diff options
author | B Stack <bgstack15@gmail.com> | 2019-07-16 13:24:31 +0000 |
---|---|---|
committer | B Stack <bgstack15@gmail.com> | 2019-07-16 13:24:31 +0000 |
commit | 6651ddc4ddc52ef4491e79a74c2dc3576dab2c70 (patch) | |
tree | 6fb69bb5ec481b1ce68892d0b4c14e7bb75e66c2 /openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch | |
parent | freefilesync 10.14 dpkg (diff) | |
parent | remove dep crypto-policies (diff) | |
download | stackrpms-6651ddc4ddc52ef4491e79a74c2dc3576dab2c70.tar.gz stackrpms-6651ddc4ddc52ef4491e79a74c2dc3576dab2c70.tar.bz2 stackrpms-6651ddc4ddc52ef4491e79a74c2dc3576dab2c70.zip |
Merge branch 'freefilesync-rpm' into 'freefilesync-bump'
Bring rpm changes into main bump branch
See merge request bgstack15/stackrpms!72
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch')
-rw-r--r-- | openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch new file mode 100644 index 0000000..fdec0a8 --- /dev/null +++ b/openssl-freefilesync/openssl-1.1.1-disable-ssl3.patch @@ -0,0 +1,91 @@ +diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c +--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 ++++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200 +@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv) + if (sdebug) + ssl_ctx_security_debug(ctx, sdebug); + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + +diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c +--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 ++++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200 +@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[] + if (sdebug) + ssl_ctx_security_debug(ctx, sdebug); + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + +diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c +--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200 +@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + */ + ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; + ++ if (meth->version != SSL3_VERSION) { ++ /* ++ * Disable SSLv3 by default. Applications can ++ * re-enable it by configuring ++ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ * or by using the SSL_CONF API. ++ */ ++ ret->options |= SSL_OP_NO_SSLv3; ++ } ++ + ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; + + /* +diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c +--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200 +@@ -443,6 +443,7 @@ static int test_handshake(int idx) + SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) + goto err; ++ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, + TLS_MAX_VERSION))) + goto err; +@@ -464,6 +465,8 @@ static int test_handshake(int idx) + if (!TEST_ptr(resume_server_ctx) + || !TEST_ptr(resume_client_ctx)) + goto err; ++ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); + } + } + +@@ -477,6 +480,9 @@ static int test_handshake(int idx) + || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) + goto err; + ++ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); ++ + if (!SSL_CTX_config(server_ctx, "server") + || !SSL_CTX_config(client_ctx, "client")) { + goto err; +diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c +--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200 +@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[]) + ERR_print_errors(bio_err); + goto end; + } ++ ++ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); ++ + /* + * Since we will use low security ciphersuites and keys for testing set + * security level to zero by default. Tests can override this by adding |