl.c	2006-12-18 11:18:46.000000000 +0100
+@@ -1367,10 +1367,12 @@
+     ssl->method = SSLv23_client_method();
+     break;
+ 
++#ifndef OPENSSL_NO_SSL2
+   case SSL_VERSION_SSLV2:
+ 
+     ssl->method = SSLv2_client_method();
+     break;
++#endif
+ 
+   case SSL_VERSION_SSLV3:
+ 
diff --git a/net/rrs/patches/02-no_sslv2.patch b/net/rrs/patches/02-no_sslv2.patch
new file mode 100644
index 0000000000..67f05663dc
--- /dev/null
+++ b/net/rrs/patches/02-no_sslv2.patch
@@ -0,0 +1,45 @@
+diff -ruN rrs-1.70-old/rrs.c rrs-1.70-new/rrs.c
+--- rrs-1.70-old/rrs.c	2006-12-18 11:41:42.000000000 +0100
++++ rrs-1.70-new/rrs.c	2006-12-18 11:53:43.000000000 +0100
+@@ -1826,9 +1826,12 @@
+                 }
+                 rrs_ssl = TLSv1;
+                 if (optarg) {
++#ifndef OPENSSL_NO_SSL2		    
+                     if (!strcasecmp(optarg, "SSLv2")) {
+                         rrs_ssl = SSLv2;
+-                    } else if (!strcasecmp(optarg, "SSLv3")) {
++                    } else
++#endif
++		    if (!strcasecmp(optarg, "SSLv3")) {
+                         rrs_ssl = SSLv3;
+                     } else if (!strcasecmp(optarg, "TLSv1")) {
+                         rrs_ssl = TLSv1;
+@@ -1981,9 +1984,12 @@
+         SSL_load_error_strings();
+ 
+         if (rrs_listen) {
++#ifndef OPENSSL_NO_SSL2
+             if (rrs_ssl == SSLv2) {
+                 sslmethod = SSLv2_server_method();
+-            } else if (rrs_ssl == SSLv3) {
++            } else
++#endif
++	    if (rrs_ssl == SSLv3) {
+                 sslmethod = SSLv3_server_method();
+             } else if (rrs_ssl == TLSv1) {
+                 sslmethod = TLSv1_server_method();
+@@ -1992,9 +1998,12 @@
+                 return err_generic;
+             }
+         } else {
++#ifndef OPENSSL_NO_SSL2
+             if (rrs_ssl == SSLv2) {
+                 sslmethod = SSLv2_client_method();
+-            } else if (rrs_ssl == SSLv3) {
++            } else
++#endif
++	    if (rrs_ssl == SSLv3) {
+                 sslmethod = SSLv3_client_method();
+             } else if (rrs_ssl == TLSv1) {
+                 sslmethod = TLSv1_client_method();
diff --git a/net/socat/patches/502-no_sslv2.patch b/net/socat/patches/502-no_sslv2.patch
new file mode 100644
index 0000000000..372383aa9f
--- /dev/null
+++ b/net/socat/patches/502-no_sslv2.patch
@@ -0,0 +1,50 @@
+diff -ruN socat-1.4-old/sslcls.c socat-1.4-new/sslcls.c
+--- socat-1.4-old/sslcls.c	2005-03-12 19:06:54.000000000 +0100
++++ socat-1.4-new/sslcls.c	2006-12-18 12:26:32.000000000 +0100
+@@ -35,6 +35,7 @@
+    return result;
+ }
+ 
++#ifndef OPENSSL_NO_SSL2
+ SSL_METHOD *sycSSLv2_client_method(void) {
+    SSL_METHOD *result;
+    Debug("SSLv2_client_method()");
+@@ -50,6 +51,7 @@
+    Debug1("SSLv2_server_method() -> %p", result);
+    return result;
+ }
++#endif
+ 
+ SSL_METHOD *sycSSLv3_client_method(void) {
+    SSL_METHOD *result;
+diff -ruN socat-1.4-old/xio-openssl.c socat-1.4-new/xio-openssl.c
+--- socat-1.4-old/xio-openssl.c	2005-09-04 11:40:45.000000000 +0200
++++ socat-1.4-new/xio-openssl.c	2006-12-18 12:27:17.000000000 +0100
+@@ -612,9 +612,12 @@
+ 
+    if (!server) {
+       if (me_str != 0) {
++#ifndef OPENSSL_NO_SSL2
+ 	 if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) {
+ 	    method = sycSSLv2_client_method();
+-	 } else if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
++	 } else
++#endif
++	 if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
+ 	    method = sycSSLv3_client_method();
+ 	 } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") ||
+ 		    !strcasecmp(me_str, "SSL")) {
+@@ -631,9 +634,12 @@
+       }
+    } else /* server */ {
+       if (me_str != 0) {
++#ifndef OPENSSL_NO_SSL2
+ 	 if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) {
+ 	    method = sycSSLv2_server_method();
+-	 } else if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
++	 } else
++#endif
++	 if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
+ 	    method = sycSSLv3_server_method();
+ 	 } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") ||
+ 		    !strcasecmp(me_str, "SSL")) {