Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3
On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote:
> > The SSLv2 methods actually didn't exist in jessie, but some
> > defaults where changed and the SSLv2 methods now in jessie just
> > return NULL.  This removes the symbols again.  Exposing the
> > symbols in the headers actually seems to have broken something,
> > so this removes them again.  It was actually never the intention
> > to introduce those symbols again.
> [...]
> > -CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib  enable-tlsext no-ssl2 no-ssl3
> > +CONFARGS  = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2 no-ssl2-method no-ssl3
> 
> Does this also affect the 1.0.2 tree? The 1.0.2h package in unstable has
> no-ssl2, no-ssl3, no-ssl3-method but not no-ssl2-method.
You're right, it has the same problem.  I completly forgot that, and
I even commited that myself.
The reason for splitting no-ssl2 into no-ssl2 and no-ssl2-method
is that we turned no-ssl2 on by default and people were suprised
that SSLv2_* methods actually got removed and it of course broke
various distributions that didn't builld with no-ssl2.  So we
changed the default to make those funtions return NULL instead by
default, and then remove them with no-ssl2-method.
Kurt
Reply to: