From 2dd5ca1fbc15ed7473c8d96e62ed76ea2ab0d891 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 4 Apr 2009 17:57:34 +0000 Subject: [PATCH] Make no-ssl2 work including on Win32 builds. --- ssl/s2_lib.c | 3 --- ssl/ssl.h | 2 ++ ssl/ssl_lib.c | 3 +++ util/mk1mf.pl | 4 ++-- util/mkdef.pl | 6 +++++- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 907e305259..9914604109 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -412,9 +412,6 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) return(0); } -IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, - ssl_cipher_id); - /* This function needs to check if the ciphers required are actually * available */ const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) diff --git a/ssl/ssl.h b/ssl/ssl.h index 893eb6ece3..e8d03bf914 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1595,9 +1595,11 @@ const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); +#ifndef OPENSSL_NO_SSL2 const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ +#endif const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 17fc536636..24cd4268e4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2986,3 +2986,6 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) +IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, + ssl_cipher_id); + diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 0ed7cb4ac8..6b052fa31c 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -736,8 +736,8 @@ sub var_add @a=grep(!/^e_camellia$/,@a) if $no_camellia; @a=grep(!/^e_seed$/,@a) if $no_seed; - @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; - @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; + #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; + #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; diff --git a/util/mkdef.pl b/util/mkdef.pl index 96aa51af2e..29a5b96571 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -103,6 +103,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", + # SSL v2 + "SSL2", # JPAKE "JPAKE", # Deprecated functions @@ -125,7 +127,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; -my $no_jpake; +my $no_jpake; my $no_ssl2; my $zlib; @@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } + elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-capieng$/) { $no_capieng=1; } elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -1145,6 +1148,7 @@ sub is_valid if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } + if ($keyword eq "SSL2" && $no_ssl2) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } -- 2.25.1