File openssl-CVE-2016-0800-DROWN-disable-ssl2.patch of Package libopenssl0_9_8

Index: openssl-0.9.8zh/ssl/ssl_lib.c
===================================================================
--- openssl-0.9.8zh.orig/ssl/ssl_lib.c	2016-03-01 14:45:01.841401757 +0100
+++ openssl-0.9.8zh/ssl/ssl_lib.c	2016-03-01 14:45:02.711416004 +0100
@@ -1610,6 +1610,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 
 #endif
 
+	/* Default is now SSLv2 disabled (CVE-2016-0800 bsc#968046 DROWN) */
+	if (!getenv("OPENSSL_ALLOW_SSL2"))
+		ret->options |= SSL_OP_NO_SSLv2;
+        
 #ifndef OPENSSL_NO_ENGINE
     ret->client_cert_engine = NULL;
 # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
Index: openssl-0.9.8zh/ssl/ssl_ciph.c
===================================================================
--- openssl-0.9.8zh.orig/ssl/ssl_ciph.c	2016-03-01 14:45:02.711416004 +0100
+++ openssl-0.9.8zh/ssl/ssl_ciph.c	2016-03-01 14:47:33.139891339 +0100
@@ -517,6 +517,7 @@ static void ssl_cipher_collect_ciphers(c
 {
     int i, co_list_num;
     SSL_CIPHER *c;
+    int support_export = !!getenv("OPENSSL_ALLOW_EXPORT");
 
     /*
      * We have num_of_ciphers descriptions compiled in, depending on the
@@ -531,12 +532,11 @@ static void ssl_cipher_collect_ciphers(c
         c = ssl_method->get_cipher(i);
 #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
         /* drop those that use any of that is not available */
+       if ((c != NULL) && c->valid && !IS_MASKED(c) &&
 #ifdef OPENSSL_FIPS
-        if ((c != NULL) && c->valid && !IS_MASKED(c)
-            && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
-#else
-        if ((c != NULL) && c->valid && !IS_MASKED(c))
+	(!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
 #endif
+	(!(c->algo_strength & SSL_EXPORT) || support_export))
         {
             co_list[co_list_num].cipher = c;
             co_list[co_list_num].next = NULL;