1
Index: spamassassin_release_3_3_2_rc_1/spamc/libspamc.c
2
===================================================================
3
--- spamassassin_release_3_3_2_rc_1.orig/spamc/libspamc.c 2011-05-14 09:04:36.000000000 -0700
4
+++ spamassassin_release_3_3_2_rc_1/spamc/libspamc.c 2011-05-14 12:00:10.000000000 -0700
5
@@ -1202,14 +1202,10 @@
6
if (flags & SPAMC_USE_SSL) {
8
SSLeay_add_ssl_algorithms();
9
- if ((flags & SPAMC_SSLV2) && (flags & SPAMC_SSLV3)) {
10
- meth = TLSv1_client_method(); /* both flag bits on means use TLSv1 */
11
- } else if (flags & SPAMC_SSLV2) {
12
- meth = SSLv2_client_method();
13
- } else if (flags & SPAMC_SSLV3) {
14
- meth = SSLv3_client_method();
15
+ if (flags & SPAMC_TLSV1) {
16
+ meth = TLSv1_client_method();
18
- meth = SSLv23_client_method(); /* no flag bits, default SSLv23 */
19
+ meth = SSLv3_client_method(); /* default */
21
SSL_load_error_strings();
22
ctx = SSL_CTX_new(meth);
24
if (flags & SPAMC_USE_SSL) {
26
SSLeay_add_ssl_algorithms();
27
- meth = SSLv2_client_method();
28
+ meth = SSLv3_client_method();
29
SSL_load_error_strings();
30
ctx = SSL_CTX_new(meth);
32
Index: spamassassin_release_3_3_2_rc_1/spamc/libspamc.h
33
===================================================================
34
--- spamassassin_release_3_3_2_rc_1.orig/spamc/libspamc.h 2011-05-14 09:04:36.000000000 -0700
35
+++ spamassassin_release_3_3_2_rc_1/spamc/libspamc.h 2011-05-14 12:00:10.000000000 -0700
37
/* Jan 1, 2007 sidney: added SSL protocol versions */
38
/* no flags means use default of SSL_v23 */
39
/* Set both flags to specify TSL_v1 */
40
-#define SPAMC_SSLV2 (1<<18)
41
+#define SPAMC_TLSV1 (1<<18)
42
#define SPAMC_SSLV3 (1<<17)
44
/* Nov 30, 2006 jm: add -z, zlib support */
45
Index: spamassassin_release_3_3_2_rc_1/spamc/spamc.c
46
===================================================================
47
--- spamassassin_release_3_3_2_rc_1.orig/spamc/spamc.c 2011-05-14 09:04:36.000000000 -0700
48
+++ spamassassin_release_3_3_2_rc_1/spamc/spamc.c 2011-05-14 12:00:10.000000000 -0700
52
flags |= SPAMC_USE_SSL;
53
- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv23") == 0)) {
54
- /* this is the default */
56
- else if (strcmp(spamc_optarg,"sslv2") == 0) {
57
- flags |= SPAMC_SSLV2;
59
- else if (strcmp(spamc_optarg,"sslv3") == 0) {
60
- flags |= SPAMC_SSLV3;
61
+ if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) {
62
+ flags |= SPAMC_SSLV3;
64
else if (strcmp(spamc_optarg,"tlsv1") == 0) {
65
- flags |= (SPAMC_SSLV2 | SPAMC_SSLV3);
66
+ flags |= SPAMC_TLSV1;
69
libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg);
70
Index: spamassassin_release_3_3_2_rc_1/spamc/spamc.pod
71
===================================================================
72
--- spamassassin_release_3_3_2_rc_1.orig/spamc/spamc.pod 2011-05-14 11:55:50.000000000 -0700
73
+++ spamassassin_release_3_3_2_rc_1/spamc/spamc.pod 2011-05-14 12:00:10.000000000 -0700
76
If spamc was built with support for SSL, encrypt data to and from the
77
spamd process with SSL; spamd must support SSL as well.
78
-I<sslversion> specifies the SSL protocol version to use, one of
79
-C<sslv2>, C<sslv3>, C<tlsv1>, or C<sslv23>. The default, C<sslv23>, causes
80
-spamc to use a SSLv2 hello handshake then negotiate use of SSLv3 or TLSv1
81
-protocol if the spamd server can accept it.
82
+I<sslversion> specifies the SSL protocol version to use, either
83
+C<sslv3>, or C<tlsv1>. The default, is C<sslv3>.
85
=item B<-t> I<timeout>, B<--timeout>=I<timeout>
87
Index: spamassassin_release_3_3_2_rc_1/spamd/spamd.raw
88
===================================================================
89
--- spamassassin_release_3_3_2_rc_1.orig/spamd/spamd.raw 2011-05-14 11:55:36.000000000 -0700
90
+++ spamassassin_release_3_3_2_rc_1/spamd/spamd.raw 2011-05-14 12:00:10.000000000 -0700
92
$sslport = ( getservbyname($sslport, 'tcp') )[2];
93
die "spamd: invalid ssl-port: $opt{'port'}\n" unless $sslport;
95
- $sslversion = $opt{'ssl-version'} || 'sslv23';
96
- if ($sslversion !~ /^(?:sslv([23]|23)|(tlsv1))$/) {
97
+ $sslversion = $opt{'ssl-version'} || 'sslv3';
98
+ if ($sslversion !~ /^(?:sslv3|tlsv1)$/) {
99
die "spamd: invalid ssl-version: $opt{'ssl-version'}\n";
102
@@ -3341,12 +3341,11 @@
104
=item B<--ssl-version>=I<sslversion>
106
-Specify the SSL protocol version to use, one of
107
-B<sslv2>, B<sslv3>, B<tlsv1>, or B<sslv23>.
108
-The default, B<sslv23>, is the most flexible, accepting a SSLv2 or higher
109
-hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if the client
111
-Specifying B<--ssl-version> implies B<--ssl>.
112
+Specify the SSL protocol version to use, one of B<sslv3> or B<tlsv1>.
113
+The default, B<sslv3>, is the most flexible, accepting a SSLv3 or
114
+higher hello handshake, then negotiating use of SSLv3 or TLSv1
115
+protocol if the client can accept it. Specifying B<--ssl-version>
118
=item B<--server-key> I<keyfile>