Bug#766065: xchat-gnome: Should not force the use of SSLv3

[Marc Deslauriers]

Package: xchat-gnome
Version: 1:0.30.0~git20110821.e2a400-0.2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu utopic ubuntu-patch



*** /tmp/tmpwg2gkZ/bug_body

XChat-Gnome forces the use of SSLv3, breaking connections to sites that
have started disabling SSLv3.

In Ubuntu, the attached patch was applied to achieve the following:

  * Don't force the use of SSLv3 (LP: #1381484)
    - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() so
      the best method gets automatically negotiated in src/common/ssl.c.


Thanks for considering the patch.


-- System Information:
Debian Release: jessie/sid
  APT prefers utopic-updates
  APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 
'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-23-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/changelog xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/changelog
diff -Nru xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch
--- xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch	1969-12-31 19:00:00.000000000 -0500
+++ xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/dont_force_sslv3.patch	2014-10-20 10:14:37.000000000 -0400
@@ -0,0 +1,28 @@
+Description: Don't force the use of SSLv3
+Author: Marc Deslauriers <marc.deslauri...@canonical.com>
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=738870
+Bug-Ubuntu: https://bugs.launchpad.net/xchat-gnome/+bug/1381484
+Forwarded: yes
+
+Index: xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/src/common/ssl.c
+===================================================================
+--- xchat-gnome-0.30.0~git20131003.d20b8d+really20110821.orig/src/common/ssl.c	2014-10-17 14:34:35.094385583 -0400
++++ xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/src/common/ssl.c	2014-10-17 14:34:56.390560285 -0400
+@@ -70,7 +70,7 @@
+ 
+ 	SSLeay_add_ssl_algorithms ();
+ 	SSL_load_error_strings ();
+-	ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());
++	ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ());
+ 
+ 	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
+ 	SSL_CTX_set_timeout (ctx, 300);
+@@ -281,7 +281,7 @@
+ 		__SSL_critical_error ("SSL_new");
+ 
+ 	SSL_set_fd (ssl, sd);
+-	if (ctx->method == SSLv3_client_method())
++	if (ctx->method == SSLv23_client_method())
+ 		SSL_set_connect_state (ssl);
+ 	else
+ 	        SSL_set_accept_state(ssl);
diff -Nru xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series
--- xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series	2014-08-21 10:55:22.000000000 -0400
+++ xchat-gnome-0.30.0~git20131003.d20b8d+really20110821/debian/patches/series	2014-10-17 14:25:16.000000000 -0400
@@ -25,3 +25,4 @@
 link.diff
 define_functions_fix_build.patch
 perl5.20.patch
+dont_force_sslv3.patch