From 801e1fe46d83c856844ba18ae4751478c59af0d1 Mon Sep 17 00:00:00 2001
From: tenderlove <tenderlove@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 29 Aug 2015 17:45:14 +0000
Subject: * ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3
 support   if the SSL library supports it.  Thanks Kurt Roeckx
 <kurt@roeckx.be>   [Bug #11376]

* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
  implementation.

* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
  if there is no support.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51722 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                | 12 ++++++++++++
 ext/openssl/extconf.rb   |  3 +++
 ext/openssl/ossl_ssl.c   |  3 +++
 test/openssl/test_ssl.rb |  2 +-
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 9e81b8d492..fa840c2a81 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Sun Aug 30 02:42:22 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
+	  if the SSL library supports it.  Thanks Kurt Roeckx <kurt@roeckx.be>
+	  [Bug #11376]
+
+	* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
+	  implementation.
+
+	* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
+	  if there is no support.
+
 Fri Aug 28 16:05:09 2015  SHIBATA Hiroshi  <hsbt@ruby-lang.org>
 
 	* lib/rdoc/*: Update rdoc master(cfffed5)
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 8c04cb56e8..132d8030fa 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -104,6 +104,9 @@ have_func("OPENSSL_cleanse")
 have_func("SSLv2_method")
 have_func("SSLv2_server_method")
 have_func("SSLv2_client_method")
+have_func("SSLv3_method")
+have_func("SSLv3_server_method")
+have_func("SSLv3_client_method")
 have_func("TLSv1_1_method")
 have_func("TLSv1_1_server_method")
 have_func("TLSv1_1_client_method")
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index f7cb7f0465..47111f69a8 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -109,9 +109,12 @@ static const struct {
     OSSL_SSL_METHOD_ENTRY(SSLv2_server),
     OSSL_SSL_METHOD_ENTRY(SSLv2_client),
 #endif
+#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
+        defined(HAVE_SSLV3_CLIENT_METHOD)
     OSSL_SSL_METHOD_ENTRY(SSLv3),
     OSSL_SSL_METHOD_ENTRY(SSLv3_server),
     OSSL_SSL_METHOD_ENTRY(SSLv3_client),
+#endif
     OSSL_SSL_METHOD_ENTRY(SSLv23),
     OSSL_SSL_METHOD_ENTRY(SSLv23_server),
     OSSL_SSL_METHOD_ENTRY(SSLv23_client),
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 07e081b352..0cbfcba590 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -912,7 +912,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
   # that has been marked as forbidden, therefore either of these may be raised
   HANDSHAKE_ERRORS = [OpenSSL::SSL::SSLError, Errno::ECONNRESET]
 
-if OpenSSL::SSL::SSLContext::METHODS.include? :TLSv1
+if OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1) && OpenSSL::SSL::SSLContext::METHODS.include?(:SSLv3)
 
   def test_forbid_ssl_v3_for_client
     ctx_proc = Proc.new { |ctx| ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3 }
-- 
cgit v1.2.3