- patch from Doug Hogan for SSL_OP_NO_SSLvx options.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 29 Oct 2015 08:32:58 +0000 (08:32 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 29 Oct 2015 08:32:58 +0000 (08:32 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 29 Oct 2015 08:32:58 +0000 (08:32 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 29 Oct 2015 08:32:58 +0000 (08:32 +0000)
diff --git a/daemon/remote.c b/daemon/remote.c

index c16e4e521c445a24460a8b4c64c8680fcc189ee6..d533e0867fff29129e8543474af30e1039086ae9 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -208,12 +208,14 @@ daemon_remote_create(struct config_file* cfg)
                 return NULL;
         }
         /* no SSLv2, SSLv3 because has defects */
-       if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+       if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
+               != SSL_OP_NO_SSLv2){
                 log_crypto_err("could not set SSL_OP_NO_SSLv2");
                 daemon_remote_delete(rc);
                 return NULL;
         }
-       if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
+       if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
+               != SSL_OP_NO_SSLv3){
                 log_crypto_err("could not set SSL_OP_NO_SSLv3");
                 daemon_remote_delete(rc);
                 return NULL;
diff --git a/doc/Changelog b/doc/Changelog

index 3e92b4dcd6fb15eb4135e42825055353dece25ea..be8e50326ef8552ac3a8922bfa9cd3bde4f672a3 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+29 October 2015: Wouter
+       - patch from Doug Hogan for SSL_OP_NO_SSLvx options.
+
  28 October 2015: Wouter
         - Fix checklock testcode for linux threads on exit.
  
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c

index 571b4d0b08d2da83515b042b5d00b0dae3a9a195..8cd676ed8771c4ede02bf7f30c86a16ecf05bd4a 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -156,10 +156,12 @@ setup_ctx(struct config_file* cfg)
          ctx = SSL_CTX_new(SSLv23_client_method());
         if(!ctx)
                 ssl_err("could not allocate SSL_CTX pointer");
-        if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
+        if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
+               != SSL_OP_NO_SSLv2)
                 ssl_err("could not set SSL_OP_NO_SSLv2");
          if(cfg->remote_control_use_cert) {
-               if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
+               if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
+                       != SSL_OP_NO_SSLv3)
                         ssl_err("could not set SSL_OP_NO_SSLv3");
                 if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
                     !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
diff --git a/util/net_help.c b/util/net_help.c

index 07605b19f92dea40b059ac6b02b10458d3edb473..eb03cd0ae6d26f7ab3e19723cc620b5da64c3457 100644 (file)
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -619,12 +619,14 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
                 return NULL;
         }
         /* no SSLv2, SSLv3 because has defects */
-       if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+       if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
+               != SSL_OP_NO_SSLv2){
                 log_crypto_err("could not set SSL_OP_NO_SSLv2");
                 SSL_CTX_free(ctx);
                 return NULL;
         }
-       if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){
+       if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
+               != SSL_OP_NO_SSLv3){
                 log_crypto_err("could not set SSL_OP_NO_SSLv3");
                 SSL_CTX_free(ctx);
                 return NULL;
@@ -690,12 +692,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem)
                 log_crypto_err("could not allocate SSL_CTX pointer");
                 return NULL;
         }
-       if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) {
+       if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
+               != SSL_OP_NO_SSLv2) {
                 log_crypto_err("could not set SSL_OP_NO_SSLv2");
                 SSL_CTX_free(ctx);
                 return NULL;
         }
-       if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) {
+       if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
+               != SSL_OP_NO_SSLv3) {
                 log_crypto_err("could not set SSL_OP_NO_SSLv3");
                 SSL_CTX_free(ctx);
                 return NULL;
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 29 Oct 2015 08:32:58 +0000 (08:32 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 29 Oct 2015 08:32:58 +0000 (08:32 +0000)
daemon/remote.c		patch \| blob \| blame \| history
doc/Changelog		patch \| blob \| blame \| history
smallapp/unbound-control.c		patch \| blob \| blame \| history
util/net_help.c		patch \| blob \| blame \| history