app-shells/rrs/files/rrs-1.70-drop-old-ssl-algos.patch

   1 --- a/rrs.c     2019-01-17 12:36:21.134181933 +0300
   2 +++ b/rrs.c     2019-01-17 12:37:56.133181353 +0300
   3 @@ -186,11 +186,9 @@
   4  "                       can change it with, e.g., --ssl=tlsv1 for instance, or\n"
   5  "                       the -S option.\n"
   6  "   -S, --ssl=method    Choose OpenSSL protocol (case doesn't matter):\n"
   7 -"                           -S SSLv2\n"
   8 -"                           -S SSLv3\n"
   9  "                           -S TLSv1\n"
  10  "                       If you use --ssl instead of -S, please remember to use\n"
  11 -"                       the equal sign, e.g., --ssl=sslv3.\n"
  12 +"                       the equal sign, e.g., --ssl=tlsv1.\n"
  13  "   -P, --pem file      Specify private key and certificate (public key) file.\n"
  14  "                       The file should begin with a PEM encoded private key\n"
  15  "                       followed by a PEM encoded certificate. Both the\n"
  16 @@ -336,8 +334,8 @@
  17  /****** various other global variables ******/
  18
  19  #if ! defined(WITHOUT_SSL)
  20 -    enum { none, TLSv1, SSLv3, SSLv2 } rrs_ssl = none;
  21 -    char *sslprotocols[] = { "none", "TLSv1", "SSLv3", "SSLv2" };
  22 +    enum { none, TLSv1 } rrs_ssl = none;
  23 +    char *sslprotocols[] = { "none", "TLSv1" };
  24  #endif
  25
  26  unsigned int sourceport = 0,
  27 @@ -1826,11 +1824,7 @@
  28                  }
  29                  rrs_ssl = TLSv1;
  30                  if (optarg) {
  31 -                    if (!strcasecmp(optarg, "SSLv2")) {
  32 -                        rrs_ssl = SSLv2;
  33 -                    } else if (!strcasecmp(optarg, "SSLv3")) {
  34 -                        rrs_ssl = SSLv3;
  35 -                    } else if (!strcasecmp(optarg, "TLSv1")) {
  36 +                    if (!strcasecmp(optarg, "TLSv1")) {
  37                          rrs_ssl = TLSv1;
  38                      } else {
  39                          fprintf(stderr, "[?] not supported ssl protocol: %s\n", optarg);
  40 @@ -1981,22 +1975,14 @@
  41          SSL_load_error_strings();
  42
  43          if (rrs_listen) {
  44 -            if (rrs_ssl == SSLv2) {
  45 -                sslmethod = SSLv2_server_method();
  46 -            } else if (rrs_ssl == SSLv3) {
  47 -                sslmethod = SSLv3_server_method();
  48 -            } else if (rrs_ssl == TLSv1) {
  49 +            if (rrs_ssl == TLSv1) {
  50                  sslmethod = TLSv1_server_method();
  51              } else {
  52                  fprintf(stderr, "[?] huh? rrs_ssl = 0x%08x\n", (unsigned int)sslmethod);
  53                  return err_generic;
  54              }
  55          } else {
  56 -            if (rrs_ssl == SSLv2) {
  57 -                sslmethod = SSLv2_client_method();
  58 -            } else if (rrs_ssl == SSLv3) {
  59 -                sslmethod = SSLv3_client_method();
  60 -            } else if (rrs_ssl == TLSv1) {
  61 +            if (rrs_ssl == TLSv1) {
  62                  sslmethod = TLSv1_client_method();
  63              } else {
  64                  fprintf(stderr, "[?] huh? rrs_ssl = 0x%08x\n", (unsigned int)sslmethod);