[pkg-boost-devel] Bug#622070: How to use ASIO without SSLv2?
Steve M. Robbins
steve at sumost.ca
Mon Apr 25 05:49:10 UTC 2011
Hi,
Debian just turned off SSL v2 support in openssl due to security
concerns [1].
Unfortunately, this broke compilation of several ASIO-using programs
such as pion-net [2] and witty [3]. These programs all fail to
compile with the following diagnostics:
> In file included from /usr/include/boost/asio/ssl/context_service.hpp:30:0,
> from /usr/include/boost/asio/ssl/context.hpp:22,
> from /usr/include/boost/asio/ssl.hpp:19,
> from /build/user-witty_3.1.8-2-amd64-wHJ4Kv/witty-3.1.8/src/http/Server.h:22,
> from /build/user-witty_3.1.8-2-amd64-wHJ4Kv/witty-3.1.8/src/http/HTTPStream.C:12:
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp: In member function 'void boost::asio::ssl::detail::openssl_context_service::create(SSL_CTX*&, boost::asio::ssl::context_base::method)':
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:73:28: error: '::SSLv2_method' has not been declared
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:76:28: error: '::SSLv2_client_method' has not been declared
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:79:28: error: '::SSLv2_server_method' has not been declared
What does one have to do in order to use ASIO without SSLv2 support?
One suggestion [3] is to simply enclose the related code within
#ifndef OPENSSL_NO_SSL2. In the cse of
openssl_context_service::create(), however, placing this around the
affected switch cases would result in executing the default case
default:
impl = ::SSL_CTX_new(0);
break;
Would this be safe to do? Are there other places in the code that
need to be addressed?
Thanks,
-Steve
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589706
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621402
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622070
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-boost-devel/attachments/20110425/7231639c/attachment.pgp>
More information about the pkg-boost-devel
mailing list