security/openssl: Fix No-SSLv3 option
ClosedPublic
Actions

Authored by brnrd on Jan 13 2016, 1:52 PM.

Details

Reviewers

koobs
feld

Commits

rP406061: MFH: r406060
rP406060: security/openssl: Fix No-SSLv3 option

Summary

Proposed commit log

security/openssl: Fix No-SSLv3 option

  - This change adds `no-ssl3-method` to config args
  - Bump portrevision

Testing with security/openssl buillt with SSL3 option disabled [1]
revealed that the openssl binary and the libraries still support SSLv3
connections and methods. With the added no-ssl3-method argument passed
to the config script, the binary no longer supports the -ssl3 option
and ports requiring SSLv3 methods fail on undefined references to
methods.

PR:		203693 [1]
Reviewed_by:	koobs (mentor), feld (mentor, ports-secteam), dinoex (maintainer)
Approved by:	(mentor), (ports-secteam), (maintainer)
MFH:		2016Q1
Differential_Revision:	D4924

Test Plan

portlint -AC (no change)
poudriere testport
test openssl s_client -ssl3 and existence of SSLv3_ methods in headers

Test connecting to SSLv3 enabled endpoint

/usr/local/bin/openssl s_client -connect google.com:443 -ssl3
unknown option -ssl3

Testing building a port requiring SSLv3 methods

--- ftimes ---
cc -o ftimes analyze.o cmpmode.o compare.o decode.o decoder.o develop.o dig.o  digmode.o error.o fsinfo.o ftimes.o getmode.o http.o madmode.o map.o mapmode.o mask.o md5.o message.o options.o properties.o sha1.o sha256.o socket.o ssl.o support.o time.o url.o version.o -O2 -fno-strict-aliasing -pipe -march=native  -fstack-protector -Wall -DUNIX -DHAVE_CONFIG_H -DXMAGIC_PREFIX='"/usr/local"'   -lm   -L/usr/local/lib -lpcre   -L/usr/local/lib -lssl -lcrypto
ssl.o: In function `SslInitializeCTX':
ssl.c:(.text+0x469): undefined reference to `SSLv3_client_method'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [ftimes] Error code 1