diff --git a/ChangeLog.txt b/ChangeLog.txt index 27c6195519..f57fad2adc 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -7,6 +7,11 @@ Entries may not always be in chronological/commit order. See license at the end of file. */ +2025-01-24 09:21 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) + * contrib/hbssl/ssl.c + * contrib/hbssl/sslctx.c + * protect access to SSLv3_*() functions with #ifndef OPENSSL_NO_SSL3_METHOD + 2025-01-24 07:02 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * .github/workflows/vm2-ci.yml * reenabled solaris build with release 11.4-gcc diff --git a/contrib/hbssl/ssl.c b/contrib/hbssl/ssl.c index e7e3e25e09..64f97de80f 100644 --- a/contrib/hbssl/ssl.c +++ b/contrib/hbssl/ssl.c @@ -738,20 +738,24 @@ HB_FUNC( SSL_GET_SSL_METHOD ) else if( p == TLS_server_method() ) n = HB_SSL_CTX_NEW_METHOD_TLS_SERVER; else if( p == TLS_client_method() ) n = HB_SSL_CTX_NEW_METHOD_TLS_CLIENT; #else - if( p == SSLv3_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV3; - else if( p == SSLv3_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER; - else if( p == SSLv3_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT; + if( p == SSLv23_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23; + else if( p == SSLv23_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER; + else if( p == SSLv23_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT; #if OPENSSL_VERSION_NUMBER < 0x10000000L else if( p == SSLv2_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV2; else if( p == SSLv2_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER; else if( p == SSLv2_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT; #endif +#ifndef OPENSSL_NO_SSL3_METHOD + else if( p == SSLv3_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV3; + else if( p == SSLv3_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER; + else if( p == SSLv3_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT; +#endif +#ifndef OPENSSL_NO_TLS1_METHOD else if( p == TLSv1_method() ) n = HB_SSL_CTX_NEW_METHOD_TLSV1; else if( p == TLSv1_server_method() ) n = HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER; else if( p == TLSv1_client_method() ) n = HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT; - else if( p == SSLv23_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23; - else if( p == SSLv23_server_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER; - else if( p == SSLv23_client_method() ) n = HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT; +#endif #endif else n = HB_SSL_CTX_NEW_METHOD_UNKNOWN; diff --git a/contrib/hbssl/sslctx.c b/contrib/hbssl/sslctx.c index e14f73b00a..ccb1316a4c 100644 --- a/contrib/hbssl/sslctx.c +++ b/contrib/hbssl/sslctx.c @@ -110,20 +110,24 @@ const SSL_METHOD * hb_ssl_method_id_to_ptr( int n ) case HB_SSL_CTX_NEW_METHOD_TLS_SERVER: p = TLS_server_method(); break; case HB_SSL_CTX_NEW_METHOD_TLS_CLIENT: p = TLS_client_method(); break; #else + case HB_SSL_CTX_NEW_METHOD_SSLV23: p = SSLv23_method(); break; + case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break; + case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break; #if OPENSSL_VERSION_NUMBER < 0x10000000L case HB_SSL_CTX_NEW_METHOD_SSLV2: p = SSLv2_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_SERVER: p = SSLv2_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV2_CLIENT: p = SSLv2_client_method(); break; #endif +#ifndef OPENSSL_NO_SSL3_METHOD case HB_SSL_CTX_NEW_METHOD_SSLV3: p = SSLv3_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_SERVER: p = SSLv3_server_method(); break; case HB_SSL_CTX_NEW_METHOD_SSLV3_CLIENT: p = SSLv3_client_method(); break; +#endif +#ifndef OPENSSL_NO_TLS1_METHOD case HB_SSL_CTX_NEW_METHOD_TLSV1: p = TLSv1_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_SERVER: p = TLSv1_server_method(); break; case HB_SSL_CTX_NEW_METHOD_TLSV1_CLIENT: p = TLSv1_client_method(); break; - case HB_SSL_CTX_NEW_METHOD_SSLV23: p = SSLv23_method(); break; - case HB_SSL_CTX_NEW_METHOD_SSLV23_SERVER: p = SSLv23_server_method(); break; - case HB_SSL_CTX_NEW_METHOD_SSLV23_CLIENT: p = SSLv23_client_method(); break; +#endif #endif default: p = SSLv23_method(); }