Merge remote-tracking branch 'origin/stable/10' into devel

author: Renato Botelho <renato@netgate.com> 2016-01-25 08:56:15 -0200
committer: Renato Botelho <renato@netgate.com> 2016-01-25 08:56:15 -0200
commit: eb84e0723f3b4bc5e40024f66fe21c14b09e9ec4 (patch)
tree: fec6b99d018e13f1fccbe31478aaf29a28a55642 /lib/libfetch/common.c
parent: c50df8e1b90c4f9b8bbffa592477c129854776ce (diff)
parent: 94b1bbbd44bd88b6db1c00d795cdf7675b3ae254 (diff)
download: FreeBSD-src-eb84e0723f3b4bc5e40024f66fe21c14b09e9ec4.zip
FreeBSD-src-eb84e0723f3b4bc5e40024f66fe21c14b09e9ec4.tar.gz
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
index eabea2b..ae8b79d 100644
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@@ -495,7 +495,8 @@ fetch_ssl_get_numeric_addrinfo(const char *hostname, size_t len)
 	hints.ai_protocol = 0;
 	hints.ai_flags = AI_NUMERICHOST;
 	/* port is not relevant for this purpose */
-	getaddrinfo(host, "443", &hints, &res);
+	if (getaddrinfo(host, "443", &hints, &res) != 0)
+		res = NULL;
 	free(host);
 	return res;
 }
@@ -672,9 +673,7 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose)
 {
 	long ssl_ctx_options;
 
-	ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET;
-	if (getenv("SSL_ALLOW_SSL2") == NULL)
-		ssl_ctx_options |= SSL_OP_NO_SSLv2;
+	ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET;
 	if (getenv("SSL_ALLOW_SSL3") == NULL)
 		ssl_ctx_options |= SSL_OP_NO_SSLv3;
 	if (getenv("SSL_NO_TLS1") != NULL)
author	Renato Botelho <renato@netgate.com>	2016-01-25 08:56:15 -0200
committer	Renato Botelho <renato@netgate.com>	2016-01-25 08:56:15 -0200
commit	eb84e0723f3b4bc5e40024f66fe21c14b09e9ec4 (patch)
tree	fec6b99d018e13f1fccbe31478aaf29a28a55642 /lib/libfetch/common.c
parent	c50df8e1b90c4f9b8bbffa592477c129854776ce (diff)
parent	94b1bbbd44bd88b6db1c00d795cdf7675b3ae254 (diff)
download	FreeBSD-src-eb84e0723f3b4bc5e40024f66fe21c14b09e9ec4.zip FreeBSD-src-eb84e0723f3b4bc5e40024f66fe21c14b09e9ec4.tar.gz