www/lhs/patches/patch-ac


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

$NetBSD: patch-ac,v 1.3 2016/03/26 23:05:10 joerg Exp $

* Include sys/filio.h for FIONBIO etc.
* Drop SSLv2 support
* Add TLSv1 support

--- lhs.c.orig	2001-02-27 17:37:10.000000000 +0000
+++ lhs.c
@@ -25,6 +25,9 @@
 #include <openssl/err.h>
 #endif
 #include "lhs.h"
+#if defined (__sun)
+#include <sys/filio.h>
+#endif
 
 #define debug(x...) { if (verbose) printf(x); }
 
@@ -467,12 +470,10 @@ int init_ssl()
 	SSL_load_error_strings();
 	SSLeay_add_ssl_algorithms();
 	
-	if (ssl_protocol == SSL2_VERSION)
-		ctx = SSL_CTX_new(SSLv2_method());
-	else {
-		ctx = SSL_CTX_new(SSLv23_method());
-		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-	}
+	ctx = SSL_CTX_new(SSLv23_method());
+	SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+	if (ssl_protocol == TLS1_VERSION)
+		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
 	if (!ctx) {
 		fprintf(stderr, "SSL_CTX_new failed.\n");
 		return 0;
@@ -512,12 +513,12 @@ SSL *init_ssl_socket(int sock)
 	}
 //	SSL_set_session_id_context(ssl,AppContext,sizeof(AppContext));
 	switch(ssl->session->ssl_version) {
-		case SSL2_VERSION:
-			debug("ssl2\n");
-			break;	
 		case SSL3_VERSION:
 			debug("ssl3\n");
 			break;
+		case TLS1_VERSION:
+			debug("tls3\n");
+			break;
 		default:
 			debug("nieznany standard szyfrowania\n");
 	}
@@ -592,7 +593,7 @@ void usage(char *a0)
 "  -s version   set SSL protocol version (default: SSLv2)\n"
 "  -c filename  load certificate file (default: lhs.pem)\n"
 #endif
-"  -r path      set server's root directory (default: /home/httpd/html)\n"
+"  -r path      set server's root directory (default: " DEFAULT_ROOT_DIR ")\n"
 "  -u user      switch to other user after startup\n"
 "  -g group     change gid to other than user's\n"
 "  -m socks     set number of sockets (default: 50, min: 3)\n"
@@ -633,8 +634,8 @@ int main(int argc, char **argv)
 				cert_file = optarg;
 				break;
 			case 's':
-				if (!strcasecmp(optarg, "ssl2") || !strcasecmp(optarg, "sslv2"))
-					ssl_protocol = SSL2_VERSION;
+				if (!strcasecmp(optarg, "tls1") || !strcasecmp(optarg, "tls1"))
+					ssl_protocol = TLS1_VERSION;
 				else if (!strcasecmp(optarg, "ssl3") || !strcasecmp(optarg, "sslv3"))
 					ssl_protocol = SSL3_VERSION;
 				else {