From af1ea28464a6bb9b15c979568725ac929f053a6b Mon Sep 17 00:00:00 2001
From: joerg <joerg@pkgsrc.org>
Date: Tue, 29 Mar 2016 22:01:13 +0000
Subject: [PATCH] Unconditionally remove SSLv2 support. Bump revision.

---
 net/pen/Makefile            |  4 ++--
 net/pen/distinfo            |  4 ++--
 net/pen/patches/patch-pen.c | 37 ++++++++++++++++++-------------------
 3 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/net/pen/Makefile b/net/pen/Makefile
index 4efe5c84915b..0b972d4d6e77 100644
--- a/net/pen/Makefile
+++ b/net/pen/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2016/03/05 11:29:10 jperkin Exp $
+# $NetBSD: Makefile,v 1.20 2016/03/29 22:01:13 joerg Exp $
 
 DISTNAME=	pen-0.17.2
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	net
 MASTER_SITES=	http://siag.nu/pub/pen/
 
diff --git a/net/pen/distinfo b/net/pen/distinfo
index 5b501a1f0ab0..62b1acd3e531 100644
--- a/net/pen/distinfo
+++ b/net/pen/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.11 2016/03/29 21:46:48 khorben Exp $
+$NetBSD: distinfo,v 1.12 2016/03/29 22:01:13 joerg Exp $
 
 SHA1 (pen-0.17.2.tar.gz) = 7277259c552b659ece6fef1d4bc55ca9fd927488
 RMD160 (pen-0.17.2.tar.gz) = 3e7152cad72f3893c171db8e1c85cae37418aeb6
 SHA512 (pen-0.17.2.tar.gz) = c84057ab6226f84cc3f024cf25bfb941be297fff42b2d027ad738ea8e7aaa88fec18668152c8dc283b19c93cd8ef8766430ef865d75a701dc1117148751e200a
 Size (pen-0.17.2.tar.gz) = 129285 bytes
-SHA1 (patch-pen.c) = 1ece0ea00a12c5c1b3d31942e2d2fce6e3e2bf6f
+SHA1 (patch-pen.c) = 6c5315d429d26577ebdb9689ff71d9b4512f63ea
diff --git a/net/pen/patches/patch-pen.c b/net/pen/patches/patch-pen.c
index 476bd0287ff6..380bb4c9571b 100644
--- a/net/pen/patches/patch-pen.c
+++ b/net/pen/patches/patch-pen.c
@@ -1,40 +1,39 @@
-$NetBSD: patch-pen.c,v 1.1 2016/03/29 21:46:48 khorben Exp $
+$NetBSD: patch-pen.c,v 1.2 2016/03/29 22:01:13 joerg Exp $
 
-Fix build without support for SSLv2
-
---- pen.c.orig	2007-09-12 06:26:31.000000000 +0000
+--- pen.c.orig	2016-03-28 18:32:43.989295691 +0000
 +++ pen.c
-@@ -56,7 +56,9 @@
+@@ -56,7 +56,6 @@
  #include <openssl/err.h>
  
  #define SRV_SSL_V23 0
 -#define SRV_SSL_V2 1
-+#ifndef OPENSSL_NO_SSL2
-+# define SRV_SSL_V2 1
-+#endif
  #define SRV_SSL_V3 2
  #define SRV_SSL_TLS1 3
  
-@@ -327,9 +329,11 @@ static int ssl_init(void)
+@@ -327,9 +326,6 @@ static int ssl_init(void)
  	SSL_load_error_strings();
  	SSLeay_add_ssl_algorithms();
  	switch (ssl_protocol) {
-+#ifndef OPENSSL_NO_SSL2
- 	case SRV_SSL_V2:
- 		ssl_context = SSL_CTX_new(SSLv2_method());
- 		break;
-+#endif
+-	case SRV_SSL_V2:
+-		ssl_context = SSL_CTX_new(SSLv2_method());
+-		break;
  	case SRV_SSL_V3:
  		ssl_context = SSL_CTX_new(SSLv3_method());
  		break;
-@@ -2625,8 +2629,10 @@ static int options(int argc, char **argv
+@@ -346,6 +342,7 @@ static int ssl_init(void)
+ 		error("SSL: Error allocating context: %s",
+ 			ERR_error_string(err, NULL));
+ 	}
++	SSL_CTX_set_options(ssl_context, SSL_OP_NO_SSLv2);
+ 	if (ssl_compat) {
+ 		SSL_CTX_set_options(ssl_context, SSL_OP_ALL);
+ 	}
+@@ -2625,8 +2622,6 @@ static int options(int argc, char **argv
  		case 'L':
  			if (strcmp(optarg, "ssl23") == 0)
  				ssl_protocol = SRV_SSL_V23;
-+#ifndef OPENSSL_NO_SSL2
- 			else if (strcmp(optarg, "ssl2") == 0)
- 				ssl_protocol = SRV_SSL_V2;
-+#endif
+-			else if (strcmp(optarg, "ssl2") == 0)
+-				ssl_protocol = SRV_SSL_V2;
  			else if (strcmp(optarg, "ssl3") == 0)
  				ssl_protocol = SRV_SSL_V3;
  			else if (strcmp(optarg, "tls1") == 0)