Package: monit
Version: 5.9-1;
Disables sslv3 if the system's openssl is compiled without it. (Jessie)
I am using Debian GNU/Linux 8 (Jessie), kernel 3.16.0-4-686-pae
and GLIBC 2.19-18+deb8u4
diff -Nru monit-5.9/debian/changelog monit-5.9/debian/changelog
--- monit-5.9/debian/changelog 2015-09-12 19:34:24.000000000 +0400
+++ monit-5.9/debian/changelog 2016-04-28 17:08:16.000000000 +0400
@@ -1,3 +1,10 @@
+monit (1:5.9-1+deb8u1.1) UNRELEASED; urgency=medium
+
+ * Remove support for sslv3 when system doesn't support it.
+ *
+
+ -- Yash Paupiah <yashpaupia...@gmail.com> Thu, 28 Apr 2016 17:06:49 +0400
+
monit (1:5.9-1+deb8u1) jessie; urgency=medium
* Fix umask-related regression between 5.8.1 and 5.9 (Closes: #796989)
diff -Nru monit-5.9/debian/patches/OPENSSL_NO_SSLv3.patch monit-5.9/debian/patches/OPENSSL_NO_SSLv3.patch
--- monit-5.9/debian/patches/OPENSSL_NO_SSLv3.patch 1970-01-01 04:00:00.000000000 +0400
+++ monit-5.9/debian/patches/OPENSSL_NO_SSLv3.patch 2016-04-28 17:00:27.000000000 +0400
@@ -0,0 +1,19 @@
+Index: monit-5.9/src/ssl.c
+===================================================================
+--- monit-5.9.orig/src/ssl.c
++++ monit-5.9/src/ssl.c
+@@ -624,6 +624,14 @@ ssl_connection *new_ssl_connection(char
+ break;
+
+ case SSL_VERSION_SSLV3:
++
++#ifdef OPENSSL_NO_SSL3
++ LogError("SSL: SSLv3 not supported - use TLSv1\n");
++ goto sslerror;
++#else
++ ssl->method = SSLv3_client_method();
++#endif
++ break;
+ #ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ LogError("SSLv3 is not allowed in FIPS mode - use TLSv1\n");
diff -Nru monit-5.9/debian/patches/series monit-5.9/debian/patches/series
--- monit-5.9/debian/patches/series 2015-09-12 19:34:24.000000000 +0400
+++ monit-5.9/debian/patches/series 2016-04-28 16:54:56.000000000 +0400
@@ -3,3 +3,4 @@
11_enable_hurd.patch
12_FTBFS_on_kfreebsd.patch
13_umask_fix.patch
+OPENSSL_NO_SSLv3.patch
