POODLE
Crafted patch based on community code in
php 5.5.26 and php 5.6.8.
--- php-5.3.29/ext/openssl/xp_ssl.c_orig 2015-06-14 14:43:23.797128188 -0700
+++ php-5.3.29/ext/openssl/xp_ssl.c 2015-06-14 14:59:55.059042744 -0700
@@ -338,9 +338,14 @@
break;
#endif
case STREAM_CRYPTO_METHOD_SSLv3_CLIENT:
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 1;
method = SSLv3_client_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_TLS_CLIENT:
sslsock->is_client = 1;
method = TLSv1_client_method();
@@ -350,9 +355,14 @@
method = SSLv23_server_method();
break;
case STREAM_CRYPTO_METHOD_SSLv3_SERVER:
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return -1;
+#else
sslsock->is_client = 0;
method = SSLv3_server_method();
break;
+#endif
case STREAM_CRYPTO_METHOD_SSLv2_SERVER:
#ifdef OPENSSL_NO_SSL2
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv2 support is not compiled into the OpenSSL library PHP is linked against");
@@ -933,8 +943,13 @@
sslsock->method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
#endif
} else if (strncmp(proto, "sslv3", protolen) == 0) {
+#ifdef OPENSSL_NO_SSL3
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSLv3 support is not compiled into the OpenSSL library PHP is linked against");
+ return NULL;
+#else
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
+#endif
} else if (strncmp(proto, "tls", protolen) == 0) {
sslsock->enable_on_connect = 1;
sslsock->method = STREAM_CRYPTO_METHOD_TLS_CLIENT;