76 lines
2.3 KiB
Diff
76 lines
2.3 KiB
Diff
diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
|
|
--- ./nss/lib/ssl/config.mk.disableSSL2 2013-09-25 06:57:55.000000000 -0700
|
|
+++ ./nss/lib/ssl/config.mk 2013-11-05 16:09:47.459727948 -0800
|
|
@@ -7,6 +7,10 @@ ifdef NISCC_TEST
|
|
DEFINES += -DNISCC_TEST
|
|
endif
|
|
|
|
+ifdef NSS_NO_SSL2
|
|
+DEFINES += -DNSS_NO_SSL2
|
|
+endif
|
|
+
|
|
ifdef NSS_NO_PKCS11_BYPASS
|
|
DEFINES += -DNO_PKCS11_BYPASS
|
|
else
|
|
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
|
|
--- ./nss/lib/ssl/sslsock.c.disableSSL2 2014-07-10 18:45:18.756370281 -0700
|
|
+++ ./nss/lib/ssl/sslsock.c 2014-07-10 18:47:55.956392803 -0700
|
|
@@ -653,6 +653,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
|
break;
|
|
|
|
case SSL_ENABLE_SSL2:
|
|
+#ifdef NSS_NO_SSL2
|
|
+if (on) {
|
|
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
|
|
+ rv = SECFailure; /* not allowed */
|
|
+ }
|
|
+ break;
|
|
+ ss->opt.enableSSL2 = on;
|
|
+#else
|
|
if (IS_DTLS(ss)) {
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
@@ -664,6 +672,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
|
if (on) {
|
|
ss->opt.v2CompatibleHello = on;
|
|
}
|
|
+#endif
|
|
ss->preferredCipher = NULL;
|
|
if (ss->cipherSpecs) {
|
|
PORT_Free(ss->cipherSpecs);
|
|
@@ -685,6 +694,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
|
break;
|
|
|
|
case SSL_V2_COMPATIBLE_HELLO:
|
|
+#ifdef NSS_NO_SSL2
|
|
+ if (on) {
|
|
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
|
|
+ rv = SECFailure; /* not allowed */
|
|
+ break;
|
|
+ }
|
|
+#else
|
|
if (IS_DTLS(ss)) {
|
|
if (on) {
|
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
|
@@ -692,6 +708,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
|
}
|
|
break;
|
|
}
|
|
+#endif
|
|
ss->opt.v2CompatibleHello = on;
|
|
if (!on) {
|
|
ss->opt.enableSSL2 = on;
|
|
@@ -1146,7 +1163,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
|
|
if (ssl_IsRemovedCipherSuite(which)) {
|
|
rv = SECSuccess;
|
|
} else if (SSL_IS_SSL2_CIPHER(which)) {
|
|
+#ifdef NSS_NO_SSL2
|
|
+ PORT_SetError(SSL_ERROR_SSL2_DISABLED);
|
|
+ rv = SECFailure; /* not allowed */
|
|
+#else
|
|
rv = ssl2_SetPolicy(which, policy);
|
|
+#endif
|
|
} else {
|
|
rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
|
|
}
|