From 01e0186d48d24f4ec2d5cbbd57de6e72127857d4 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Sat, 8 Nov 2014 15:04:21 +0100
Subject: [PATCH] openssl: make it possible to build without SSLv3

Original patch by Kurt Roeckx <kurt@roeckx.be>.

Bug: https://bugs.debian.org/768562
---
 lib/vtls/openssl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index ccf2f73..88e644b 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1555,6 +1555,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
     break;
 #endif
   case CURL_SSLVERSION_SSLv3:
+#ifdef OPENSSL_NO_SSL3
+    failf(data, "OpenSSL was built without SSLv3 support");
+    return CURLE_NOT_BUILT_IN;
+#else
 #ifdef USE_TLS_SRP
     if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
       return CURLE_SSL_CONNECT_ERROR;
@@ -1562,6 +1566,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
     req_method = SSLv3_client_method();
     use_sni(FALSE);
     break;
+#endif
   }
 
   if(connssl->ctx)
@@ -1652,6 +1657,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
 #endif
 
   switch(data->set.ssl.version) {
+#ifndef OPENSSL_NO_SSL3
   case CURL_SSLVERSION_SSLv3:
     ctx_options |= SSL_OP_NO_SSLv2;
     ctx_options |= SSL_OP_NO_TLSv1;
@@ -1660,6 +1666,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
     ctx_options |= SSL_OP_NO_TLSv1_2;
 #endif
     break;
+#endif
 
   case CURL_SSLVERSION_DEFAULT:
 #ifdef USE_TLS_SRP
-- 
2.1.3