+++ /dev/null
-Index: spamassassin-3.4.1/spamc/libspamc.c
-===================================================================
---- spamassassin-3.4.1.orig/spamc/libspamc.c
-+++ spamassassin-3.4.1/spamc/libspamc.c
-@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp,
- unsigned int throwaway;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
-- SSL_METHOD *meth;
-+ const SSL_METHOD *meth;
- char zlib_on = 0;
- unsigned char *zlib_buf = NULL;
- int zlib_bufsiz = 0;
-@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp,
- if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- SSLeay_add_ssl_algorithms();
-- if (flags & SPAMC_TLSV1) {
-- meth = TLSv1_client_method();
-- } else {
-- meth = SSLv3_client_method(); /* default */
-- }
-+ meth = SSLv23_client_method();
- SSL_load_error_strings();
- ctx = SSL_CTX_new(meth);
- #else
-@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c
- int failureval;
- SSL_CTX *ctx = NULL;
- SSL *ssl = NULL;
-- SSL_METHOD *meth;
-+ const SSL_METHOD *meth;
-
- assert(tp != NULL);
- assert(m != NULL);
-@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c
- if (flags & SPAMC_USE_SSL) {
- #ifdef SPAMC_SSL
- SSLeay_add_ssl_algorithms();
-- meth = SSLv3_client_method();
-+ meth = SSLv23_client_method();
- SSL_load_error_strings();
- ctx = SSL_CTX_new(meth);
- #else
-Index: spamassassin-3.4.1/spamc/spamc.c
-===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.c
-+++ spamassassin-3.4.1/spamc/spamc.c
-@@ -368,16 +368,11 @@ read_args(int argc, char **argv,
- case 'S':
- {
- flags |= SPAMC_USE_SSL;
-- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
-- flags |= SPAMC_SSLV3;
-- }
-- else if (strcmp(spamc_optarg,"tlsv1") == 0) {
-- flags |= SPAMC_TLSV1;
-- }
-- else {
-- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg);
-- ret = EX_USAGE;
-- }
-+ if(spamc_optarg) {
-+ libspamc_log(flags, LOG_ERR,
-+ "Explicit specification of an SSL/TLS version no longer supported.");
-+ ret = EX_USAGE;
-+ }
- break;
- }
- #endif
-Index: spamassassin-3.4.1/spamd/spamd.raw
-===================================================================
---- spamassassin-3.4.1.orig/spamd/spamd.raw
-+++ spamassassin-3.4.1/spamd/spamd.raw
-@@ -409,7 +409,6 @@ GetOptions(
- 'sql-config!' => \$opt{'sql-config'},
- 'ssl' => \$opt{'ssl'},
- 'ssl-port=s' => \$opt{'ssl-port'},
-- 'ssl-version=s' => \$opt{'ssl-version'},
- 'syslog-socket=s' => \$opt{'syslog-socket'},
- 'syslog|s=s' => \$opt{'syslog'},
- 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'},
-@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) {
-
- # Do whitelist later in tmp dir. Side effect: this will be done as -u user.
-
--my $sslversion = $opt{'ssl-version'} || 'sslv3';
--if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
-- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
--}
--
- $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem";
- $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem";
-
-@@ -898,9 +892,8 @@ sub compose_listen_info_string {
- $socket_info->{ip_addr}, $socket_info->{port}));
-
- } elsif ($socket->isa('IO::Socket::SSL')) {
-- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s",
-- $socket_info->{ip_addr}, $socket_info->{port},
-- $opt{'ssl-version'}||'sslv3'));
-+ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
-+ $socket_info->{port}));
- }
- }
-
-@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet {
- $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
- && IO::Socket::IP->VERSION >= 0.09;
- %sockopt = (%sockopt, (
-- SSL_version => $sslversion,
- SSL_verify_mode => 0x00,
- SSL_key_file => $opt{'server-key'},
- SSL_cert_file => $opt{'server-cert'},
-@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet {
- if (!$server_inet) {
- $diag = sprintf("could not create %s socket on [%s]:%s: %s",
- $ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
-- $adr, $port, $!);
-+ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
-+ "$!,$IO::Socket::SSL::SSL_ERROR" : $!);
- push(@diag_fail, $diag);
- } else {
- $diag = sprintf("created %s socket on [%s]:%s",
-@@ -3232,7 +3225,6 @@ Options:
- -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
- --ssl Enable SSL on TCP connections
- --ssl-port port Override --port setting for SSL connections
-- --ssl-version sslversion Specify SSL protocol version to use
- --server-key keyfile Specify an SSL keyfile
- --server-cert certfile Specify an SSL certificate
- --socketpath=path Listen on a given UNIX domain socket
-@@ -3720,14 +3712,6 @@ Optionally specifies the port number for
- SSL connections (default: whatever --port uses). See B<--ssl> for
- more details.
