From aee0a1be4163b06ae8d32dff93d13a87668423b3 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Tue, 17 May 2011 18:00:56 +0200
Subject: Reinstate SSLv2 support on legacy_63 branch.

Revert "Remove support for SSLv2 (fixes Debian Bug #622054)."
This reverts commit c22a3afca46c83ee6d53a6ee58deb122f309c460.
---
 socket.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 26e37de8..f513d9ff 100644
--- a/socket.c
+++ b/socket.c
@@ -899,14 +899,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 	/* Make sure a connection referring to an older context is not left */
 	_ssl_context[sock] = NULL;
 	if(myproto) {
-		if(!strcasecmp("ssl3",myproto)) {
+		if(!strcasecmp("ssl2",myproto)) {
+			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+		} else if(!strcasecmp("ssl3",myproto)) {
 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
 		} else if(!strcasecmp("tls1",myproto)) {
 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
 		} else if (!strcasecmp("ssl23",myproto)) {
 			myproto = NULL;
 		} else {
-			fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto);
+			fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
 			myproto = NULL;
 		}
 	}
@@ -918,7 +920,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 		return(-1);
 	}
 
-	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2);
+	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
 
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
-- 
cgit v1.2.3