svn commit: r280306 - in head: secure/lib/libcrypto secure/lib/libssl sys/sys

Philip M. Gollucci pgollucci at p6m7g8.com
Mon Mar 23 15:43:55 UTC 2015 

What about SSLv3 due to POODLE ?

On Fri, Mar 20, 2015 at 7:48 PM, Jung-uk Kim <jkim at freebsd.org> wrote:

> Author: jkim
> Date: Fri Mar 20 23:48:11 2015
> New Revision: 280306
> URL: https://svnweb.freebsd.org/changeset/base/280306
>
> Log:
>   Disable insecure SSLv2 support from the base OpenSSL.
>
>   Differential Revision:        https://reviews.freebsd.org/D1304
>
> Modified:
>   head/secure/lib/libcrypto/opensslconf-arm.h
>   head/secure/lib/libcrypto/opensslconf-mips.h
>   head/secure/lib/libcrypto/opensslconf-powerpc.h
>   head/secure/lib/libcrypto/opensslconf-sparc64.h
>   head/secure/lib/libcrypto/opensslconf-x86.h
>   head/secure/lib/libssl/Makefile
>   head/sys/sys/param.h
>
> Modified: head/secure/lib/libcrypto/opensslconf-arm.h
>
> ==============================================================================
> --- head/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 20 21:56:48 2015
>       (r280305)
> +++ head/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 20 23:48:11 2015
>       (r280306)
> @@ -27,6 +27,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_SCTP
>  # define OPENSSL_NO_SCTP
>  #endif
> +#ifndef OPENSSL_NO_SSL2
> +# define OPENSSL_NO_SSL2
> +#endif
>  #ifndef OPENSSL_NO_STORE
>  # define OPENSSL_NO_STORE
>  #endif
> @@ -69,6 +72,9 @@ extern "C" {
>  # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
>  #  define NO_SCTP
>  # endif
> +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
> +#  define NO_SSL2
> +# endif
>  # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
>  #  define NO_STORE
>  # endif
>
> Modified: head/secure/lib/libcrypto/opensslconf-mips.h
>
> ==============================================================================
> --- head/secure/lib/libcrypto/opensslconf-mips.h        Fri Mar 20
> 21:56:48 2015        (r280305)
> +++ head/secure/lib/libcrypto/opensslconf-mips.h        Fri Mar 20
> 23:48:11 2015        (r280306)
> @@ -27,6 +27,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_SCTP
>  # define OPENSSL_NO_SCTP
>  #endif
> +#ifndef OPENSSL_NO_SSL2
> +# define OPENSSL_NO_SSL2
> +#endif
>  #ifndef OPENSSL_NO_STORE
>  # define OPENSSL_NO_STORE
>  #endif
> @@ -69,6 +72,9 @@ extern "C" {
>  # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
>  #  define NO_SCTP
>  # endif
> +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
> +#  define NO_SSL2
> +# endif
>  # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
>  #  define NO_STORE
>  # endif
>
> Modified: head/secure/lib/libcrypto/opensslconf-powerpc.h
>
> ==============================================================================
> --- head/secure/lib/libcrypto/opensslconf-powerpc.h     Fri Mar 20
> 21:56:48 2015        (r280305)
> +++ head/secure/lib/libcrypto/opensslconf-powerpc.h     Fri Mar 20
> 23:48:11 2015        (r280306)
> @@ -27,6 +27,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_SCTP
>  # define OPENSSL_NO_SCTP
>  #endif
> +#ifndef OPENSSL_NO_SSL2
> +# define OPENSSL_NO_SSL2
> +#endif
>  #ifndef OPENSSL_NO_STORE
>  # define OPENSSL_NO_STORE
>  #endif
> @@ -69,6 +72,9 @@ extern "C" {
>  # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
>  #  define NO_SCTP
>  # endif
> +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
> +#  define NO_SSL2
> +# endif
>  # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
>  #  define NO_STORE
>  # endif
>
> Modified: head/secure/lib/libcrypto/opensslconf-sparc64.h
>
> ==============================================================================
> --- head/secure/lib/libcrypto/opensslconf-sparc64.h     Fri Mar 20
> 21:56:48 2015        (r280305)
> +++ head/secure/lib/libcrypto/opensslconf-sparc64.h     Fri Mar 20
> 23:48:11 2015        (r280306)
> @@ -27,6 +27,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_SCTP
