pkgsrc/www/lhs/patches/patch-ac
2021-04-13 10:26:57 +00:00

90 lines
2.6 KiB
Text

$NetBSD: patch-ac,v 1.5 2021/04/13 10:26:57 nia Exp $
* Include sys/filio.h for FIONBIO etc.
* Drop SSLv2 support
* Add TLSv1 support
--- lhs.c.orig 2001-02-27 17:37:10.000000000 +0000
+++ lhs.c
@@ -25,6 +25,9 @@
#include <openssl/err.h>
#endif
#include "lhs.h"
+#if defined (__sun)
+#include <sys/filio.h>
+#endif
#define debug(x...) { if (verbose) printf(x); }
@@ -467,12 +470,10 @@ int init_ssl()
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
- if (ssl_protocol == SSL2_VERSION)
- ctx = SSL_CTX_new(SSLv2_method());
- else {
- ctx = SSL_CTX_new(SSLv23_method());
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
- }
+ ctx = SSL_CTX_new(SSLv23_method());
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+ if (ssl_protocol == TLS1_VERSION)
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
if (!ctx) {
fprintf(stderr, "SSL_CTX_new failed.\n");
return 0;
@@ -511,13 +512,13 @@ SSL *init_ssl_socket(int sock)
return NULL;
}
// SSL_set_session_id_context(ssl,AppContext,sizeof(AppContext));
- switch(ssl->session->ssl_version) {
- case SSL2_VERSION:
- debug("ssl2\n");
- break;
+ switch(SSL_SESSION_get_protocol_version(SSL_get_session(ssl))) {
case SSL3_VERSION:
debug("ssl3\n");
break;
+ case TLS1_VERSION:
+ debug("tls3\n");
+ break;
default:
debug("nieznany standard szyfrowania\n");
}
@@ -536,14 +537,14 @@ SSL *init_ssl_socket(int sock)
return ssl;
}
-inline int my_read(int fd, char *buf, int size, void *ssl)
+int my_read(int fd, char *buf, int size, void *ssl)
{
return (!ssl) ?
read(fd, buf, size) :
SSL_read((SSL*) ssl, buf, size);
}
-inline int my_write(int fd, char *buf, int size, void *ssl)
+int my_write(int fd, char *buf, int size, void *ssl)
{
int res, one;
@@ -592,7 +593,7 @@ void usage(char *a0)
" -s version set SSL protocol version (default: SSLv2)\n"
" -c filename load certificate file (default: lhs.pem)\n"
#endif
-" -r path set server's root directory (default: /home/httpd/html)\n"
+" -r path set server's root directory (default: " DEFAULT_ROOT_DIR ")\n"
" -u user switch to other user after startup\n"
" -g group change gid to other than user's\n"
" -m socks set number of sockets (default: 50, min: 3)\n"
@@ -633,8 +634,8 @@ int main(int argc, char **argv)
cert_file = optarg;
break;
case 's':
- if (!strcasecmp(optarg, "ssl2") || !strcasecmp(optarg, "sslv2"))
- ssl_protocol = SSL2_VERSION;
+ if (!strcasecmp(optarg, "tls1") || !strcasecmp(optarg, "tls1"))
+ ssl_protocol = TLS1_VERSION;
else if (!strcasecmp(optarg, "ssl3") || !strcasecmp(optarg, "sslv3"))
ssl_protocol = SSL3_VERSION;
else {