Index: src/protocol.c =================================================================== *** src/protocol.c (revision 2825) --- src/protocol.c (working copy) *************** *** 57,63 **** --- 57,65 ---- static void nntp_client(CLI *); static void connect_client(CLI *); static char *ntlm1(); + #ifndef OPENSSL_NO_MD4 static char *ntlm3(char *, char *, char *); + #endif static void crypt_DES(DES_cblock, DES_cblock, DES_cblock); static char *base64(int, char *, int); *************** *** 79,86 **** --- 81,90 ---- imap_client(c); else if(!strcmp(c->opt->protocol, "nntp")) nntp_client(c); + #ifndef OPENSSL_NO_MD4 else if(!strcmp(c->opt->protocol, "connect")) connect_client(c); + #endif else if(!strcmp(c->opt->protocol, "pgsql")) pgsql_client(c); else { *************** *** 396,401 **** --- 400,406 ---- } } + #ifndef OPENSSL_NO_MD4 static void connect_client(CLI *c) { char line[STRLEN], ntlm2[STRLEN], *encoded; long content_length; *************** *** 477,482 **** --- 482,488 ---- fdgetline(c, c->remote_fd.fd, line); /* read all headers */ } while(*line); } + #endif /* * NTLM code is based on the following documentation: *************** *** 495,500 **** --- 501,507 ---- return base64(1, phase1, sizeof phase1); /* encode */ } + #ifndef OPENSSL_NO_MD4 static char *ntlm3(char *username, char *password, char *phase2) { MD4_CTX md4; char *decoded; /* decoded reply from proxy */ *************** *** 543,548 **** --- 550,556 ---- return base64(1, phase3, phase3len); /* encode */ } + #endif static void crypt_DES(DES_cblock dst, const_DES_cblock src, DES_cblock hash) { DES_cblock key; Index: src/options.c =================================================================== *** src/options.c (revision 2825) --- src/options.c (working copy) *************** *** 1220,1247 **** --- 1220,1293 ---- switch(cmd) { case CMD_INIT: #ifdef USE_FIPS + #ifndef OPENSSL_NO_TLS section->client_method=(SSL_METHOD *)TLSv1_client_method(); section->server_method=(SSL_METHOD *)TLSv1_server_method(); #else + #error Need TLSv1 for FIPS mode + #endif + #else + #if !defined(OPENSSL_NO_SSL3) + #define DEFAULT_SSLVER_CLIENT "SSLv3" section->client_method=(SSL_METHOD *)SSLv3_client_method(); + #elif !defined(OPENSSL_NO_SSL2) + #define DEFAULT_SSLVER_CLIENT "SSLv2" + section->client_method=(SSL_METHOD *)SSLv2_client_method(); + #elif !defined(OPENSSL_NO_TLS1) + #define DEFAULT_SSLVER_CLIENT "TLSv1" + section->client_method=(SSL_METHOD *)TLSv1_client_method(); + #else + #error No supported SSL methods found + #endif + + #if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL2) + #define DEFAULT_SSLVER_SERVER "all" section->server_method=(SSL_METHOD *)SSLv23_server_method(); + #elif !defined(OPENSSL_NO_SSL3) + #define DEFAULT_SSLVER_SERVER "SSLv3" + section->server_method=(SSL_METHOD *)SSLv3_server_method(); + #elif !defined(OPENSSL_NO_SSL2) + #define DEFAULT_SSLVER_SERVER "SSLv2" + section->server_method=(SSL_METHOD *)SSLv2_server_method(); + #elif !defined(OPENSSL_NO_TLS1) + #define DEFAULT_SSLVER_SERVER "TLSv1" + section->server_method=(SSL_METHOD *)TLSv1_server_method(); + #else + #error No supported SSL methods found + #endif #endif break; case CMD_EXEC: if(strcasecmp(opt, "sslVersion")) break; if(!strcasecmp(arg, "all")) { + #if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL2) section->client_method=(SSL_METHOD *)SSLv23_client_method(); section->server_method=(SSL_METHOD *)SSLv23_server_method(); + #else + return "SSLv23 not supported"; + #endif } else if(!strcasecmp(arg, "SSLv2")) { + #if !defined(OPENSSL_NO_SSL2) section->client_method=(SSL_METHOD *)SSLv2_client_method(); section->server_method=(SSL_METHOD *)SSLv2_server_method(); + #else + return "SSLv2 not supported"; + #endif } else if(!strcasecmp(arg, "SSLv3")) { + #if !defined(OPENSSL_NO_SSL3) section->client_method=(SSL_METHOD *)SSLv3_client_method(); section->server_method=(SSL_METHOD *)SSLv3_server_method(); + #else + return "SSLv3 not supported"; + #endif } else if(!strcasecmp(arg, "TLSv1")) { + #if !defined(OPENSSL_NO_TLS1) section->client_method=(SSL_METHOD *)TLSv1_client_method(); section->server_method=(SSL_METHOD *)TLSv1_server_method(); + #else + return "TLSv1 not supported"; + #endif } else return "Incorrect version of SSL protocol"; return NULL; /* OK */ *************** *** 1249,1255 **** #ifdef USE_FIPS s_log(LOG_NOTICE, "%-15s = TLSv1", "sslVersion"); #else ! s_log(LOG_NOTICE, "%-15s = SSLv3 for client, all for server", "sslVersion"); #endif break; case CMD_HELP: --- 1295,1302 ---- #ifdef USE_FIPS s_log(LOG_NOTICE, "%-15s = TLSv1", "sslVersion"); #else ! s_log(LOG_NOTICE, "%-15s = " DEFAULT_SSLVER_CLIENT " for client, " ! DEFAULT_SSLVER_SERVER " for server", "sslVersion"); #endif break; case CMD_HELP: Index: src/common.h =================================================================== *** src/common.h (revision 2825) --- src/common.h (working copy) *************** *** 359,369 **** --- 359,375 ---- #include #include /* for CRYPTO_* and SSLeay_version */ #include + #ifndef OPENSSL_NO_MD4 #include + #endif #include #ifdef HAVE_OSSL_ENGINE_H + #ifndef OPENSSL_NO_ENGINE #include + #else + #undef HAVE_OSSL_ENGINE_H + #endif #endif /* HAVE_OSSL_ENGINE_H */ #if SSLEAY_VERSION_NUMBER >= 0x00907000L