From b3098cd71d4c95ef0a3403d90de007c6da43097f Mon Sep 17 00:00:00 2001
From: mom040267 <mom040267@users.noreply.github.com>
Date: Sat, 10 Jan 2015 23:29:08 +0000
Subject: [PATCH] ssl2 removed

---
 src/apps/common/apputils.c             |  8 --------
 src/apps/relay/mainrelay.c             | 11 ++++-------
 src/apps/relay/mainrelay.h             |  1 -
 src/apps/relay/ns_ioalib_engine_impl.c |  4 ----
 src/apps/relay/turn_admin_server.c     |  6 ------
 src/apps/uclient/mainuclient.c         |  5 -----
 6 files changed, 4 insertions(+), 31 deletions(-)

diff --git a/src/apps/common/apputils.c b/src/apps/common/apputils.c
index 6d89d926..a8ec8ef3 100644
--- a/src/apps/common/apputils.c
+++ b/src/apps/common/apputils.c
@@ -827,14 +827,6 @@ static const char* turn_get_method(const SSL_METHOD *method, const char* mdefaul
 			return mdefault;
 		else {
 
-#ifndef OPENSSL_NO_SSL2
-			if(method == SSLv2_server_method()) {
-					return "SSLv2";
-			} else if(method == SSLv2_client_method()) {
-					return "SSLv2";
-			} else
-#endif
-
 			if(method == SSLv3_server_method()) {
 				return "SSLv3";
 			} else if(method == SSLv3_client_method()) {
diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index eb4c19d7..acdbcdc5 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -81,7 +81,6 @@ NULL,
 
 DH_1066, "", "", "",
 "turn_server_cert.pem","turn_server_pkey.pem", "", "",
-1,
 0,0,0,0,
 #if !TLS_SUPPORTED
 1,
@@ -705,7 +704,7 @@ enum EXTRA_OPTS {
 	DH566_OPT,
 	DH2066_OPT,
 	NE_TYPE_OPT,
-	NO_SSLV2_OPT,
+	NO_SSLV2_OPT, /*deprecated*/
 	NO_SSLV3_OPT,
 	NO_TLSV1_OPT,
 	NO_TLSV1_1_OPT,
@@ -828,7 +827,7 @@ static const struct myoption long_options[] = {
 				{ "dh566", optional_argument, NULL, DH566_OPT },
 				{ "dh2066", optional_argument, NULL, DH2066_OPT },
 				{ "ne", required_argument, NULL, NE_TYPE_OPT },
-				{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT },
+				{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
 				{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT },
 				{ "no-tlsv1", optional_argument, NULL, NO_TLSV1_OPT },
 				{ "no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT },
@@ -2531,12 +2530,10 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol)
 	{
 		int op = 0;
 
-#if !defined(OPENSSL_NO_SSL2)
 #if defined(SSL_OP_NO_SSLv2)
-		if(turn_params.no_sslv2)
-			op |= SSL_OP_NO_SSLv2;
-#endif
+		op |= SSL_OP_NO_SSLv2;
 #endif
+
 		if(turn_params.no_sslv3)
 			op |= SSL_OP_NO_SSLv3;
 
diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
index 8047b4a3..b2f8033e 100644
--- a/src/apps/relay/mainrelay.h
+++ b/src/apps/relay/mainrelay.h
@@ -199,7 +199,6 @@ typedef struct _turn_params_ {
   char tls_password[513];
   char dh_file[1025];
   
-  int no_sslv2;
   int no_sslv3;
   int no_tlsv1;
   int no_tlsv1_1;
diff --git a/src/apps/relay/ns_ioalib_engine_impl.c b/src/apps/relay/ns_ioalib_engine_impl.c
index 8f9b5bd9..457fa4d7 100644
--- a/src/apps/relay/ns_ioalib_engine_impl.c
+++ b/src/apps/relay/ns_ioalib_engine_impl.c
@@ -2268,10 +2268,6 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd)
 				ret = (TURN_TLS_TYPE)(s[10]+1);
 		} else if((s[2]==1)&&(s[3]==3)) {
 			ret = TURN_TLS_SSL23; /* compatibility mode */
-#ifndef OPENSSL_NO_SSL2
-		} else if((s[2]==1)&&(s[3]==0)&&(s[4]==2)) {
-			ret = TURN_TLS_SSL23; /* old mode */
-#endif
 		}
 	}
 
diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c
index f730cf18..62f09035 100644
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@@ -723,12 +723,6 @@ static void cli_print_configuration(struct cli_session* cs)
 		cli_print_flag(cs,turn_params.no_dtls,"no-dtls",0);
 		cli_print_flag(cs,turn_params.no_tls,"no-tls",0);
 
-#ifndef OPENSSL_NO_SSL2
-		cli_print_flag(cs,(!turn_params.no_sslv2 && !turn_params.no_tls),"SSLv2",0);
-#else
-		cli_print_flag(cs,0,"SSLv2",0);
-#endif
-
 		cli_print_flag(cs,(!turn_params.no_sslv3 && !turn_params.no_tls),"SSLv3",0);
 		cli_print_flag(cs,(!turn_params.no_tlsv1 && !turn_params.no_tls),"TLSv1.0",0);
 		cli_print_flag(cs,(!turn_params.no_tlsv1_1 && !turn_params.no_tls),"TLSv1.1",0);
diff --git a/src/apps/uclient/mainuclient.c b/src/apps/uclient/mainuclient.c
index 9f14237d..369c3261 100644
--- a/src/apps/uclient/mainuclient.c
+++ b/src/apps/uclient/mainuclient.c
@@ -503,11 +503,6 @@ int main(int argc, char **argv)
 			csuite=cipher_suite;
 
 		if(use_tcp) {
-#ifndef OPENSSL_NO_SSL2
-		  root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(SSLv2_client_method());
-		  SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
-		  root_tls_ctx_num++;
-#endif
 		  root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(SSLv23_client_method());
 		  SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
 		  root_tls_ctx_num++;