From 9f4c705e3832bf8d01e0069c2987ba7ae12b3ada Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Mon, 12 Dec 2016 02:32:55 +0100
Subject: Support for Debian/Ubuntu mutilated SSLv3 support.

Ubuntu 16.04 LTS, in a misguided attempt to avoid SSLv3 without breaking
the API, does not declare SSLv3 unsupported through the headers, so
applications can only detect this situation at run-time.

The symptom is that SSL_CTX_new errors out with
SSL_R_NULL_SSL_METHOD_PASSED on the error stack, issue an additional
note telling the user to select a newer version.
---
 socket.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 0187b9ec..f6a3b19c 100644
--- a/socket.c
+++ b/socket.c
@@ -1064,7 +1064,11 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		_ctx[sock] = SSL_CTX_new(SSLv23_client_method());
 	}
 	if(_ctx[sock] == NULL) {
+		unsigned long ec = ERR_peek_last_error();
 		ERR_print_errors_fp(stderr);
+		if (ERR_GET_REASON(ec) == SSL_R_NULL_SSL_METHOD_PASSED) {
+		    report(stderr, GT_("Note that some distributions disable older protocol versions in weird non-standard ways. Try a newer protocol version.\n"));
+		}
 		return(-1);
 	}
 
-- 
cgit v1.2.3