--- mailx.1 | 5 +++++ openssl.c | 29 ++++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 3 deletions(-) --- mailx.1 +++ mailx.1 2017-06-13 10:10:21.024015088 +0000 @@ -2723,6 +2723,8 @@ Only applicable if SSL/TLS support is bu Accept SSLv2 connections. These are normally not allowed because this protocol version is insecure. +.br +.B WARNING: on modern systems SSLv2 as well as SSLv3 are deprecated! .TP .B stealthmua Inhibits the generation of @@ -3609,6 +3611,9 @@ for a specific account. Gives the pathname to an entropy daemon socket, see .IR RAND_egd (3). +.br +.B WARNING: On Linux this API is ignored, use the string option +.B ssl-rand-file. .TP .B ssl-rand-file Gives the pathname to a file with entropy data, --- openssl.c +++ openssl.c 2017-06-13 10:05:15.133697760 +0000 @@ -138,7 +138,12 @@ ssl_rand_init(void) if ((cp = value("ssl-rand-egd")) != NULL) { cp = expand(cp); - if (RAND_egd(cp) == -1) { +#ifndef OPENSSL_NO_EGD + if (RAND_egd(cp) == -1) +#else + if (1) +#endif + { fprintf(stderr, catgets(catd, CATSET, 245, "entropy daemon at \"%s\" not available\n"), cp); @@ -221,12 +226,13 @@ ssl_select_method(const char *uhp) cp = ssl_method_string(uhp); if (cp != NULL) { +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL #ifndef OPENSSL_NO_SSL2 if (equal(cp, "ssl2")) method = SSLv2_client_method(); else -#endif - if (equal(cp, "ssl3")) +#endif + if (equal(cp, "ssl3")) method = SSLv3_client_method(); else if (equal(cp, "tls1")) method = TLSv1_client_method(); @@ -235,8 +241,25 @@ ssl_select_method(const char *uhp) "Invalid SSL method \"%s\"\n"), cp); method = SSLv23_client_method(); } +#else + method = NULL; + if (equal(cp, "tls")) + method = TLS_client_method(); + else if (equal(cp, "dtls")) + method = DTLS_client_method(); + + if (!method) { + fprintf(stderr, catgets(catd, CATSET, 244, + "Invalid SSL method \"%s\"\n"), cp); + method = TLS_client_method(); + } +#endif } else +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL method = SSLv23_client_method(); +#else + method = TLS_client_method(); +#endif return method; }