Merge sync of head

3 files changed, 5 insertions, 13 deletions

diff --git a/lib/libfetch/Makefile b/lib/libfetch/Makefile
index cef5f5a..4f56552 100644
--- a/lib/libfetch/Makefile
+++ b/lib/libfetch/Makefile
@@ -16,11 +16,9 @@ CFLAGS+=	-DINET6
 
 .if ${MK_OPENSSL} != "no"
 CFLAGS+=	-DWITH_SSL
-DPADD=		${LIBSSL} ${LIBCRYPTO}
-LDADD=		-lssl -lcrypto
+LIBADD+=	ssl crypto
 .else
-DPADD=		${LIBMD}
-LDADD=		-lmd
+LIBADD+=	md
 .endif
 
 CFLAGS+=	-DFTP_COMBINE_CWDS
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
index eabea2b..3095e06 100644
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@@ -672,9 +672,7 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose)
 {
 	long ssl_ctx_options;
 
-	ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET;
-	if (getenv("SSL_ALLOW_SSL2") == NULL)
-		ssl_ctx_options |= SSL_OP_NO_SSLv2;
+	ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET;
 	if (getenv("SSL_ALLOW_SSL3") == NULL)
 		ssl_ctx_options |= SSL_OP_NO_SSLv3;
 	if (getenv("SSL_NO_TLS1") != NULL)
diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3
index 5b9f0db..53a4e42 100644
--- a/lib/libfetch/fetch.3
+++ b/lib/libfetch/fetch.3
@@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 15, 2014
+.Dd March 25, 2015
 .Dt FETCH 3
 .Os
 .Sh NAME
@@ -441,10 +441,8 @@ By default
 allows TLSv1 and newer when negotiating the connecting with the remote
 peer.
 You can change this behavior by setting the
-.Ev SSL_ALLOW_SSL2
-and
 .Ev SSL_ALLOW_SSL3
-environment variables to allow SSLv2 and SSLv3, respectively, and
+environment variable to allow SSLv3 and
 .Ev SSL_NO_TLS1 ,
 .Ev SSL_NO_TLS1_1 and
 .Ev SSL_NO_TLS1_2
@@ -646,8 +644,6 @@ which proxies should not be used.
 Same as
 .Ev NO_PROXY ,
 for compatibility.
-.It Ev SSL_ALLOW_SSL2
-Allow SSL version 2 when negotiating the connection (not recommended).
 .It Ev SSL_ALLOW_SSL3
 Allow SSL version 3 when negotiating the connection (not recommended).
 .It Ev SSL_CA_CERT_FILE