From f23c45f7f46143c225696b57422234d746698b73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lal?= Date: Fri, 3 Jun 2011 08:35:11 +0200 Subject: [PATCH] Option to disable SSL v2 Fixes #880 --- src/node_crypto.cc | 12 ++++++++++++ wscript | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 784dbf87b16..c0bdea6f24e 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -98,11 +98,23 @@ Handle SecureContext::Init(const Arguments& args) { String::Utf8Value sslmethod(args[0]->ToString()); if (strcmp(*sslmethod, "SSLv2_method") == 0) { +#ifndef OPENSSL_NO_SSL2 method = SSLv2_method(); +#else + return ThrowException(Exception::Error(String::New("SSLv2 methods disabled"))); +#endif } else if (strcmp(*sslmethod, "SSLv2_server_method") == 0) { +#ifndef OPENSSL_NO_SSL2 method = SSLv2_server_method(); +#else + return ThrowException(Exception::Error(String::New("SSLv2 methods disabled"))); +#endif } else if (strcmp(*sslmethod, "SSLv2_client_method") == 0) { +#ifndef OPENSSL_NO_SSL2 method = SSLv2_client_method(); +#else + return ThrowException(Exception::Error(String::New("SSLv2 methods disabled"))); +#endif } else if (strcmp(*sslmethod, "SSLv3_method") == 0) { method = SSLv3_method(); } else if (strcmp(*sslmethod, "SSLv3_server_method") == 0) { diff --git a/wscript b/wscript index e99a05d88f4..09d4b5af885 100644 --- a/wscript +++ b/wscript @@ -143,6 +143,13 @@ def set_options(opt): , dest='openssl_libpath' ) + opt.add_option( '--no-ssl2' + , action='store_true' + , default=False + , help="Disable OpenSSL v2" + , dest='openssl_nov2' + ) + opt.add_option( '--gdb' , action='store_true' , default=False @@ -279,6 +286,11 @@ def configure(conf): if not Options.options.without_ssl: # Don't override explicitly supplied openssl paths with pkg-config results. explicit_openssl = o.openssl_includes or o.openssl_libpath + + # Disable ssl v2 methods + if o.openssl_nov2: + conf.env.append_value("CPPFLAGS", "-DOPENSSL_NO_SSL2=1") + if not explicit_openssl and conf.check_cfg(package='openssl', args='--cflags --libs', uselib_store='OPENSSL'):