LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File links-nosslcomp.patch of Package links (Project network)

--- https.c.orig
+++ https.c
@@ -44,7 +44,23 @@ SSL *getSSL(void)
 		if (!m) return NULL;
 		context = SSL_CTX_new((void *)m);
 		if (!context) return NULL;
-		SSL_CTX_set_options(context, SSL_OP_ALL);
+		SSL_CTX_set_options(context, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+
+#ifdef SSL_OP_NO_COMPRESSION
+        SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
+#endif
+
+#ifdef SSL_OP_NO_TICKET
+        SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
+#endif
+#ifdef SSL_MODE_RELEASE_BUFFERS
+        SSL_CTX_set_mode(context, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
+#ifdef SSL_MODE_AUTO_RETRY
+        SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);
+#endif
+
 		SSL_CTX_set_default_verify_paths(context);
 /* needed for systems without /dev/random, but obviously kills security. */
 		/*{
--- connect.c.orig
+++ connect.c
@@ -184,9 +184,6 @@ static void ssl_want_read(struct connect
 
 	set_timeout(c);
 
-#ifndef HAVE_NSS
-	if (c->no_tsl) c->ssl->options |= SSL_OP_NO_TLSv1;
-#endif
 	switch (SSL_get_error(c->ssl, SSL_connect(c->ssl))) {
 		case SSL_ERROR_NONE:
 			c->newconn = NULL;
@@ -374,9 +371,6 @@ static void connected(struct connection
 			goto ssl_error;
 		}
 		SSL_set_fd(c->ssl, *b->sock);
-#ifndef HAVE_NSS
-		if (c->no_tsl) c->ssl->options |= SSL_OP_NO_TLSv1;
-#endif
 		switch (SSL_get_error(c->ssl, SSL_connect(c->ssl))) {
 			case SSL_ERROR_WANT_READ:
 				setcstate(c, S_SSL_NEG);