summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
5a3d8ee)
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.
When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.
We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
{
$disabled{"tls1"} = "option(tls)"
}
{
$disabled{"tls1"} = "option(tls)"
}
+ elsif ($1 eq "ssl3-method")
+ {
+ $disabled{"ssl3-method"} = "option(ssl)";
+ $disabled{"ssl3"} = "option(ssl)";
+ }
else
{
$disabled{$1} = "option";
else
{
$disabled{$1} = "option";
BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
#endif
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
#endif
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
#endif
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
#endif
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
else if (strcmp(*argv,"-ssl2") == 0)
{ meth=SSLv2_server_method(); }
#endif
else if (strcmp(*argv,"-ssl2") == 0)
{ meth=SSLv2_server_method(); }
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
{ meth=SSLv3_server_method(); }
#endif
else if (strcmp(*argv,"-ssl3") == 0)
{ meth=SSLv3_server_method(); }
#endif
#include <openssl/engine.h>
#endif
#include <openssl/engine.h>
#endif
-static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
ssl_undefined_function,
ssl3_connect,
ssl3_get_client_method)
ssl_undefined_function,
ssl3_connect,
ssl3_get_client_method)
int ssl3_connect(SSL *s)
{
int ssl3_connect(SSL *s)
{
#include <openssl/objects.h>
#include "ssl_locl.h"
#include <openssl/objects.h>
#include "ssl_locl.h"
-static const SSL_METHOD *ssl3_get_method(int ver);
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_method(int ver)
{
if (ver == SSL3_VERSION)
static const SSL_METHOD *ssl3_get_method(int ver)
{
if (ver == SSL3_VERSION)
ssl3_accept,
ssl3_connect,
ssl3_get_method)
ssl3_accept,
ssl3_connect,
ssl3_get_method)
#endif
#include <openssl/md5.h>
#endif
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_server_method(int ver);
static const SSL_METHOD *ssl3_get_server_method(int ver)
static const SSL_METHOD *ssl3_get_server_method(int ver);
static const SSL_METHOD *ssl3_get_server_method(int ver)
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+ ssl3_accept,
+ ssl_undefined_function,
+ ssl3_get_server_method)
+#endif
+
#ifndef OPENSSL_NO_SRP
static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
{
#ifndef OPENSSL_NO_SRP
static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
{
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
- ssl3_accept,
- ssl_undefined_function,
- ssl3_get_server_method)
-
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
#endif
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
#ifndef OPENSSL_NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
#ifndef OPENSSL_NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr," -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
fprintf(stderr," -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
}
else if (strcmp(*argv,"-ssl3") == 0)
{
}
else if (strcmp(*argv,"-ssl3") == 0)
{
+#ifdef OPENSSL_NO_SSL3_METHOD
no_protocol = 1;
#endif
ssl3 = 1;
no_protocol = 1;
#endif
ssl3 = 1;
+# Options picked up from the OPTIONS line in the top level Makefile
+# generated by Configure.
+
sub read_options
{
# Many options are handled in a similar way. In particular
# no-xxx sets zero or more scalars to 1.
sub read_options
{
# Many options are handled in a similar way. In particular
# no-xxx sets zero or more scalars to 1.
- # Process these using a hash containing the option name and
- # reference to the scalars to set.
+ # Process these using the %valid_options hash containing the option
+ # name and reference to the scalars to set. In some cases the option
+ # needs no special handling and can be ignored: this is done by
+ # setting the value to 0.
my %valid_options = (
"no-rc2" => \$no_rc2,
my %valid_options = (
"no-rc2" => \$no_rc2,
"gaswin" => \$gaswin,
"no-ssl2" => \$no_ssl2,
"no-ssl3" => \$no_ssl3,
"gaswin" => \$gaswin,
"no-ssl2" => \$no_ssl2,
"no-ssl3" => \$no_ssl3,
"no-tlsext" => \$no_tlsext,
"no-srp" => \$no_srp,
"no-cms" => \$no_cms,
"no-tlsext" => \$no_tlsext,
"no-srp" => \$no_srp,
"no-cms" => \$no_cms,
"CAPIENG",
# SSL v2
"SSL2",
"CAPIENG",
# SSL v2
"SSL2",
+ # SSL v3 method
+ "SSL3_METHOD",
# JPAKE
"JPAKE",
# NEXTPROTONEG
# JPAKE
"JPAKE",
# NEXTPROTONEG
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
+my $no_unit_test; my $no_ssl3_method;
elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; }
elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; }
elsif (/^no-ssl2$/) { $no_ssl2=1; }
elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; }
elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; }
elsif (/^no-ssl2$/) { $no_ssl2=1; }
+ elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; }
elsif (/^no-capieng$/) { $no_capieng=1; }
elsif (/^no-jpake$/) { $no_jpake=1; }
elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; }
elsif (/^no-capieng$/) { $no_capieng=1; }
elsif (/^no-jpake$/) { $no_jpake=1; }
if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
+ if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; }
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; }
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2
SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2
SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2
SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2
SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2
SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2
-SSLv3_client_method 116 EXIST::FUNCTION:
-SSLv3_method 117 EXIST::FUNCTION:
-SSLv3_server_method 118 EXIST::FUNCTION:
+SSLv3_client_method 116 EXIST::FUNCTION:SSL3_METHOD
+SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD
+SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD
d2i_SSL_SESSION 119 EXIST::FUNCTION:
i2d_SSL_SESSION 120 EXIST::FUNCTION:
BIO_f_ssl 121 EXIST::FUNCTION:BIO
d2i_SSL_SESSION 119 EXIST::FUNCTION:
i2d_SSL_SESSION 120 EXIST::FUNCTION:
BIO_f_ssl 121 EXIST::FUNCTION:BIO
projects / openssl.git / commitdiff