From 70d47d449ed08c488be8a7dd86f94d75ec611fe8 Mon Sep 17 00:00:00 2001 From: des Date: Sat, 16 Jan 2016 20:24:02 +0000 Subject: MFH (r280630): remove all traces of SSLv2 support MFH (r285141): remove unused variable MFH (r288217): correctly check return value from getaddrinfo(3) MFH (r289419): fix bugs in HTTPS tunnelling MFH (r289420): use fopen()'s "e" mode instead of fcntl for close-on-exec MFH (r291453, r291461): use .netrc for http servers and proxies MFH (r292330, r292332): reset bufpos to 0 after refilling in chunked mode PR: 194483 199801 193740 204771 --- lib/libfetch/common.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/libfetch/common.c') diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index eabea2b..ae8b79d 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -495,7 +495,8 @@ fetch_ssl_get_numeric_addrinfo(const char *hostname, size_t len) hints.ai_protocol = 0; hints.ai_flags = AI_NUMERICHOST; /* port is not relevant for this purpose */ - getaddrinfo(host, "443", &hints, &res); + if (getaddrinfo(host, "443", &hints, &res) != 0) + res = NULL; free(host); return res; } @@ -672,9 +673,7 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) { long ssl_ctx_options; - ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET; - if (getenv("SSL_ALLOW_SSL2") == NULL) - ssl_ctx_options |= SSL_OP_NO_SSLv2; + ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET; if (getenv("SSL_ALLOW_SSL3") == NULL) ssl_ctx_options |= SSL_OP_NO_SSLv3; if (getenv("SSL_NO_TLS1") != NULL) -- cgit v1.1