diff options
author | sjg <sjg@FreeBSD.org> | 2015-05-27 01:19:58 +0000 |
---|---|---|
committer | sjg <sjg@FreeBSD.org> | 2015-05-27 01:19:58 +0000 |
commit | 65145fa4c81da358fcbc3b650156dab705dfa34e (patch) | |
tree | 55c065b6730aaac2afb6c29933ee6ec5fa4c4249 /lib/libfetch | |
parent | 60ff4eb0dff94a04d75d0d52a3957aaaf5f8c693 (diff) | |
parent | e6b664c390af88d4a87208bc042ce503da664c3b (diff) | |
download | FreeBSD-src-65145fa4c81da358fcbc3b650156dab705dfa34e.zip FreeBSD-src-65145fa4c81da358fcbc3b650156dab705dfa34e.tar.gz |
Merge sync of head
Diffstat (limited to 'lib/libfetch')
-rw-r--r-- | lib/libfetch/Makefile | 6 | ||||
-rw-r--r-- | lib/libfetch/common.c | 4 | ||||
-rw-r--r-- | lib/libfetch/fetch.3 | 8 |
3 files changed, 5 insertions, 13 deletions
diff --git a/lib/libfetch/Makefile b/lib/libfetch/Makefile index cef5f5a..4f56552 100644 --- a/lib/libfetch/Makefile +++ b/lib/libfetch/Makefile @@ -16,11 +16,9 @@ CFLAGS+= -DINET6 .if ${MK_OPENSSL} != "no" CFLAGS+= -DWITH_SSL -DPADD= ${LIBSSL} ${LIBCRYPTO} -LDADD= -lssl -lcrypto +LIBADD+= ssl crypto .else -DPADD= ${LIBMD} -LDADD= -lmd +LIBADD+= md .endif CFLAGS+= -DFTP_COMBINE_CWDS diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index eabea2b..3095e06 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -672,9 +672,7 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) { long ssl_ctx_options; - ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET; - if (getenv("SSL_ALLOW_SSL2") == NULL) - ssl_ctx_options |= SSL_OP_NO_SSLv2; + ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET; if (getenv("SSL_ALLOW_SSL3") == NULL) ssl_ctx_options |= SSL_OP_NO_SSLv3; if (getenv("SSL_NO_TLS1") != NULL) diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3 index 5b9f0db..53a4e42 100644 --- a/lib/libfetch/fetch.3 +++ b/lib/libfetch/fetch.3 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 15, 2014 +.Dd March 25, 2015 .Dt FETCH 3 .Os .Sh NAME @@ -441,10 +441,8 @@ By default allows TLSv1 and newer when negotiating the connecting with the remote peer. You can change this behavior by setting the -.Ev SSL_ALLOW_SSL2 -and .Ev SSL_ALLOW_SSL3 -environment variables to allow SSLv2 and SSLv3, respectively, and +environment variable to allow SSLv3 and .Ev SSL_NO_TLS1 , .Ev SSL_NO_TLS1_1 and .Ev SSL_NO_TLS1_2 @@ -646,8 +644,6 @@ which proxies should not be used. Same as .Ev NO_PROXY , for compatibility. -.It Ev SSL_ALLOW_SSL2 -Allow SSL version 2 when negotiating the connection (not recommended). .It Ev SSL_ALLOW_SSL3 Allow SSL version 3 when negotiating the connection (not recommended). .It Ev SSL_CA_CERT_FILE |