diff options
| author | jkim <jkim@FreeBSD.org> | 2015-03-20 23:48:11 +0000 |
|---|---|---|
| committer | jkim <jkim@FreeBSD.org> | 2015-03-20 23:48:11 +0000 |
| commit | 12306eec455d08caa711ae842e084a192d0088b2 (patch) | |
| tree | 17483b2fda113c9e87518cd56c9745433f32f335 | |
| parent | f824cda4b81367d7a0a4012bb6f2ae7c2c06b0ef (diff) | |
| download | FreeBSD-src-12306eec455d08caa711ae842e084a192d0088b2.zip FreeBSD-src-12306eec455d08caa711ae842e084a192d0088b2.tar.gz | |
Disable insecure SSLv2 support from the base OpenSSL.
Differential Revision: https://reviews.freebsd.org/D1304
| -rw-r--r-- | secure/lib/libcrypto/opensslconf-arm.h | 6 | ||||
| -rw-r--r-- | secure/lib/libcrypto/opensslconf-mips.h | 6 | ||||
| -rw-r--r-- | secure/lib/libcrypto/opensslconf-powerpc.h | 6 | ||||
| -rw-r--r-- | secure/lib/libcrypto/opensslconf-sparc64.h | 6 | ||||
| -rw-r--r-- | secure/lib/libcrypto/opensslconf-x86.h | 6 | ||||
| -rw-r--r-- | secure/lib/libssl/Makefile | 10 | ||||
| -rw-r--r-- | sys/sys/param.h | 2 |
7 files changed, 36 insertions, 6 deletions
diff --git a/secure/lib/libcrypto/opensslconf-arm.h b/secure/lib/libcrypto/opensslconf-arm.h index 57a7b61..4ddfe82 100644 --- a/secure/lib/libcrypto/opensslconf-arm.h +++ b/secure/lib/libcrypto/opensslconf-arm.h @@ -27,6 +27,9 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -69,6 +72,9 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif diff --git a/secure/lib/libcrypto/opensslconf-mips.h b/secure/lib/libcrypto/opensslconf-mips.h index 3b2cbdc..b55557e 100644 --- a/secure/lib/libcrypto/opensslconf-mips.h +++ b/secure/lib/libcrypto/opensslconf-mips.h @@ -27,6 +27,9 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -69,6 +72,9 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif diff --git a/secure/lib/libcrypto/opensslconf-powerpc.h b/secure/lib/libcrypto/opensslconf-powerpc.h index e82d803..341daa2 100644 --- a/secure/lib/libcrypto/opensslconf-powerpc.h +++ b/secure/lib/libcrypto/opensslconf-powerpc.h @@ -27,6 +27,9 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -69,6 +72,9 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif diff --git a/secure/lib/libcrypto/opensslconf-sparc64.h b/secure/lib/libcrypto/opensslconf-sparc64.h index 8183edc..23abf0c 100644 --- a/secure/lib/libcrypto/opensslconf-sparc64.h +++ b/secure/lib/libcrypto/opensslconf-sparc64.h @@ -27,6 +27,9 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -69,6 +72,9 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif diff --git a/secure/lib/libcrypto/opensslconf-x86.h b/secure/lib/libcrypto/opensslconf-x86.h index a3f2060..ed3ee20 100644 --- a/secure/lib/libcrypto/opensslconf-x86.h +++ b/secure/lib/libcrypto/opensslconf-x86.h @@ -27,6 +27,9 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif +#ifndef OPENSSL_NO_SSL2 +# define OPENSSL_NO_SSL2 +#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -66,6 +69,9 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) +# define NO_SSL2 +# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index b39858f..271c0ce 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -12,11 +12,11 @@ NO_LINT= SRCS= bio_ssl.c d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c \ d1_srtp.c d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c \ - s23_srvr.c s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ - s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ - s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \ - ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \ - t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c tls_srp.c + s23_srvr.c s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \ + s3_pkt.c s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ + ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c \ + tls_srp.c INCS= dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h INCSDIR=${INCLUDEDIR}/openssl diff --git a/sys/sys/param.h b/sys/sys/param.h index 3a13002..925c584 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1100065 /* Master, propagated to newvers */ +#define __FreeBSD_version 1100066 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, |
