diff options
Diffstat (limited to 'www/lynx/files/patch-CVE-2014-3566')
| -rw-r--r-- | www/lynx/files/patch-CVE-2014-3566 | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/www/lynx/files/patch-CVE-2014-3566 b/www/lynx/files/patch-CVE-2014-3566 index f6956346cdbc..d0413210f33c 100644 --- a/www/lynx/files/patch-CVE-2014-3566 +++ b/www/lynx/files/patch-CVE-2014-3566 @@ -1,16 +1,16 @@ -Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability". - -This change has been passed upstream. - ---- WWW/Library/Implementation/HTTP.c.orig 2015-02-16 12:48:34.014809453 -0800 -+++ WWW/Library/Implementation/HTTP.c 2015-02-16 12:49:09.627395954 -0800 -@@ -119,7 +119,8 @@ +--- WWW/Library/Implementation/HTTP.c.orig 2018-08-12 12:33:30 UTC ++++ WWW/Library/Implementation/HTTP.c +@@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void) #else SSLeay_add_ssl_algorithms(); - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); -- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); -+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ -+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) { +-#ifdef SSL_OP_NO_SSLv2 +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +-#else +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); +-#endif ++ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #ifdef SSL_OP_NO_COMPRESSION - SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); #endif |