author | Rich Burridge <rich.burridge@oracle.com> |
Thu, 29 Jan 2015 14:57:20 -0800 | |
changeset 3705 | 0d8951107033 |
permissions | -rw-r--r-- |
3705
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
1 |
Disable SSLv2 and SSLv3 in w3m to "mitigate POODLE vulnerability". |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
2 |
|
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
3 |
This change will be passed upstream. |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
4 |
|
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
5 |
--- w3m-0.5.2/url.c.orig 2015-01-29 08:37:04.156739107 -0800 |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
6 |
+++ w3m-0.5.2/url.c 2015-01-29 08:48:24.055383389 -0800 |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
7 |
@@ -337,6 +337,8 @@ |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
8 |
option |= SSL_OP_NO_TLSv1; |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
9 |
} |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
10 |
SSL_CTX_set_options(ssl_ctx, option); |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
11 |
+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
12 |
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
13 |
#ifdef USE_SSL_VERIFY |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
14 |
/* derived from openssl-0.9.5/apps/s_{client,cb}.c */ |
0d8951107033
20231080 problem in UTILITY/W3M
Rich Burridge <rich.burridge@oracle.com>
parents:
diff
changeset
|
15 |
#if 1 /* use SSL_get_verify_result() to verify cert */ |