Re: git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL

Reply: Ryan Steinmetz : "Re: git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL"
In reply to: Ryan Steinmetz : "git: 3653c88dfeb3 - main - irc/ircd-ratbox: Unbreak with modern OpenSSL"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Mon, 01 Jul 2024 22:34:22 UTC

Am 01.07.24 um 23:47 schrieb Ryan Steinmetz:
> The branch main has been updated by zi:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=3653c88dfeb3bbc5e9ad572b65276f5d8807693b
> 
> commit 3653c88dfeb3bbc5e9ad572b65276f5d8807693b
> Author:     Ryan Steinmetz <zi@FreeBSD.org>
> AuthorDate: 2024-07-01 21:46:46 +0000
> Commit:     Ryan Steinmetz <zi@FreeBSD.org>
> CommitDate: 2024-07-01 21:46:46 +0000
> 
>      irc/ircd-ratbox: Unbreak with modern OpenSSL
>      
>      - Bump PORTREVISION
>      Approved by:    blanket
> ---
>   irc/ircd-ratbox/Makefile                            |  2 +-
>   irc/ircd-ratbox/files/patch-libratbox_src_openssl.c | 11 +++++++++++
>   2 files changed, 12 insertions(+), 1 deletion(-)
> 
> diff --git a/irc/ircd-ratbox/Makefile b/irc/ircd-ratbox/Makefile
> index 43f2c284fdce..1fa77580afe2 100644
> --- a/irc/ircd-ratbox/Makefile
> +++ b/irc/ircd-ratbox/Makefile
> @@ -1,6 +1,6 @@
>   PORTNAME=	ircd-ratbox
>   PORTVERSION=	3.0.10
> -PORTREVISION=	7
> +PORTREVISION=	8
>   CATEGORIES=	irc
>   MASTER_SITES=	http://www.ratbox.org/download/				\
>   		http://www.ratbox.org/download/old/
> diff --git a/irc/ircd-ratbox/files/patch-libratbox_src_openssl.c b/irc/ircd-ratbox/files/patch-libratbox_src_openssl.c
> new file mode 100644
> index 000000000000..69db1316de0a
> --- /dev/null
> +++ b/irc/ircd-ratbox/files/patch-libratbox_src_openssl.c
> @@ -0,0 +1,11 @@
> +--- libratbox/src/openssl.c.orig	2024-07-01 21:36:08 UTC
> ++++ libratbox/src/openssl.c
> +@@ -299,7 +299,7 @@ rb_init_ssl(void)
> + 	/* Disable SSLv2, make the client use our settings */
> + 	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE);

Thanks.

Should that also get options to add SSL_OP_NO_SSLv3, and possibly does 
it - or should one add - options to set the minimum negotiable TLS 
version to 1.2?

> +
> +-	ssl_client_ctx = SSL_CTX_new(TLSv1_client_method());
> ++	ssl_client_ctx = SSL_CTX_new(TLS_client_method());
> +
> + 	if(ssl_client_ctx == NULL)
> + 	{

-- 
Matthias Andree
FreeBSD ports committer