File: no-SSLv3.patch

package info (click to toggle)
libnet-tclink-perl 3.4.0-9
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, stretch
  • size: 384 kB
  • ctags: 143
  • sloc: ansic: 673; perl: 95; makefile: 9
file content (21 lines) | stat: -rw-r--r-- 624 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
Description: SSLv3 considered insecure
 In Debian, The SSLv3_* methods have now been removed in unstable.
 Use SSLv23_* instead.
Origin: vendor
Bug-Debian: https://bugs.debian.org/803974
Author: gregor herrmann <gregoa@debian.org>
Last-Update: 2015-11-06
Forwarded: https://rt.cpan.org/Ticket/Display.html?id=108515
Bug: https://rt.cpan.org/Ticket/Display.html?id=108515

--- a/tclink.c
+++ b/tclink.c
@@ -539,7 +539,7 @@
 	{
 		do_SSL_randomize();        /* handle systems without /dev/urandom */
 		SSLeay_add_ssl_algorithms();
-		c->meth = SSLv3_client_method();
+		c->meth = SSLv23_client_method();
 	}
 
 	if (!c->ctx)