From 98a5192ef2f3cde9b9c6867f69f3a400f3c62ec5 Mon Sep 17 00:00:00 2001
From: Erik Kapfer <erik.kapfer@ipfire.org>
Date: Mon, 12 Jan 2015 12:17:43 +0100
Subject: [PATCH] openssl: Disable SSLv2 and SSLv3.

Fixes #10712.
---
 lfs/crda                                      |  1 +
 lfs/openssl                                   |  2 ++
 .../crda-3.13-crypto_use_optional.patch       | 22 +++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 src/patches/crda-3.13-crypto_use_optional.patch

diff --git a/lfs/crda b/lfs/crda
index 8bee2584ba..2b1aff8162 100644
--- a/lfs/crda
+++ b/lfs/crda
@@ -71,6 +71,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/crda-3.13-crypto_use_optional.patch
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	@rm -rf $(DIR_APP)
diff --git a/lfs/openssl b/lfs/openssl
index eae2c6e53a..82f26bd25c 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -105,6 +105,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		no-mdc2 \
 		no-rc5 \
 		no-srp \
+		no-ssl2 \
+		no-ssl3 \
 		$(CONFIGURE_ARGS) \
 		-DSSL_FORBID_ENULL \
 		-DHAVE_CRYPTODEV \
diff --git a/src/patches/crda-3.13-crypto_use_optional.patch b/src/patches/crda-3.13-crypto_use_optional.patch
new file mode 100644
index 0000000000..56ad6b7684
--- /dev/null
+++ b/src/patches/crda-3.13-crypto_use_optional.patch
@@ -0,0 +1,22 @@
+Submitted By: hauke from OpenWRT
+Date: 2009-04-17
+Initial Package Version: 1.0.2
+Origin: https://dev.openwrt.org/changeset/15405/trunk/package/crda/patches/101-make_crypto_use_optional.patch
+Description: The patch was modified for version crda-3.13 by Erik Kapfer <erik.kapfer@ipfire.org>..
+This patch provides the following improvements:
+    * Crypto usage is optional.
+
+diff -Nur crda-3.13.orig/Makefile crda-3.13/Makefile
+--- crda-3.13.orig/Makefile	2015-01-12 07:55:08.791183765 +0100
++++ crda-3.13/Makefile	2015-01-12 07:56:35.437381029 +0100
+@@ -43,7 +43,9 @@
+ 
+ $(LIBREG): keys-ssl.c
+ 
+-else
++endif
++
++ifeq ($(USE_GCRYPT),1)
+ CFLAGS += -DUSE_GCRYPT
+ LDLIBS += -lgcrypt
+ 
-- 
2.39.5