MFH (r280630): remove all traces of SSLv2 support

MFH (r285141): remove unused variable
MFH (r288217): correctly check return value from getaddrinfo(3)
MFH (r289419): fix bugs in HTTPS tunnelling
MFH (r289420): use fopen()'s "e" mode instead of fcntl for close-on-exec
MFH (r291453, r291461): use .netrc for http servers and proxies
MFH (r292330, r292332): reset bufpos to 0 after refilling in chunked mode

PR:		194483 199801 193740 204771

1 files changed, 3 insertions, 4 deletions

diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
index eabea2b..ae8b79d 100644
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@@ -495,7 +495,8 @@ fetch_ssl_get_numeric_addrinfo(const char *hostname, size_t len)
 	hints.ai_protocol = 0;
 	hints.ai_flags = AI_NUMERICHOST;
 	/* port is not relevant for this purpose */
-	getaddrinfo(host, "443", &hints, &res);
+	if (getaddrinfo(host, "443", &hints, &res) != 0)
+		res = NULL;
 	free(host);
 	return res;
 }
@@ -672,9 +673,7 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose)
 {
 	long ssl_ctx_options;
 
-	ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET;
-	if (getenv("SSL_ALLOW_SSL2") == NULL)
-		ssl_ctx_options |= SSL_OP_NO_SSLv2;
+	ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET;
 	if (getenv("SSL_ALLOW_SSL3") == NULL)
 		ssl_ctx_options |= SSL_OP_NO_SSLv3;
 	if (getenv("SSL_NO_TLS1") != NULL)