From ac18ebddbdf4b2d3fdfeb4e3b10619e38c87b4ca Mon Sep 17 00:00:00 2001
From: "brian m. carlson" <sandals@crustytoothpaste.net>
Date: Sat, 6 Dec 2014 18:52:25 +0000
Subject: [PATCH] crypto: disable SSLv3 if shared OpenSSL lacks it

Some distributions disable SSLv3 due to POODLE.  In such a case, disable
the specific SSLv3 methods and throw an exception, much like the code
already does for SSLv2.  The SSLv23* code is retained because this is
OpenSSL's terminology for "no version in particular".

Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/101
---
 src/node_crypto.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index eec8b560fa..efaa390ff3 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -328,11 +328,23 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
       return env->ThrowError("SSLv2 methods disabled");
 #endif
     } else if (strcmp(*sslmethod, "SSLv3_method") == 0) {
+#ifndef OPENSSL_NO_SSL3
       method = SSLv3_method();
+#else
+      return env->ThrowError("SSLv3 methods disabled");
+#endif
     } else if (strcmp(*sslmethod, "SSLv3_server_method") == 0) {
+#ifndef OPENSSL_NO_SSL3
       method = SSLv3_server_method();
+#else
+      return env->ThrowError("SSLv3 methods disabled");
+#endif
     } else if (strcmp(*sslmethod, "SSLv3_client_method") == 0) {
+#ifndef OPENSSL_NO_SSL3
       method = SSLv3_client_method();
+#else
+      return env->ThrowError("SSLv3 methods disabled");
+#endif
     } else if (strcmp(*sslmethod, "SSLv23_method") == 0) {
       method = SSLv23_method();
     } else if (strcmp(*sslmethod, "SSLv23_server_method") == 0) {