On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote: > > The SSLv2 methods actually didn't exist in jessie, but some > > defaults where changed and the SSLv2 methods now in jessie just > > return NULL. This removes the symbols again. Exposing the > > symbols in the headers actually seems to have broken something, > > so this removes them again. It was actually never the intention > > to introduce those symbols again. > [...] > > -CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl > > --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib > > enable-tlsext no-ssl2 no-ssl3 > > +CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl > > --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib > > enable-tlsext no-ssl2 no-ssl2-method no-ssl3 > > Does this also affect the 1.0.2 tree? The 1.0.2h package in unstable has > no-ssl2, no-ssl3, no-ssl3-method but not no-ssl2-method.
You're right, it has the same problem. I completly forgot that, and I even commited that myself. The reason for splitting no-ssl2 into no-ssl2 and no-ssl2-method is that we turned no-ssl2 on by default and people were suprised that SSLv2_* methods actually got removed and it of course broke various distributions that didn't builld with no-ssl2. So we changed the default to make those funtions return NULL instead by default, and then remove them with no-ssl2-method. Kurt