[pkg-boost-devel] Bug#622070: How to use ASIO without SSLv2?

Steve M. Robbins steve at sumost.ca
Mon Apr 25 05:49:10 UTC 2011 

Hi,

Debian just turned off SSL v2 support in openssl due to security
concerns [1].

Unfortunately, this broke compilation of several ASIO-using programs
such as pion-net [2] and witty [3].  These programs all fail to
compile with the following diagnostics:

> In file included from /usr/include/boost/asio/ssl/context_service.hpp:30:0,
>                  from /usr/include/boost/asio/ssl/context.hpp:22,
>                  from /usr/include/boost/asio/ssl.hpp:19,
>                  from /build/user-witty_3.1.8-2-amd64-wHJ4Kv/witty-3.1.8/src/http/Server.h:22,
>                  from /build/user-witty_3.1.8-2-amd64-wHJ4Kv/witty-3.1.8/src/http/HTTPStream.C:12:
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp: In member function 'void boost::asio::ssl::detail::openssl_context_service::create(SSL_CTX*&, boost::asio::ssl::context_base::method)':
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:73:28: error: '::SSLv2_method' has not been declared
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:76:28: error: '::SSLv2_client_method' has not been declared
> /usr/include/boost/asio/ssl/detail/openssl_context_service.hpp:79:28: error: '::SSLv2_server_method' has not been declared


What does one have to do in order to use ASIO without SSLv2 support?

One suggestion [3] is to simply enclose the related code within
#ifndef OPENSSL_NO_SSL2.  In the cse of
openssl_context_service::create(), however, placing this around the
affected switch cases would result in executing the default case 

    default:
      impl = ::SSL_CTX_new(0);
      break;

Would this be safe to do?  Are there other places in the code that
need to be addressed?

Thanks,
-Steve

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589706
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621402
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622070
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-boost-devel/attachments/20110425/7231639c/attachment.pgp>

More information about the pkg-boost-devel mailing list