rpms / nrpe

Clone
Source Code
GIT

Files

  1.   46820a0af12e865fcfb72238b21f1cb1de1eb4c1
  2.   nrpe-0011-opensslv110-nosslv2.patch
Blob Blame History Raw 
diff -up ./src/check_nrpe.c.opensslv110_nossl2 ./src/check_nrpe.c
--- ./src/check_nrpe.c.opensslv110_nossl2	2017-03-23 19:17:30.322349781 -0400
+++ ./src/check_nrpe.c	2017-03-23 19:18:54.296008360 -0400
@@ -65,8 +65,7 @@ int use_ssl = FALSE;
 
 /* SSL/TLS parameters */
 typedef enum _SSL_VER {
-	SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
-	TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+	SSL_Ver_Invalid = 0, TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
 } SslVer;
 
 typedef enum _CLNT_CERTS { Ask_For_Cert = 1, Require_Cert = 2 } ClntCerts;
@@ -404,15 +403,7 @@ int process_arguments(int argc, char **a
 								"overrides the config file option.");
 				break;
 			}
-			if (!strcmp(optarg, "SSLv2"))
-				sslprm.ssl_min_ver = SSLv2;
-			else if (!strcmp(optarg, "SSLv2+"))
-				sslprm.ssl_min_ver = SSLv2_plus;
-			else if (!strcmp(optarg, "SSLv3"))
-				sslprm.ssl_min_ver = SSLv3;
-			else if (!strcmp(optarg, "SSLv3+"))
-				sslprm.ssl_min_ver = SSLv3_plus;
-			else if (!strcmp(optarg, "TLSv1"))
+			if (!strcmp(optarg, "TLSv1"))
 				sslprm.ssl_min_ver = TLSv1;
 			else if (!strcmp(optarg, "TLSv1+"))
 				sslprm.ssl_min_ver = TLSv1_plus;
@@ -667,8 +658,7 @@ void usage(int result)
 		printf("                2 = Force Anonymous Diffie Hellman\n");
 		printf(" <size>       = Specify non-default payload size for NSClient++\n");
 		printf
-			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
-		printf("                SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
+			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: \n");
 		printf("                TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
 		printf("                TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
 		printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
@@ -738,18 +728,6 @@ void setup_ssl()
 			   sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
 		syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
 		switch (sslprm.ssl_min_ver) {
-		case SSLv2:
-			val = "SSLv2";
-			break;
-		case SSLv2_plus:
-			val = "SSLv2 And Above";
-			break;
-		case SSLv3:
-			val = "SSLv3";
-			break;
-		case SSLv3_plus:
-			val = "SSLv3_plus And Above";
-			break;
 		case TLSv1:
 			val = "TLSv1";
 			break;
@@ -781,14 +759,6 @@ void setup_ssl()
 		SSL_library_init();
 		meth = SSLv23_client_method();
 
-# ifndef OPENSSL_NO_SSL2
-		if (sslprm.ssl_min_ver == SSLv2)
-			meth = SSLv2_client_method();
-# endif
-# ifndef OPENSSL_NO_SSL3
-		if (sslprm.ssl_min_ver == SSLv3)
-			meth = SSLv3_client_method();
-# endif
 		if (sslprm.ssl_min_ver == TLSv1)
 			meth = TLSv1_client_method();
 # ifdef SSL_TXT_TLSV1_1
@@ -806,9 +776,6 @@ void setup_ssl()
 		}
 
 		switch(sslprm.ssl_min_ver) {
-			case SSLv2:
-			case SSLv2_plus:
-				break;
 			case TLSv1_2:
 			case TLSv1_2_plus:
 				ssl_opts |= SSL_OP_NO_TLSv1_1;
@@ -818,9 +785,6 @@ void setup_ssl()
 			case TLSv1:
 			case TLSv1_plus:
 				ssl_opts |= SSL_OP_NO_SSLv3;
-			case SSLv3:
-			case SSLv3_plus:
-				ssl_opts |= SSL_OP_NO_SSLv2;
 				break;
 		}
 		SSL_CTX_set_options(ctx, ssl_opts);
diff -up ./src/nrpe.c.opensslv110_nossl2 ./src/nrpe.c
--- ./src/nrpe.c.opensslv110_nossl2	2017-03-23 19:17:30.323349765 -0400
+++ ./src/nrpe.c	2017-03-23 19:19:36.959326843 -0400
@@ -109,8 +109,7 @@ int       listen_queue_size = DEFAULT_LI
 
 /* SSL/TLS parameters */
 typedef enum _SSL_VER {
-	SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
-	TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
+	TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
 } SslVer;
 
 typedef enum _CLNT_CERTS {
@@ -278,14 +277,6 @@ void init_ssl(void)
 			}
 		}
 	}
-# ifndef OPENSSL_NO_SSL2
-	if (sslprm.ssl_min_ver == SSLv2)
-		meth = SSLv2_server_method();
-# endif
-# ifndef OPENSSL_NO_SSL3
-	if (sslprm.ssl_min_ver == SSLv3)
-		meth = SSLv3_server_method();
-# endif
 	if (sslprm.ssl_min_ver == TLSv1)
 		meth = TLSv1_server_method();
 # ifdef SSL_TXT_TLSV1_1
@@ -305,9 +296,6 @@ void init_ssl(void)
 	}
 
 	switch(sslprm.ssl_min_ver) {
-		case SSLv2:
-		case SSLv2_plus:
-			break;
 		case TLSv1_2:
 		case TLSv1_2_plus:
 			ssl_opts |= SSL_OP_NO_TLSv1_1;
@@ -317,9 +305,6 @@ void init_ssl(void)
 		case TLSv1:
 		case TLSv1_plus:
 			ssl_opts |= SSL_OP_NO_SSLv3;
-		case SSLv3:
-		case SSLv3_plus:
-			ssl_opts |= SSL_OP_NO_SSLv2;
 			break;
 	}
 	SSL_CTX_set_options(ctx, ssl_opts);
@@ -401,18 +386,6 @@ void log_ssl_startup(void)
 													 1 ? "Accept" : "Require"));
 	syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
 	switch (sslprm.ssl_min_ver) {
-	case SSLv2:
-		vers = "SSLv2";
-		break;
-	case SSLv2_plus:
-		vers = "SSLv2 And Above";
-		break;
-	case SSLv3:
-		vers = "SSLv3";
-		break;
-	case SSLv3_plus:
-		vers = "SSLv3 And Above";
-		break;
 	case TLSv1:
 		vers = "TLSv1";
 		break;
@@ -814,15 +787,7 @@ int read_config_file(char *filename)
 			}
 
 		} else if (!strcmp(varname, "ssl_version")) {
-			if (!strcmp(varvalue, "SSLv2"))
-				sslprm.ssl_min_ver = SSLv2;
-			else if (!strcmp(varvalue, "SSLv2+"))
-				sslprm.ssl_min_ver = SSLv2_plus;
-			else if (!strcmp(varvalue, "SSLv3"))
-				sslprm.ssl_min_ver = SSLv3;
-			else if (!strcmp(varvalue, "SSLv3+"))
-				sslprm.ssl_min_ver = SSLv3_plus;
-			else if (!strcmp(varvalue, "TLSv1"))
+			if (!strcmp(varvalue, "TLSv1"))
 				sslprm.ssl_min_ver = TLSv1;
 			else if (!strcmp(varvalue, "TLSv1+"))
 				sslprm.ssl_min_ver = TLSv1_plus;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.