--- a/components/curl/patches/007-curl-dont-insert-empty-fragments.patch Fri Apr 10 18:00:20 2015 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
---- lib/ssluse.c 2010-09-18 14:00:21.000000000 -0700
-+++ lib/ssluse.c 2012-01-24 07:43:28.989624080 -0800
-@@ -1428,6 +1428,7 @@
- X509_LOOKUP *lookup=NULL;
- curl_socket_t sockfd = conn->sock[sockindex];
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-+ long ctx_options;
- #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- bool sni;
- #ifdef ENABLE_IPV6
-@@ -1507,16 +1508,27 @@
- If someone writes an application with libcurl and openssl who wants to
- enable the feature, one can do this in the SSL callback.
-
-+ OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
-+ (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
-+ SSL_OP_ALL that _disables_ that work-around despite the fact that
-+ SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
-+ keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
-+ must not be set.
-+
- */
-+
-+ ctx_options = SSL_OP_ALL;
-+
- #ifdef SSL_OP_NO_TICKET
- /* expect older openssl releases to not have this define so only use it if
- present */
--#define CURL_CTX_OPTIONS SSL_OP_ALL|SSL_OP_NO_TICKET
--#else
--#define CURL_CTX_OPTIONS SSL_OP_ALL
-+ ctx_options |= SSL_OP_NO_TICKET;
-+#endif
-+#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-+ ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
- #endif
-
-- SSL_CTX_set_options(connssl->ctx, CURL_CTX_OPTIONS);
-+ SSL_CTX_set_options(connssl->ctx, ctx_options);
-
- /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */
- if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT)