$NetBSD: patch-ge,v 1.5 2016/03/17 14:15:39 jperkin Exp $

Disable SSLv2.

--- kcontrol/crypto/crypto.cpp.orig	2006-10-01 17:31:49.000000000 +0000
+++ kcontrol/crypto/crypto.cpp
@@ -2321,11 +2321,17 @@ bool KCryptoConfig::loadCiphers() {
 unsigned int i;
 SSL_CTX *ctx;
 SSL *ssl;
+#if OPENSSL_VERSION_NUMBER < 0x00909000L
 SSL_METHOD *meth;
+#else
+const SSL_METHOD *meth;
+#endif
+  CipherItem *item;
 
   SSLv2Box->clear();
   SSLv3Box->clear();
 
+#if 0
   meth = SSLv2_client_method();
   SSLeay_add_ssl_algorithms();
   ctx = SSL_CTX_new(meth);
@@ -2334,11 +2340,12 @@ SSL_METHOD *meth;
   ssl = SSL_new(ctx);
   if (!ssl) return false;
 
-  CipherItem *item;
   for (i=0; ; i++) {
     int j, k;
-    SSL_CIPHER *sc;
-    sc = (meth->get_cipher)(i);
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
+    const
+#endif
+    SSL_CIPHER *sc = (meth->get_cipher)(i);
     if (!sc)
       break;
     // Leak of sc*?
@@ -2353,6 +2360,7 @@ SSL_METHOD *meth;
 
   if (ctx) SSL_CTX_free(ctx);
   if (ssl) SSL_free(ssl);
+#endif
 
   // We repeat for SSLv3
   meth = SSLv3_client_method();
@@ -2365,8 +2373,10 @@ SSL_METHOD *meth;
 
   for (i=0; ; i++) {
     int j, k;
-    SSL_CIPHER *sc;
-    sc = (meth->get_cipher)(i);
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
+    const
+#endif
+    SSL_CIPHER *sc = (meth->get_cipher)(i);
     if (!sc)
       break;
     // Leak of sc*?
