Hi,

we recently patched the OpenBSD tn5250 port to build it without SSLv3
support. We had already patched it to cope with the SSLv2 removal from
LibreSSL.

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tn5250/patches/patch-src_sslstream_c

Here's a patch against the 0.17.4 release. I tried to checkout the CVS
repo but it appears to be unavailable.

Cheers,

diff -pru tn5250-0.17.4.orig/lib5250/sslstream.c tn5250-0.17.4/lib5250/sslstream.c
--- tn5250-0.17.4.orig/lib5250/sslstream.c Fri Nov 21 01:12:21 2008
+++ tn5250-0.17.4/lib5250/sslstream.c Sat Jul 25 19:32:50 2015
@@ -369,11 +369,21 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
}

if (!strcmp(methstr, "ssl2")) {
+#ifndef OPENSSL_NO_SSL2
meth = SSLv2_client_method();
TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
+#else
+ TN5250_LOG(("SSL: SSLv2 support requested but not available"));
+ return -1;
+#endif
} else if (!strcmp(methstr, "ssl3")) {
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
+#else
+ TN5250_LOG(("SSL: SSLv3 support requested but not available"));
+ return -1;
+#endif
} else {
meth = SSLv23_client_method();
TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));



This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].