You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2011/05/24 22:15:31 UTC
svn commit: r1127260 - in /spamassassin/trunk: spamc/libspamc.c
spamc/libspamc.h spamc/spamc.c spamc/spamc.pod spamd/spamd.raw
Author: kmcgrail
Date: Tue May 24 20:15:30 2011
New Revision: 1127260
URL: http://svn.apache.org/viewvc?rev=1127260&view=rev
Log:
Disable SSLv2 support due to its removal from OpenSSL from Debian package maintenance and noted in Bug 6595
Modified:
spamassassin/trunk/spamc/libspamc.c
spamassassin/trunk/spamc/libspamc.h
spamassassin/trunk/spamc/spamc.c
spamassassin/trunk/spamc/spamc.pod
spamassassin/trunk/spamd/spamd.raw
Modified: spamassassin/trunk/spamc/libspamc.c
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/libspamc.c?rev=1127260&r1=1127259&r2=1127260&view=diff
==============================================================================
--- spamassassin/trunk/spamc/libspamc.c (original)
+++ spamassassin/trunk/spamc/libspamc.c Tue May 24 20:15:30 2011
@@ -1204,14 +1204,10 @@ int message_filter(struct transport *tp,
if (flags & SPAMC_USE_SSL) {
#ifdef SPAMC_SSL
SSLeay_add_ssl_algorithms();
- if ((flags & SPAMC_SSLV2) && (flags & SPAMC_SSLV3)) {
- meth = TLSv1_client_method(); /* both flag bits on means use TLSv1 */
- } else if (flags & SPAMC_SSLV2) {
- meth = SSLv2_client_method();
- } else if (flags & SPAMC_SSLV3) {
- meth = SSLv3_client_method();
+ if (flags & SPAMC_TLSV1) {
+ meth = TLSv1_client_method();
} else {
- meth = SSLv23_client_method(); /* no flag bits, default SSLv23 */
+ meth = SSLv3_client_method(); /* default */
}
SSL_load_error_strings();
ctx = SSL_CTX_new(meth);
@@ -1599,7 +1595,7 @@ int message_tell(struct transport *tp, c
if (flags & SPAMC_USE_SSL) {
#ifdef SPAMC_SSL
SSLeay_add_ssl_algorithms();
- meth = SSLv2_client_method();
+ meth = SSLv3_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new(meth);
#else
Modified: spamassassin/trunk/spamc/libspamc.h
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/libspamc.h?rev=1127260&r1=1127259&r2=1127260&view=diff
==============================================================================
--- spamassassin/trunk/spamc/libspamc.h (original)
+++ spamassassin/trunk/spamc/libspamc.h Tue May 24 20:15:30 2011
@@ -119,7 +119,7 @@
/* Jan 1, 2007 sidney: added SSL protocol versions */
/* no flags means use default of SSL_v23 */
/* Set both flags to specify TSL_v1 */
-#define SPAMC_SSLV2 (1<<18)
+#define SPAMC_TLSV1 (1<<18)
#define SPAMC_SSLV3 (1<<17)
/* Nov 30, 2006 jm: add -z, zlib support */
Modified: spamassassin/trunk/spamc/spamc.c
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/spamc.c?rev=1127260&r1=1127259&r2=1127260&view=diff
==============================================================================
--- spamassassin/trunk/spamc/spamc.c (original)
+++ spamassassin/trunk/spamc/spamc.c Tue May 24 20:15:30 2011
@@ -359,17 +359,11 @@ read_args(int argc, char **argv,
case 'S':
{
flags |= SPAMC_USE_SSL;
- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv23") == 0)) {
- /* this is the default */
- }
- else if (strcmp(spamc_optarg,"sslv2") == 0) {
- flags |= SPAMC_SSLV2;
- }
- else if (strcmp(spamc_optarg,"sslv3") == 0) {
- flags |= SPAMC_SSLV3;
+ if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
+ flags |= SPAMC_SSLV3;
}
else if (strcmp(spamc_optarg,"tlsv1") == 0) {
- flags |= (SPAMC_SSLV2 | SPAMC_SSLV3);
+ flags |= SPAMC_TLSV1;
}
else {
libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg);
Modified: spamassassin/trunk/spamc/spamc.pod
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamc/spamc.pod?rev=1127260&r1=1127259&r2=1127260&view=diff
==============================================================================
--- spamassassin/trunk/spamc/spamc.pod (original)
+++ spamassassin/trunk/spamc/spamc.pod Tue May 24 20:15:30 2011
@@ -181,10 +181,8 @@ The default is 1 second.
If spamc was built with support for SSL, encrypt data to and from the
spamd process with SSL; spamd must support SSL as well.
-I<sslversion> specifies the SSL protocol version to use, one of
-C<sslv2>, C<sslv3>, C<tlsv1>, or C<sslv23>. The default, C<sslv23>, causes
-spamc to use a SSLv2 hello handshake then negotiate use of SSLv3 or TLSv1
-protocol if the spamd server can accept it.
+I<sslversion> specifies the SSL protocol version to use, either
+C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
=item B<-t> I<timeout>, B<--timeout>=I<timeout>
Modified: spamassassin/trunk/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?rev=1127260&r1=1127259&r2=1127260&view=diff
==============================================================================
--- spamassassin/trunk/spamd/spamd.raw (original)
+++ spamassassin/trunk/spamd/spamd.raw Tue May 24 20:15:30 2011
@@ -717,8 +717,8 @@ sub compose_listen_info_string {
$sslport = ( getservbyname($sslport, 'tcp') )[2];
die "spamd: invalid ssl-port: $opt{'port'}\n" unless $sslport;
}
- $sslversion = $opt{'ssl-version'} || 'sslv23';
- if ($sslversion !~ /^(?:sslv([23]|23)|(tlsv1))$/) {
+ $sslversion = $opt{'ssl-version'} || 'sslv3';
+ if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
}
@@ -3342,12 +3342,11 @@ more details.
=item B<--ssl-version>=I<sslversion>
-Specify the SSL protocol version to use, one of
-B<sslv2>, B<sslv3>, B<tlsv1>, or B<sslv23>.
-The default, B<sslv23>, is the most flexible, accepting a SSLv2 or higher
-hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if the client
-can accept it.
-Specifying B<--ssl-version> implies B<--ssl>.
+Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
+The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
+higher hello handshake, then negotiating use of SSLv3 or TLSv1
+protocol if the client can accept it. Specifying B<--ssl-version>
+implies B<--ssl>.
=item B<--server-key> I<keyfile>