nss/disable-sslv2-libssl.patch

diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
--- ./nss/lib/ssl/config.mk.disableSSL2	2013-09-25 06:57:55.000000000 -0700
+++ ./nss/lib/ssl/config.mk	2013-11-05 16:09:47.459727948 -0800
@@ -7,6 +7,10 @@ ifdef NISCC_TEST
 DEFINES += -DNISCC_TEST
 endif
 
+ifdef NSS_NO_SSL2
+DEFINES += -DNSS_NO_SSL2
+endif
+
 ifdef NSS_NO_PKCS11_BYPASS
 DEFINES += -DNO_PKCS11_BYPASS
 else
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
--- ./nss/lib/ssl/sslsock.c.disableSSL2	2014-07-10 18:45:18.756370281 -0700
+++ ./nss/lib/ssl/sslsock.c	2014-07-10 18:47:55.956392803 -0700
@@ -653,6 +653,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
         break;
 
       case SSL_ENABLE_SSL2:
+#ifdef NSS_NO_SSL2
+if (on) {
+            PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+            rv = SECFailure; /* not allowed */
+        }
+        break;
+        ss->opt.enableSSL2      = on;
+#else
         if (IS_DTLS(ss)) {
             if (on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -664,6 +672,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
         if (on) {
             ss->opt.v2CompatibleHello = on;
         }
+#endif
         ss->preferredCipher     = NULL;
         if (ss->cipherSpecs) {
             PORT_Free(ss->cipherSpecs);
@@ -685,6 +694,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
         break;
 
       case SSL_V2_COMPATIBLE_HELLO:
+#ifdef NSS_NO_SSL2
+        if (on) {
+            PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+            rv = SECFailure; /* not allowed */
+            break;
+        }
+#else
         if (IS_DTLS(ss)) {
             if (on) {
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -692,6 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
             }
             break;
         }
+#endif
         ss->opt.v2CompatibleHello = on;
         if (!on) {
             ss->opt.enableSSL2    = on;
@@ -1146,7 +1163,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
     if (ssl_IsRemovedCipherSuite(which)) {
         rv = SECSuccess;
     } else if (SSL_IS_SSL2_CIPHER(which)) {
+#ifdef NSS_NO_SSL2
+        PORT_SetError(SSL_ERROR_SSL2_DISABLED);
+        rv = SECFailure; /* not allowed */
+#else
         rv = ssl2_SetPolicy(which, policy);
+#endif
     } else {
         rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
     }