From e069bb1b231c10737d2d6f97efed8db9643cda25 Mon Sep 17 00:00:00 2001
From: rfm <rfm@72102866-910b-0410-8b05-ffd578937521>
Date: Tue, 9 Jun 2009 08:32:16 +0000
Subject: [PATCH] Disable SSLv2 by default as it is insecure.

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@28336 72102866-910b-0410-8b05-ffd578937521
---
 ChangeLog               |  5 +++++
 SSL/GSSSLHandle.m       | 29 +++++++++++++++++++++++++++++
 Source/GSSocketStream.m |  2 +-
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 4651ee7d6..f42a17cdc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009-06-09 Richard Frith-Macdonald <rfm@gnu.org>
+
+	* SSL/Source/GSSSLHandle.m: Disable v2 by default due to
+	security issues.  GSPermitSSLv2 user default can enable it again.
+
 2009-06-08 Richard Frith-Macdonald <rfm@gnu.org>
 
 	* Source/Additions/Unicode.m: Optimise somewhat for converting
diff --git a/SSL/GSSSLHandle.m b/SSL/GSSSLHandle.m
index 3d285d329..f3d3d74af 100644
--- a/SSL/GSSSLHandle.m
+++ b/SSL/GSSSLHandle.m
@@ -122,11 +122,21 @@ sslError(int err)
 		 PEMpasswd: (NSString*)PEMpasswd;
 @end
 
+static BOOL	permitSSLv2 = NO;
+
 @implementation	GSSSLHandle
++ (void) _defaultsChanged: (NSNotification*)n
+{
+  permitSSLv2
+    = [[NSUserDefaults standardUserDefaults] boolForKey: @"GSPermitSSLv2"];
+}
+
 + (void) initialize
 {
   if (self == [GSSSLHandle class])
     {
+      NSUserDefaults	*defs;
+
       SSL_library_init();
 
       /*
@@ -140,6 +150,13 @@ sslError(int err)
 	  inf = [[[NSProcessInfo processInfo] globallyUniqueString] UTF8String];
 	  RAND_seed(inf, strlen(inf));
 	}
+      defs = [NSUserDefaults standardUserDefaults];
+      permitSSLv2 = [defs boolForKey: @"GSPermitSSLv2"];
+      [[NSNotificationCenter defaultCenter]
+	addObserver: self
+	   selector: @selector(_defaultsChanged:)
+	       name: NSUserDefaultsDidChangeNotification
+	     object: nil];
     }
 }
 
@@ -186,6 +203,10 @@ sslError(int err)
   if (ctx == 0)
     {
       ctx = SSL_CTX_new(SSLv23_server_method());
+      if (permitSSLv2 == NO)
+	{
+          SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+	}
     }
   if (ssl == 0)
     {
@@ -288,6 +309,10 @@ sslError(int err)
   if (ctx == 0)
     {
       ctx = SSL_CTX_new(SSLv23_client_method());
+      if (permitSSLv2 == NO)
+	{
+          SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+	}
     }
   if (ssl == 0)
     {
@@ -405,6 +430,10 @@ sslError(int err)
   if (ctx == 0)
     {
       ctx = SSL_CTX_new(SSLv23_method());
+      if (permitSSLv2 == NO)
+	{
+          SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+	}
     }
   if ([PEMpasswd length] > 0)
     {
diff --git a/Source/GSSocketStream.m b/Source/GSSocketStream.m
index 9b697b201..98ba5affe 100644
--- a/Source/GSSocketStream.m
+++ b/Source/GSSocketStream.m
@@ -433,7 +433,7 @@ static gnutls_anon_client_credentials_t anoncred;
   else if ([proto isEqualToString: NSStreamSocketSecurityLevelSSLv2] == YES)
     {
       proto = NSStreamSocketSecurityLevelSSLv2;
-      GSOnceMLog(@"NSStreamSocketSecurityLevelTLSv1 is insecure ..."
+      GSOnceMLog(@"NSStreamSocketSecurityLevelTLSv2 is insecure ..."
         @" not implemented");
       DESTROY(self);
       return nil;