mod_ssl, ab: Support OpenSSL compiled without SSLv2 support

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1090367 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.12
 
+  *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
+     [Stefan Fritsch]
+
   *) core: Abort if the MPM is changed across restart.  [Jeff Trawick]
 
   *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.

modules/ssl/ssl_engine_config.c

@@ -1208,6 +1208,11 @@ static const char *ssl_cmd_protocol_parse(cmd_parms *parms,
         }
 
         if (strcEQ(w, "SSLv2")) {
+#ifdef OPENSSL_NO_SSL2
+            if (action != '-') {
+                return "SSLv2 not supported by this version of OpenSSL";
+            }
+#endif
             thisopt = SSL_PROTOCOL_SSLV2;
         }
         else if (strcEQ(w, "SSLv3")) {

modules/ssl/ssl_engine_init.c

@@ -500,16 +500,18 @@ static void ssl_init_ctx_protocol(server_rec *s,
     ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,
                  "Creating new SSL context (protocols: %s)", cp);
 
-    if (protocol == SSL_PROTOCOL_SSLV2) {
+    if (protocol == SSL_PROTOCOL_SSLV3) {
-        method = mctx->pkp ?
-            SSLv2_client_method() : /* proxy */
-            SSLv2_server_method();  /* server */
-    }
-    else if (protocol == SSL_PROTOCOL_SSLV3) {
         method = mctx->pkp ?
             SSLv3_client_method() : /* proxy */
             SSLv3_server_method();  /* server */
     }
+#ifndef OPENSSL_NO_SSL2
+    else if (protocol == SSL_PROTOCOL_SSLV2) {
+        method = mctx->pkp ?
+            SSLv2_client_method() : /* proxy */
+            SSLv2_server_method();  /* server */
+    }
+#endif
     else if (protocol == SSL_PROTOCOL_TLSV1) {
         method = mctx->pkp ?
             TLSv1_client_method() : /* proxy */

modules/ssl/ssl_private.h

@@ -236,7 +236,11 @@ typedef int ssl_opt_t;
 #define SSL_PROTOCOL_SSLV2 (1<<0)
 #define SSL_PROTOCOL_SSLV3 (1<<1)
 #define SSL_PROTOCOL_TLSV1 (1<<2)
+#ifndef OPENSSL_NO_SSL2
 #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#else
+#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#endif
 typedef int ssl_proto_t;
 
 /**

support/ab.c

@@ -1890,7 +1890,11 @@ static void usage(const char *progname)
     fprintf(stderr, "    -h              Display usage information (this message)\n");
 #ifdef USE_SSL
     fprintf(stderr, "    -Z ciphersuite  Specify SSL/TLS cipher suite (See openssl ciphers)\n");
+#ifndef OPENSSL_NO_SSL2
     fprintf(stderr, "    -f protocol     Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n");
+#else
+    fprintf(stderr, "    -f protocol     Specify SSL/TLS protocol (SSL3, TLS1, or ALL)\n");
+#endif
 #endif
     exit(EINVAL);
 }
@@ -2219,8 +2223,10 @@ int main(int argc, const char * const argv[])
             case 'f':
                 if (strncasecmp(opt_arg, "ALL", 3) == 0) {
                     meth = SSLv23_client_method();
+#ifndef OPENSSL_NO_SSL2
                 } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
                     meth = SSLv2_client_method();
+#endif
                 } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
                     meth = SSLv3_client_method();
                 } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {