Boost logo

Boost :

Subject: [boost] How to use ASIO without SSLv2?
From: Steve M. Robbins (steve_at_[hidden])
Date: 2011-04-25 01:49:10


Hi,

Debian just turned off SSL v2 support in openssl due to security
concerns [1].

Unfortunately, this broke compilation of several ASIO-using programs
such as pion-net [2] and witty [3]. These programs all fail to
compile with the following diagnostics:

> In file included from /usr/include/boost/asio/ssl/context_service.hpp:30:0,
> from /usr/include/boost/asio/ssl/context.hpp:22,
> from /usr/include/boost/asio/ssl.hpp:19,
> from /build/user-witty_3.1.8-2-amd64-wHJ4Kv/witty-3.1.8/src/http/Server.h:22,
> from /build/user-witty_3.1.8-2-amd64-wHJ4Kv/witty-3.1.8/src/http/HTTPStream.C:12:
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp: In member function 'void boost::asio::ssl::detail::openssl_context_service::create(SSL_CTX*&, boost::asio::ssl::context_base::method)':
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:73:28: error: '::SSLv2_method' has not been declared
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:76:28: error: '::SSLv2_client_method' has not been declared
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:79:28: error: '::SSLv2_server_method' has not been declared

What does one have to do in order to use ASIO without SSLv2 support?

One suggestion [3] is to simply enclose the related code within
#ifndef OPENSSL_NO_SSL2. In the cse of
openssl_context_service::create(), however, placing this around the
affected switch cases would result in executing the default case

    default:
      impl = ::SSL_CTX_new(0);
      break;

Would this be safe to do? Are there other places in the code that
need to be addressed?

Thanks,
-Steve

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589706
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621402
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622070




Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk