diff options
| author | Dominyk Tiller | 2014-10-18 00:48:57 +0100 |
|---|---|---|
| committer | Mike McQuaid | 2014-10-19 12:43:16 +0100 |
| commit | 73ca769de13b72682d0dcfe7d54f31f96fd5e5ca (patch) | |
| tree | c707f5b972d931d8a90dde63eaafeca62233ce60 /Library | |
| parent | 625fe7889b9dc8b95cd1ec0334d9d95ae2a9e77c (diff) | |
| download | homebrew-73ca769de13b72682d0dcfe7d54f31f96fd5e5ca.tar.bz2 | |
polarssl: killing sslv3
Proposing we take a sharp axe to sslv3 in this PR. Reasons:
1) We want to do this with OpenSSL as soon as practical. PolarSSL works in a roughly similar way but is much less widely used, only having one Homebrew dependency (and even that is optional), which makes it a nice platform for testing.
2) PolarSSL has no mechanism to mitigate the SSLv3 POODLE mess in the manner OpenSSL has. That mechanism isn’t available to PolarSSL, and consequently upstream’s recommendation [here](https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-03-poodle-attack-on-ssl-v3) is just “feel free to kill sslv3 like this”.
3) If anything goes horribly wrong with this change, and I don’t think it will FWIW, it’s a 2 minute job to revert and rebuild to fix. That’s the kind of risk bracket I feel relatively comfortable jumping into for once.
Diffstat (limited to 'Library')
| -rw-r--r-- | Library/Formula/polarssl.rb | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/Library/Formula/polarssl.rb b/Library/Formula/polarssl.rb index 2f1105014..7e76c29b8 100644 --- a/Library/Formula/polarssl.rb +++ b/Library/Formula/polarssl.rb @@ -3,7 +3,9 @@ require "formula" class Polarssl < Formula homepage "https://polarssl.org/" url "https://polarssl.org/download/polarssl-1.3.8-gpl.tgz" - sha1 "82ed8ebcf3dd53621da5395b796fc0917083691d" + mirror "https://mirrors.kernel.org/debian/pool/main/p/polarssl/polarssl_1.3.8.orig.tar.gz" + sha256 "318171db41335cacbb5b0047c94f1faf91442ab70a223b5223436703c9406ff1" + revision 1 head "https://github.com/polarssl/polarssl.git" @@ -19,6 +21,13 @@ class Polarssl < Formula conflicts_with "md5sha1sum", :because => "both install conflicting binaries" def install + # Kills SSL2 Handshake & SSLv3 using upstream's recommended method. + # Upstream, can you make this less hacky please? + inreplace "include/polarssl/config.h" do |s| + s.gsub! "#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO", "//#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO" + s.gsub! "#define POLARSSL_SSL_PROTO_SSL3", "//#define POLARSSL_SSL_PROTO_SSL3" + end + system "cmake", ".", *std_cmake_args system "make" system "make", "install" |