net/bro SSLv3

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

net/bro SSLv3

Stuart Henderson-6
Is anyone using bro, could you try this please? This SSL use is going to
be broken as-is anyway because SSLv3 is disabled (just not removed).


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/bro/Makefile,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile
--- Makefile 18 Jun 2015 07:25:44 -0000 1.12
+++ Makefile 18 Jul 2015 19:38:31 -0000
@@ -6,7 +6,7 @@ V= 1.4
 DISTNAME= bro-${V}-release
 PKGNAME= bro-${V}
 
-REVISION= 4
+REVISION= 5
 
 SHARED_LIBS= broccoli 0.0 # .2.0
 
Index: patches/patch-aux_broccoli_src_bro_openssl_c
===================================================================
RCS file: patches/patch-aux_broccoli_src_bro_openssl_c
diff -N patches/patch-aux_broccoli_src_bro_openssl_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-aux_broccoli_src_bro_openssl_c 18 Jul 2015 19:38:31 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- aux/broccoli/src/bro_openssl.c.orig Sat Jul 18 13:34:33 2015
++++ aux/broccoli/src/bro_openssl.c Sat Jul 18 13:36:07 2015
+@@ -281,7 +281,7 @@ __bro_openssl_init(void)
+    * to set up an SSL connection now and abort if this fails in any way.
+    */
+
+-  if (! (ctx = SSL_CTX_new(SSLv3_method())))
++  if (! (ctx = SSL_CTX_new(SSLv23_method())))
+     D_RETURN_(FALSE);
+  
+   /* We expect things to be stored in PEM format, which means that we
Index: patches/patch-src_ChunkedIO_cc
===================================================================
RCS file: patches/patch-src_ChunkedIO_cc
diff -N patches/patch-src_ChunkedIO_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ChunkedIO_cc 18 Jul 2015 19:38:31 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/ChunkedIO.cc.orig Sat Jul 18 13:34:33 2015
++++ src/ChunkedIO.cc Sat Jul 18 13:36:17 2015
+@@ -705,7 +705,7 @@ bool ChunkedIOSSL::Init()
+ {
+ SSL_load_error_strings();
+
+- ctx = SSL_CTX_new(SSLv3_method());
++ ctx = SSL_CTX_new(SSLv23_method());
+ if ( ! ctx )
+ {
+ Log("can't create SSL context");