>  # define OPENSSL_NO_SCTP
>  #endif
> +#ifndef OPENSSL_NO_SSL2
> +# define OPENSSL_NO_SSL2
> +#endif
>  #ifndef OPENSSL_NO_STORE
>  # define OPENSSL_NO_STORE
>  #endif
> @@ -69,6 +72,9 @@ extern "C" {
>  # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
>  #  define NO_SCTP
>  # endif
> +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
> +#  define NO_SSL2
> +# endif
>  # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
>  #  define NO_STORE
>  # endif
>
> Modified: head/secure/lib/libcrypto/opensslconf-x86.h
>
> ==============================================================================
> --- head/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 20 21:56:48 2015
>       (r280305)
> +++ head/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 20 23:48:11 2015
>       (r280306)
> @@ -27,6 +27,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_SCTP
>  # define OPENSSL_NO_SCTP
>  #endif
> +#ifndef OPENSSL_NO_SSL2
> +# define OPENSSL_NO_SSL2
> +#endif
>  #ifndef OPENSSL_NO_STORE
>  # define OPENSSL_NO_STORE
>  #endif
> @@ -66,6 +69,9 @@ extern "C" {
>  # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
>  #  define NO_SCTP
>  # endif
> +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
> +#  define NO_SSL2
> +# endif
>  # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
>  #  define NO_STORE
>  # endif
>
> Modified: head/secure/lib/libssl/Makefile
>
> ==============================================================================
> --- head/secure/lib/libssl/Makefile     Fri Mar 20 21:56:48 2015
> (r280305)
> +++ head/secure/lib/libssl/Makefile     Fri Mar 20 23:48:11 2015
> (r280306)
> @@ -12,11 +12,11 @@ NO_LINT=
>
>  SRCS=  bio_ssl.c d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c
> \
>         d1_srtp.c d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c \
> -       s23_srvr.c s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c
> s2_srvr.c \
> -       s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
> -       s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \
> -       ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \
> -       t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
> tls_srp.c
> +       s23_srvr.c s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c
> s3_meth.c \
> +       s3_pkt.c s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
> +       ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
> +       ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c
> t1_srvr.c \
> +       tls_srp.c
>
>  INCS=  dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
>  INCSDIR=${INCLUDEDIR}/openssl
>
> Modified: head/sys/sys/param.h
>
> ==============================================================================
> --- head/sys/sys/param.h        Fri Mar 20 21:56:48 2015        (r280305)
> +++ head/sys/sys/param.h        Fri Mar 20 23:48:11 2015        (r280306)
> @@ -58,7 +58,7 @@
>   *             in the range 5 to 9.
>   */
>  #undef __FreeBSD_version
> -#define __FreeBSD_version 1100065      /* Master, propagated to newvers */
> +#define __FreeBSD_version 1100066      /* Master, propagated to newvers */
>
>  /*
>   * __FreeBSD_kernel__ indicates that this system uses the kernel of
> FreeBSD,
> _______________________________________________
> svn-src-all at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-all
> To unsubscribe, send any mail to "svn-src-all-unsubscribe at freebsd.org"
>



-- 
---------------------------------------------------------------------------------
Curb: Your ride is here
4096R/D1EAB94D 2081 E230 3001 6508 8847  1BBF A0A8 DB0F D1EA B94D
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
Member,                           Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. Director IT Operations,       Curb

What doesn't kill us can only make us stronger;
Except it almost kills you.

More information about the svn-src-head mailing list