Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Fri, 06 Nov 2015 22:07:25 +0100, Kurt Roeckx wrote: > On Fri, Nov 06, 2015 at 09:22:04PM +0200, Niko Tyni wrote: > > As discussed on IRC, it looks to me like there's no code support for > > HTTPS_VERSION in 0.73_04 anymore. It seems to be just a leftover in > > the docs. > > > > The upstream

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Fri, Nov 06, 2015 at 05:48:32PM +0100, gregor herrmann wrote: > I have to admit that I'm still not completely sure if/how this > affects us packaging-wise. My current understanding is, that the > library would allow to set SSLv3 via HTTPS_VERSION which will fail > now on Debian but that it

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Tue, 03 Nov 2015 22:35:10 +0100, Kurt Roeckx wrote: > On Tue, Nov 03, 2015 at 10:33:21PM +0100, Kurt Roeckx wrote: > > On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote: > > > At a quick glance this looks good, since there's only > > > SSLv23_client_method() left. What confuses

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Fri, Nov 06, 2015 at 05:48:32PM +0100, gregor herrmann wrote: > On Tue, 03 Nov 2015 22:35:10 +0100, Kurt Roeckx wrote: > > > On Tue, Nov 03, 2015 at 10:33:21PM +0100, Kurt Roeckx wrote: > > > On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote: > > > > > At a quick glance this

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Fri, Nov 06, 2015 at 09:22:04PM +0200, Niko Tyni wrote: > On Fri, Nov 06, 2015 at 05:48:32PM +0100, gregor herrmann wrote: > > > I have to admit that I'm still not completely sure if/how this > > affects us packaging-wise. My current understanding is, that the > > library would allow to set

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

Source: libcrypt-ssleay-perl Version: 0.58-1 Severity: serious Hi, Your package has code in SSLeay.xs that does: if(ssl_version == 23) { ctx = SSL_CTX_new(SSLv23_client_method()); } else if(ssl_version == 3) { ctx =

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Tue, 03 Nov 2015 20:50:43 +0100, Kurt Roeckx wrote: > You really only ever want to use SSLv23_client_method() since that > is the only one that supports multiple versions. I suggest you > modify your nossl2.patch to just replace all of the above by: > ctx =

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Tue, Nov 03, 2015 at 10:33:21PM +0100, Kurt Roeckx wrote: > On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote: > > On Tue, 03 Nov 2015 20:50:43 +0100, Kurt Roeckx wrote: > > > > > You really only ever want to use SSLv23_client_method() since that > > > is the only one that

Bug#803975: libcrypt-ssleay-perl: Uses SSLv3_client_method()

On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote: > On Tue, 03 Nov 2015 20:50:43 +0100, Kurt Roeckx wrote: > > > You really only ever want to use SSLv23_client_method() since that > > is the only one that supports multiple versions. I suggest you > > modify your nossl2.patch to