File openssl-CVE-2016-0800-DROWN-disable-ssl2.patch of Package openssl.4936

Index: openssl-1.0.2g/ssl/ssl_lib.c
===================================================================
--- openssl-1.0.2g.orig/ssl/ssl_lib.c	2016-04-18 18:06:24.688145088 +0200
+++ openssl-1.0.2g/ssl/ssl_lib.c	2016-04-18 18:08:53.774417679 +0200
@@ -2054,12 +2054,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
      */
     ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
 
-    /*
-     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
-     * explicitly clear this option via either of SSL_CTX_clear_options() or
-     * SSL_clear_options().
-     */
-    ret->options |= SSL_OP_NO_SSLv2;
+    /* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */
+    if (!getenv("OPENSSL_ALLOW_SSL2"))
+        ret->options |= SSL_OP_NO_SSLv2;
 
     return (ret);
  err: