Add linker warnings in case SSLv3_{,client,server}_method are referenced.

Use of this symbols proves the existence of a code path willingly using SSLv3, even with OPENSSL_NO_SSL3 being defined, which hints that it needs fixing. Discussed with the LibreSSL cabal during c2k15; ok deraadt@
author: miod <> 2015-07-29 19:16:09 +0000
committer: miod <> 2015-07-29 19:16:09 +0000
commit: c399ec1a5a1e334ca2ae5a449ca396abc5b4d043 (patch)
tree: 36ff459bed9e875f3dcd4c1b4dd20e6d941ed862 /src/lib/libssl/s3_clnt.c
parent: 6a72ca90e8e4257c1656bef69f6deeeac4ac3cb6 (diff)
download: openbsd-c399ec1a5a1e334ca2ae5a449ca396abc5b4d043.tar.gz
openbsd-c399ec1a5a1e334ca2ae5a449ca396abc5b4d043.tar.bz2
openbsd-c399ec1a5a1e334ca2ae5a449ca396abc5b4d043.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9a5ef826f6..b739711732 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.120 2015/07/19 07:34:52 doug Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.121 2015/07/29 19:16:09 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -170,6 +170,12 @@
 #include "bytestring.h"
+#ifdef __OpenBSD__
+#include <sys/cdefs.h>
+__warn_references(SSLv3_client_method,
+    "SSLv3_client_method() enables the use of insecure protocols");
+#endif
 static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
author	miod <>	2015-07-29 19:16:09 +0000
committer	miod <>	2015-07-29 19:16:09 +0000
commit	c399ec1a5a1e334ca2ae5a449ca396abc5b4d043 (patch)
tree	36ff459bed9e875f3dcd4c1b4dd20e6d941ed862 /src/lib/libssl/s3_clnt.c
parent	6a72ca90e8e4257c1656bef69f6deeeac4ac3cb6 (diff)
download	openbsd-c399ec1a5a1e334ca2ae5a449ca396abc5b4d043.tar.gz openbsd-c399ec1a5a1e334ca2ae5a449ca396abc5b4d043.tar.bz2 openbsd-c399ec1a5a1e334ca2ae5a449ca396abc5b4d043.zip