From: Wouter Wijngaards Date: Thu, 29 Oct 2015 08:32:58 +0000 (+0000) Subject: - patch from Doug Hogan for SSL_OP_NO_SSLvx options. X-Git-Tag: release-1.5.7rc1~45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ebcdeac38873987e650e104d64d12dbde331915;p=thirdparty%2Funbound.git - patch from Doug Hogan for SSL_OP_NO_SSLvx options. git-svn-id: file:///svn/unbound/trunk@3525 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/daemon/remote.c b/daemon/remote.c index c16e4e521..d533e0867 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -208,12 +208,14 @@ daemon_remote_create(struct config_file* cfg) return NULL; } /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); daemon_remote_delete(rc); return NULL; } - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ + if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); daemon_remote_delete(rc); return NULL; diff --git a/doc/Changelog b/doc/Changelog index 3e92b4dcd..be8e50326 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +29 October 2015: Wouter + - patch from Doug Hogan for SSL_OP_NO_SSLvx options. + 28 October 2015: Wouter - Fix checklock testcode for linux threads on exit. diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 571b4d0b0..8cd676ed8 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -156,10 +156,12 @@ setup_ctx(struct config_file* cfg) ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2) ssl_err("could not set SSL_OP_NO_SSLv2"); if(cfg->remote_control_use_cert) { - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3) ssl_err("could not set SSL_OP_NO_SSLv3"); if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) || !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) diff --git a/util/net_help.c b/util/net_help.c index 07605b19f..eb03cd0ae 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -619,12 +619,14 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) return NULL; } /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); SSL_CTX_free(ctx); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); SSL_CTX_free(ctx); return NULL; @@ -690,12 +692,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem) log_crypto_err("could not allocate SSL_CTX pointer"); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) { + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) + != SSL_OP_NO_SSLv2) { log_crypto_err("could not set SSL_OP_NO_SSLv2"); SSL_CTX_free(ctx); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) { + if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) + != SSL_OP_NO_SSLv3) { log_crypto_err("could not set SSL_OP_NO_SSLv3"); SSL_CTX_free(ctx); return NULL;