Openwrt-EcoNet/ZyXEL_PMG5617GA
Archived
1
0
Fork 0
Code
This repository has been archived on 2024-07-22. You can view files and clone it, but cannot push or open issues or pull requests.
ZyXEL_PMG5617GA/package/libs/clinkc/patches/043-ENHANCE_SSLv3_POODLE_vulnerability.patch
Alex fa80bc5ae9 initial commit
2022-11-27 10:16:14 +00:00

67 lines
2.3 KiB
Diff
Raw Permalink Blame History

Index: clinkc/src/cybergarage/ssl/cssl.c
===================================================================
--- clinkc.orig/src/cybergarage/ssl/cssl.c 2015-04-13 14:40:27.154929558 +0800
+++ clinkc/src/cybergarage/ssl/cssl.c 2015-04-13 14:43:44.087063900 +0800
@@ -54,7 +54,11 @@
if (cg_socket_isssl(sock) != TRUE) return TRUE;
if(sock->ctx == NULL)
+#ifdef USA_PRODUCT
+ sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?TLSv1_server_method():TLSv1_client_method());
+#else
sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?SSLv23_server_method():SSLv23_client_method());
+#endif
if( ctxdata == NULL) return TRUE;
if (ctxdata->cert_file != NULL){
@@ -87,7 +91,11 @@
if (cg_socket_isssl(sock) != TRUE) return TRUE;
if(sock->ctx == NULL)
+#ifdef USA_PRODUCT
+ sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?TLSv1_server_method():TLSv1_client_method());
+#else
sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?SSLv23_server_method():SSLv23_client_method());
+#endif
if( ctxdata == NULL) return TRUE;
if (ctxdata->CAfile != NULL){
@@ -144,7 +152,11 @@
if (cg_socket_isssl(sock) != TRUE) return TRUE;
if(sock->ctx == NULL)
+#ifdef USA_PRODUCT
+ sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?TLSv1_server_method():TLSv1_client_method());
+#else
sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?SSLv23_server_method():SSLv23_client_method());
+#endif
if(ctxdata->verify_callback || ctxdata->verify_mode){
SSL_CTX_set_verify(sock->ctx, ctxdata->verify_mode, ctxdata->verify_callback);
}
@@ -155,8 +167,11 @@
if (cg_socket_isssl(sock) != TRUE) return TRUE;
if(sock->ctx == NULL)
+#ifdef USA_PRODUCT
+ sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?TLSv1_server_method():TLSv1_client_method());
+#else
sock->ctx = SSL_CTX_new( cg_socket_isserver(sock)?SSLv23_server_method():SSLv23_client_method());
-
+#endif
if( ctxdata == NULL) return TRUE;
cg_ssl_set_cert( sock, (Cgctx *)ctxdata );
@@ -202,8 +217,11 @@
if (cg_socket_isssl(clientSock) != TRUE) return TRUE;
if(clientSock->ctx == NULL)
+#ifdef USA_PRODUCT
+ clientSock->ctx = SSL_CTX_new( TLSv1_server_method());
+#else
clientSock->ctx = SSL_CTX_new( SSLv23_server_method());
-
+#endif
clientSock->ssl = SSL_new(clientSock->ctx);
SSL_set_accept_state(clientSock->ssl);
if (SSL_set_fd(clientSock->ssl, cg_socket_getid(clientSock)) == 0) {
View Git Blame Copy Permalink