Fossil SCM

Disable the use of SSLv2 and SSLv3. Require TLS for HTTPS for security.

drh 2014-12-18 15:40 trunk merge
Commit 7a44fddd3f85902d4cef11cfcdd0fd162c6c357e
Parent 64ae69e172d6c76…
4 files changed +2 -2 +1 +1 +1
~ src/http_ssl.c ~ src/makemake.tcl ~ win/Makefile.mingw ~ win/Makefile.mingw.mistachkin
M src/http_ssl.c
+2 -2
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -99,12 +99,12 @@
9999
 SSL_library_init();
100100
 SSL_load_error_strings();
101101
 ERR_load_BIO_strings();
102102
 OpenSSL_add_all_algorithms();
103103
 sslCtx = SSL_CTX_new(SSLv23_client_method());
104
- /* Disable SSLv2 */
105
- SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2);
104
+ /* Disable SSLv2 and SSLv3 */
105
+ SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
106106
107107
 /* Set up acceptable CA root certificates */
108108
 zCaSetting = db_get("ssl-ca-location", 0);
109109
 if( zCaSetting==0 || zCaSetting[0]=='\0' ){
110110
 /* CA location not specified, use platform's default certificate store */
111111
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -99,12 +99,12 @@
99 SSL_library_init();
100 SSL_load_error_strings();
101 ERR_load_BIO_strings();
102 OpenSSL_add_all_algorithms();
103 sslCtx = SSL_CTX_new(SSLv23_client_method());
104 /* Disable SSLv2 */
105 SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2);
106
107 /* Set up acceptable CA root certificates */
108 zCaSetting = db_get("ssl-ca-location", 0);
109 if( zCaSetting==0 || zCaSetting[0]=='\0' ){
110 /* CA location not specified, use platform's default certificate store */
111
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -99,12 +99,12 @@
99 SSL_library_init();
100 SSL_load_error_strings();
101 ERR_load_BIO_strings();
102 OpenSSL_add_all_algorithms();
103 sslCtx = SSL_CTX_new(SSLv23_client_method());
104 /* Disable SSLv2 and SSLv3 */
105 SSL_CTX_set_options(sslCtx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
106
107 /* Set up acceptable CA root certificates */
108 zCaSetting = db_get("ssl-ca-location", 0);
109 if( zCaSetting==0 || zCaSetting[0]=='\0' ){
110 /* CA location not specified, use platform's default certificate store */
111
M src/makemake.tcl
+1
--- src/makemake.tcl
+++ src/makemake.tcl
@@ -548,10 +548,11 @@
548548
 SSLCONFIG = mingw64
549549
 ZLIBCONFIG =
550550
 LIBTARGETS =
551551
 endif
552552
553
+SSLCONFIG += no-ssl2 no-ssl3 no-shared
553554
 ifndef FOSSIL_ENABLE_MINIZ
554555
 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
555556
 endif
556557
557558
 #### The directories where the OpenSSL include and library files are located.
558559
--- src/makemake.tcl
+++ src/makemake.tcl
@@ -548,10 +548,11 @@
548 SSLCONFIG = mingw64
549 ZLIBCONFIG =
550 LIBTARGETS =
551 endif
552
 
553 ifndef FOSSIL_ENABLE_MINIZ
554 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
555 endif
556
557 #### The directories where the OpenSSL include and library files are located.
558
--- src/makemake.tcl
+++ src/makemake.tcl
@@ -548,10 +548,11 @@
548 SSLCONFIG = mingw64
549 ZLIBCONFIG =
550 LIBTARGETS =
551 endif
552
553 SSLCONFIG += no-ssl2 no-ssl3 no-shared
554 ifndef FOSSIL_ENABLE_MINIZ
555 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
556 endif
557
558 #### The directories where the OpenSSL include and library files are located.
559
M win/Makefile.mingw
+1
--- win/Makefile.mingw
+++ win/Makefile.mingw
@@ -121,10 +121,11 @@
121121
 SSLCONFIG = mingw64
122122
 ZLIBCONFIG =
123123
 LIBTARGETS =
124124
 endif
125125
126
+SSLCONFIG += no-ssl2 no-ssl3 no-shared
126127
 ifndef FOSSIL_ENABLE_MINIZ
127128
 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
128129
 endif
129130
130131
 #### The directories where the OpenSSL include and library files are located.
131132
--- win/Makefile.mingw
+++ win/Makefile.mingw
@@ -121,10 +121,11 @@
121 SSLCONFIG = mingw64
122 ZLIBCONFIG =
123 LIBTARGETS =
124 endif
125
 
126 ifndef FOSSIL_ENABLE_MINIZ
127 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
128 endif
129
130 #### The directories where the OpenSSL include and library files are located.
131
--- win/Makefile.mingw
+++ win/Makefile.mingw
@@ -121,10 +121,11 @@
121 SSLCONFIG = mingw64
122 ZLIBCONFIG =
123 LIBTARGETS =
124 endif
125
126 SSLCONFIG += no-ssl2 no-ssl3 no-shared
127 ifndef FOSSIL_ENABLE_MINIZ
128 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
129 endif
130
131 #### The directories where the OpenSSL include and library files are located.
132
M win/Makefile.mingw.mistachkin
+1
--- win/Makefile.mingw.mistachkin
+++ win/Makefile.mingw.mistachkin
@@ -121,10 +121,11 @@
121121
 SSLCONFIG = mingw64
122122
 ZLIBCONFIG =
123123
 LIBTARGETS =
124124
 endif
125125
126
+SSLCONFIG += no-ssl2 no-ssl3 no-shared
126127
 ifndef FOSSIL_ENABLE_MINIZ
127128
 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
128129
 endif
129130
130131
 #### The directories where the OpenSSL include and library files are located.
131132
--- win/Makefile.mingw.mistachkin
+++ win/Makefile.mingw.mistachkin
@@ -121,10 +121,11 @@
121 SSLCONFIG = mingw64
122 ZLIBCONFIG =
123 LIBTARGETS =
124 endif
125
 
126 ifndef FOSSIL_ENABLE_MINIZ
127 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
128 endif
129
130 #### The directories where the OpenSSL include and library files are located.
131
--- win/Makefile.mingw.mistachkin
+++ win/Makefile.mingw.mistachkin
@@ -121,10 +121,11 @@
121 SSLCONFIG = mingw64
122 ZLIBCONFIG =
123 LIBTARGETS =
124 endif
125
126 SSLCONFIG += no-ssl2 no-ssl3 no-shared
127 ifndef FOSSIL_ENABLE_MINIZ
128 SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
129 endif
130
131 #### The directories where the OpenSSL include and library files are located.
132

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button