control: tags -1 +patch
On 2015-11-09 21:23:32 [+], Chris West (Faux) wrote:
> Dear Maintainer,
>
> The package fails to build:
>
> src/src_tlsdate_helper-tlsdate-helper.o: In function `run_ssl':
> /tlsdate-0.0.13/src/tlsdate-helper.c:1139: undefined reference to
> `SSLv3_client_method'
> collect2: error: ld returned 1 exit status
> Makefile:1704: recipe for target 'src/tlsdate-helper' failed
> make[2]: *** [src/tlsdate-helper] Error 1
The patch attached fixes the problem by sticking to the SSLv23_*
function as suggested by Kurt.
Sebastian
>From b1afb00818c8d269c52d4b914e62fd5a9985df69 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior
Date: Wed, 27 Apr 2016 21:10:03 +0200
Subject: [PATCH] Drop explicit support SSLv3 and TLSv1
There is no addedd value in using only SSLv3 or TLSv1. With current openssl
implementation the sslv3 functions can be disabled and TLSv1 functions may be
removed as well. Further the TLSv1 function offers the TLSv1 protocol while
we have today upto TLSv1.2.
Therefore I remove the explicit SSLv3 and TLSv1 functions and use only SSLv23
function which is the only one which supports multiple SSL versions.
Signed-off-by: Sebastian Andrzej Siewior
---
man/tlsdate.1 | 4 +---
src/tlsdate-helper-plan9.c | 38 --
src/tlsdate-helper.c | 44 +++-
src/tlsdate-helper.h | 2 --
src/tlsdate.c | 6 +-
src/tlsdate.h | 2 --
6 files changed, 29 insertions(+), 67 deletions(-)
diff --git a/man/tlsdate.1 b/man/tlsdate.1
index b052e48a5ec7..fce06cd423d0 100644
--- a/man/tlsdate.1
+++ b/man/tlsdate.1
@@ -5,7 +5,7 @@
.SH NAME
tlsdate \- secure parasitic rdate replacement
.SH SYNOPSIS
-.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] [\-P [sslv23|sslv3|tlsv1]] \
+.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] \
[\-\-certdir [dirname]] [\-x [\-\-proxy] proxy\-type://proxyhost:proxyport]
.SH DESCRIPTION
.B tlsdate
@@ -30,8 +30,6 @@ Set remote hostname (default: 'google.com')
Do not set the system clock to the time of the remote server
.IP "\-p | \-\-port [port]"
Set remote port (default: '443')
-.IP "\-P | \-\-protocol [sslv23|sslv3|tlsv1]"
-Set protocol to use when communicating with server (default: 'tlsv1')
.IP "\-C | \-\-certdir [dirname]"
Set the local directory where certificates are located
(default: '/etc/ssl/certs')
diff --git a/src/tlsdate-helper-plan9.c b/src/tlsdate-helper-plan9.c
index 3c532aab4398..369d168f054a 100644
--- a/src/tlsdate-helper-plan9.c
+++ b/src/tlsdate-helper-plan9.c
@@ -974,23 +974,10 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion)
SSL_library_init();
ctx = NULL;
- if (0 == strcmp("sslv23", protocol))
- {
-verb ("V: using SSLv23_client_method()\n");
-ctx = SSL_CTX_new(SSLv23_client_method());
- } else if (0 == strcmp("sslv3", protocol))
- {
-verb ("V: using SSLv3_client_method()\n");
-ctx = SSL_CTX_new(SSLv3_client_method());
- } else if (0 == strcmp("tlsv1", protocol))
- {
-verb ("V: using TLSv1_client_method()\n");
-ctx = SSL_CTX_new(TLSv1_client_method());
- } else
-die("Unsupported protocol `%s'\n", protocol);
-
+ verb ("V: using SSLv23_client_method()\n");
+ ctx = SSL_CTX_new(SSLv23_client_method());
if (ctx == NULL)
-die("OpenSSL failed to support protocol `%s'\n", protocol);
+die("OpenSSL failed to support protocol `sslv23'\n");
verb("V: Using OpenSSL for SSL\n");
if (ca_racket)
@@ -1077,20 +1064,19 @@ main(int argc, char **argv)
int timewarp;
int leap;
- if (argc != 12)
+ if (argc != 11)
return 1;
host = argv[1];
hostname_to_verify = argv[1];
port = argv[2];
- protocol = argv[3];
- ca_cert_container = argv[6];
- ca_racket = (0 != strcmp ("unchecked", argv[4]));
- verbose = (0 != strcmp ("quiet", argv[5]));
- setclock = (0 == strcmp ("setclock", argv[7]));
- showtime = (0 == strcmp ("showtime", argv[8]));
- timewarp = (0 == strcmp ("timewarp", argv[9]));
- leap = (0 == strcmp ("leapaway", argv[10]));
- proxy = (0 == strcmp ("none", argv[11]) ? NULL : argv[11]);
+ ca_cert_container = argv[5];
+ ca_racket = (0 != strcmp ("unchecked", argv[3]));
+ verbose = (0 != strcmp ("quiet", argv[4]));
+ setclock = (0 == strcmp ("setclock", argv[6]));
+ showtime = (0 == strcmp ("showtime", argv[7]));
+ timewarp = (0 == strcmp ("timewarp", argv[8]));
+ leap = (0 == strcmp ("leapaway", argv[9]));
+ proxy = (0 == strcmp ("none", argv[10]) ? NULL : argv[10]);
if (timewarp)
{
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
index 877c67e8a5d2..1fe48d910bf7 100644
--- a/src/tlsdate-helper.c
+++ b/src/tlsdate-helper.c
@@ -1129,23 +1129,10 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http)
SSL_library_init();
ctx = NULL;
- if (0 == strcmp("sslv23", protocol))
- {
-verb ("V: using SSLv23_client_method()");
-ctx = SSL_CTX_new(SSLv23_client_method());
- } el