2025-01-24 09:21 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)

* contrib/hbssl/ssl.c
  * contrib/hbssl/sslctx.c
    * protect access to SSLv3_*() functions with #ifndef OPENSSL_NO_SSL3_METHOD

ChangeLog.txt

@@ -7,6 +7,11 @@
    Entries may not always be in chronological/commit order.
    See license at the end of file. */
 
+2025-01-24 09:21 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
+  * contrib/hbssl/ssl.c
+  * contrib/hbssl/sslctx.c
+    * protect access to SSLv3_*() functions with #ifndef OPENSSL_NO_SSL3_METHOD
+
 2025-01-24 07:02 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
   * .github/workflows/vm2-ci.yml
     * reenabled solaris build with release 11.4-gcc

contrib/hbssl/ssl.c

@@ -738,20 +738,24 @@ HB_FUNC( SSL_GET_SSL_METHOD )
          else if( p == TLS_server_method()    ) n = HB_SSL_CTX_NEW_METHOD_TLS_SERVER;
          else if( p == TLS_client_method()    ) n = HB_SSL_CTX_NEW_METHOD_TLS_CLIENT;
 #else
-         if(      p == SSLv3_method()         ) n = HB_SSL_CTX_NEW_METHOD_SSLV3;
-         else if( p == SSLv3_server_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER;
-         else if( p == SSLv3_client_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT;
+         if( p == SSLv23_method()        ) n = HB_SSL_CTX_NEW_METHOD_SSLV23;
+         else if( p == SSLv23_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER;
+         else if( p == SSLv23_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT;
 #if OPENSSL_VERSION_NUMBER < 0x10000000L
          else if( p == SSLv2_method()         ) n = HB_SSL_CTX_NEW_METHOD_SSLV2;
          else if( p == SSLv2_server_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER;
          else if( p == SSLv2_client_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT;
 #endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+         else if(      p == SSLv3_method()         ) n = HB_SSL_CTX_NEW_METHOD_SSLV3;
+         else if( p == SSLv3_server_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER;
+         else if( p == SSLv3_client_method()  ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT;
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
          else if( p == TLSv1_method()         ) n = HB_SSL_CTX_NEW_METHOD_TLSV1;
          else if( p == TLSv1_server_method()  ) n = HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER;
          else if( p == TLSv1_client_method()  ) n = HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT;
-         else if( p == SSLv23_method()        ) n = HB_SSL_CTX_NEW_METHOD_SSLV23;
-         else if( p == SSLv23_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER;
-         else if( p == SSLv23_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT;
+#endif
 #endif
          else                                   n = HB_SSL_CTX_NEW_METHOD_UNKNOWN;
 

contrib/hbssl/sslctx.c

@@ -110,20 +110,24 @@ const SSL_METHOD * hb_ssl_method_id_to_ptr( int n )
       case HB_SSL_CTX_NEW_METHOD_TLS_SERVER:    p = TLS_server_method();    break;
       case HB_SSL_CTX_NEW_METHOD_TLS_CLIENT:    p = TLS_client_method();    break;
 #else
+      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
+      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
+      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
 #if OPENSSL_VERSION_NUMBER < 0x10000000L
       case HB_SSL_CTX_NEW_METHOD_SSLV2:         p = SSLv2_method();         break;
       case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER:  p = SSLv2_server_method();  break;
       case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT:  p = SSLv2_client_method();  break;
 #endif
+#ifndef OPENSSL_NO_SSL3_METHOD
       case HB_SSL_CTX_NEW_METHOD_SSLV3:         p = SSLv3_method();         break;
       case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER:  p = SSLv3_server_method();  break;
       case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT:  p = SSLv3_client_method();  break;
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
       case HB_SSL_CTX_NEW_METHOD_TLSV1:         p = TLSv1_method();         break;
       case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER:  p = TLSv1_server_method();  break;
       case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT:  p = TLSv1_client_method();  break;
-      case HB_SSL_CTX_NEW_METHOD_SSLV23:        p = SSLv23_method();        break;
-      case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break;
-      case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break;
+#endif
 #endif
       default: p = SSLv23_method();
    }