-
--=item B<--ssl-version>=I<sslversion>
--
--Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
--The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
--higher hello handshake, then negotiating use of SSLv3 or TLSv1
--protocol if the client can accept it. Specifying B<--ssl-version>
--implies B<--ssl>.
--
- =item B<--server-key> I<keyfile>
-
- Specify the SSL key file to use for SSL connections.
-Index: spamassassin-3.4.1/spamc/spamc.pod
-===================================================================
---- spamassassin-3.4.1.orig/spamc/spamc.pod
-+++ spamassassin-3.4.1/spamc/spamc.pod
-@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a
- Sleep for I<sleep> seconds between failed spamd filtering attempts.
- The default is 1 second.
-
--=item B<-S>, B<--ssl>, B<--ssl>=I<sslversion>
-+=item B<-S>, B<--ssl>, B<--ssl>
-
- If spamc was built with support for SSL, encrypt data to and from the
- spamd process with SSL; spamd must support SSL as well.
--I<sslversion> specifies the SSL protocol version to use, either
--C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
-
- =item B<-t> I<timeout>, B<--timeout>=I<timeout>
-
-Index: spamassassin-3.4.1/t/spamd_ssl_tls.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#!/usr/bin/perl
--
--use lib '.'; use lib 't';
--use SATest; sa_t_init("spamd_ssl_tls");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
--
--exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
--
--# ---------------------------------------------------------------------------
--
--%patterns = (
--
--q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
--q{ Subject: There yours for FREE!}, 'subj',
--q{ X-Spam-Status: Yes, score=}, 'status',
--q{ X-Spam-Flag: YES}, 'flag',
--q{ X-Spam-Level: **********}, 'stars',
--q{ TEST_ENDSNUMS}, 'endsinnums',
--q{ TEST_NOREALNAME}, 'noreal',
--q{ This must be the very last line}, 'lastline',
--
--
--);
--
--ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
-- "--ssl=tlsv1 < data/spam/001",
-- \&patterns_run_cb));
--ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl_v3.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#!/usr/bin/perl
--
--use lib '.'; use lib 't';
--use SATest; sa_t_init("spamd_sslv3");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
--
--exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
--
--# ---------------------------------------------------------------------------
--
--%patterns = (
--
--q{ Return-Path: sb55sb55@yahoo.com}, 'firstline',
--q{ Subject: There yours for FREE!}, 'subj',
--q{ X-Spam-Status: Yes, score=}, 'status',
--q{ X-Spam-Flag: YES}, 'flag',
--q{ X-Spam-Level: **********}, 'stars',
--q{ TEST_ENDSNUMS}, 'endsinnums',
--q{ TEST_NOREALNAME}, 'noreal',
--q{ This must be the very last line}, 'lastline',
--
--
--);
--
--ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert",
-- "--ssl=sslv3 < data/spam/001",
-- \&patterns_run_cb));
--ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t
-+++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t
-@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la
-
- );
-
--ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
-+ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert"));
- ok (spamcrun ("< data/spam/001", \&patterns_run_cb));
--ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb));
-+ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb));
- ok (stop_spamd ());
-
- ok_all_patterns();
-Index: spamassassin-3.4.1/t/spamd_ssl.t
-===================================================================
---- spamassassin-3.4.1.orig/t/spamd_ssl.t
-+++ spamassassin-3.4.1/t/spamd_ssl.t
-@@ -2,10 +2,7 @@
-
- use lib '.'; use lib 't';
- use SATest; sa_t_init("spamd_ssl");
--use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9),
-- onfail => sub {
-- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" .
-- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" };
-+use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9);
-
- exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE);
-
-Index: spamassassin-3.4.1/MANIFEST
-===================================================================
---- spamassassin-3.4.1.orig/MANIFEST
-+++ spamassassin-3.4.1/MANIFEST
-@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t
- t/spamd_sql_prefs.t
- t/spamd_ssl.t
- t/spamd_ssl_accept_fail.t
--t/spamd_ssl_tls.t
--t/spamd_ssl_v3.t
- t/spamd_stop.t
- t/spamd_symbols.t
- t/spamd_syslog.t
TLD / packages / spamassassin.git / blobdiff