25 lines
1013 B
Diff
25 lines
1013 B
Diff
Ensure SSLv3 is enabled when necessary
|
|
|
|
Either at compilation time, or as a system-wide configuration, OpenSSL
|
|
may have disabled SSLv3 protocol by default. This change ensures the
|
|
protocol NO flag is cleared when necessary, hence allowing for the
|
|
protocol to be used.
|
|
|
|
Author: Matus Honek <mhonek@redhat.com>
|
|
|
|
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
|
|
--- a/libraries/libldap/tls_o.c
|
|
+++ b/libraries/libldap/tls_o.c
|
|
@@ -297,8 +297,10 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
#endif
|
|
if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
|
|
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
|
|
- else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )
|
|
+ else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) {
|
|
SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
|
|
+ SSL_CTX_clear_options( ctx, SSL_OP_NO_SSLv3 );
|
|
+ }
|
|
|
|
if ( lo->ldo_tls_ciphersuite &&
|
|
!SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )
|