diff options
author | Miod Vallat <miod@cvs.openbsd.org> | 2015-07-29 19:16:10 +0000 |
---|---|---|
committer | Miod Vallat <miod@cvs.openbsd.org> | 2015-07-29 19:16:10 +0000 |
commit | a35b0ef6789591439ac60684ec5e396352ed8131 (patch) | |
tree | 92e8ee0423134186d685d470b941acb6495df024 /lib | |
parent | 053eac158404ac7136a55771109b4580952b5c8c (diff) |
Add linker warnings in case SSLv3_{,client,server}_method are referenced.
Use of this symbols proves the existence of a code path willingly using SSLv3,
even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing.
Discussed with the LibreSSL cabal during c2k15; ok deraadt@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 8 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_meth.c | 8 | ||||
-rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 8 |
3 files changed, 21 insertions, 3 deletions
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 9a5ef826f6a..b739711732b 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.120 2015/07/19 07:34:52 doug Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.121 2015/07/29 19:16:09 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -170,6 +170,12 @@ #include "bytestring.h" +#ifdef __OpenBSD__ +#include <sys/cdefs.h> +__warn_references(SSLv3_client_method, + "SSLv3_client_method() enables the use of insecure protocols"); +#endif + static const SSL_METHOD *ssl3_get_client_method(int ver); static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); diff --git a/lib/libssl/src/ssl/s3_meth.c b/lib/libssl/src/ssl/s3_meth.c index 8ad4efa7a8e..c5f043e944a 100644 --- a/lib/libssl/src/ssl/s3_meth.c +++ b/lib/libssl/src/ssl/s3_meth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_meth.c,v 1.13 2015/02/06 08:30:23 jsing Exp $ */ +/* $OpenBSD: s3_meth.c,v 1.14 2015/07/29 19:16:09 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,6 +62,12 @@ #include "ssl_locl.h" +#ifdef __OpenBSD__ +#include <sys/cdefs.h> +__warn_references(SSLv3_method, + "SSLv3_method() enables the use of insecure protocols"); +#endif + static const SSL_METHOD *ssl3_get_method(int ver); const SSL_METHOD SSLv3_method_data = { diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index cd5bc2a6cbc..7d2ec4d1328 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.111 2015/07/18 01:42:26 doug Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.112 2015/07/29 19:16:09 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -166,6 +166,12 @@ #include "bytestring.h" +#ifdef __OpenBSD__ +#include <sys/cdefs.h> +__warn_references(SSLv3_server_method, + "SSLv3_server_method() enables the use of insecure protocols"); +#endif + static const SSL_METHOD *ssl3_get_server_method(int ver); const SSL_METHOD SSLv3_server_method_data = { |