diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2016-06-12 18:28:19 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2016-06-12 18:28:19 +0000 |
| commit | 3df8327d984a0e713055f4dd5ccad7f0d8852adc (patch) | |
| tree | 7b726c399177428f100b2ed6b7c7b7ead78dd07c /security/ftimes | |
| parent | e475573173ac65cb5654ad1022638435ebd4eaaf (diff) | |
| download | freebsd-ports-3df8327d984a0e713055f4dd5ccad7f0d8852adc.zip | |
security/ftimes: Fix build without SSLv3 methods
- Use SSLv23 methods and SSL_OP_NO_SSL3
PR: 203693
Sponsored by: BSDCan DevSummit
Diffstat (limited to 'security/ftimes')
| -rw-r--r-- | security/ftimes/Makefile | 4 | ||||
| -rw-r--r-- | security/ftimes/files/patch-src__ssl.c | 46 |
2 files changed, 48 insertions, 2 deletions
diff --git a/security/ftimes/Makefile b/security/ftimes/Makefile index d823dd1e52e7..607bc64dc290 100644 --- a/security/ftimes/Makefile +++ b/security/ftimes/Makefile @@ -3,7 +3,7 @@ PORTNAME= ftimes PORTVERSION= 3.11.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security sysutils MASTER_SITES= SF @@ -53,7 +53,7 @@ SHEBANG_FILES= \ ${WRKSRC}/tools/zipmap/zipmap OPTIONS_DEFINE= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS SSL XMAGIC -OPTIONS_DEFAULT= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS SSL XMAGIC +OPTIONS_DEFAULT= DBM_TOOLS DIG_TOOLS FILE_HOOKS HASHDIG_TOOLS MAP_TOOLS XMAGIC DBM_TOOLS_DESC= Install DBM tools DIG_TOOLS_DESC= Install dig tools FILE_HOOKS_DESC= Include file hooks support diff --git a/security/ftimes/files/patch-src__ssl.c b/security/ftimes/files/patch-src__ssl.c new file mode 100644 index 000000000000..b3fe01818ad2 --- /dev/null +++ b/security/ftimes/files/patch-src__ssl.c @@ -0,0 +1,46 @@ +diff -urN ftimes-3.11.0.old/src/ssl.c ftimes-3.11.0.new/src/ssl.c +--- src/ssl.c 2014-07-18 02:40:44.000000000 -0400 ++++ src/ssl.c 2016-01-13 17:18:29.073028573 -0500 +@@ -251,7 +251,7 @@ + * + ********************************************************************* + */ +- psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method()); ++ psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method()); + if (psProperties->psslCTX == NULL) + { + ERR_error_string(ERR_get_error(), acLocalError); +@@ -262,6 +262,33 @@ + /*- + ********************************************************************* + * ++ * Disable protocol versions that are no longer safe to use. ++ * ++ ********************************************************************* ++ */ ++ SSL_CTX_set_options ++ ( ++ psProperties->psslCTX, ++ ( ++ 0 ++#ifdef SSL_OP_NO_SSLv2 ++ | SSL_OP_NO_SSLv2 ++#endif ++#ifdef SSL_OP_NO_SSLv3 ++ | SSL_OP_NO_SSLv3 ++#endif ++#ifdef SSL_OP_NO_TLSv1 ++ | SSL_OP_NO_TLSv1 ++#endif ++#ifdef SSL_OP_NO_TLSv1_1 ++ | SSL_OP_NO_TLSv1_1 ++#endif ++ ) ++ ); ++ ++ /*- ++ ********************************************************************* ++ * + * Setup SSL certificate verification. Load the bundled certificate + * authorities file. A common name (CN) and a positive chain length + * must be specified to activate PEER verification. If you want to |