From 7204a2393e5969f71452c953021a9ca4deab5fd2 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 11 Apr 2015 11:39:19 +0200
Subject: Fix typo regarding SSL_OP_NO_SSLv3, and carry over one basic block
 from master branch.

---
 socket.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 5ed62546..9cd66312 100644
--- a/socket.c
+++ b/socket.c
@@ -911,7 +911,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		if(!strcasecmp("ssl3",myproto)) {
 #if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0) && (0 == OPENSSL_NO_SSL3 + 0)
 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
-			avoid_ssl_versions &= ~SSL_OP_NO_SSLv2;
+			avoid_ssl_versions &= ~SSL_OP_NO_SSLv3;
 #else
 			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
 			return -1;
@@ -936,7 +936,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 			myproto = NULL;
 		}
 	}
-	if(!myproto) {
+	// do not combine into an else { } as myproto may be nulled
+	// above!
+	if (!myproto) {
+		// SSLv23 is a misnomer and will in fact use the best
+		// available protocol, subject to SSL_OP_NO*
+		// constraints.
 		_ctx[sock] = SSL_CTX_new(SSLv23_client_method());
 	}
 	if(_ctx[sock] == NULL) {
-- 
cgit v1.2.3