amoralej / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 years ago
Clone

Blame SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch

7c7f29
From e39b61ea17ae2cecbadee304678f6506d228c504 Mon Sep 17 00:00:00 2001
7c7f29
From: Mark Reynolds <mreynolds@redhat.com>
7c7f29
Date: Thu, 7 Jul 2016 14:53:48 -0400
7c7f29
Subject: [PATCH 0/3] Ticket 48743 - If a cipher is disabled do not attempt to
7c7f29
 look it up
7c7f29
7c7f29
Description:  Even if a SSL cipher is disabled the server still attempts
7c7f29
              to locate the cipher in the security library.  If the disabled
7c7f29
              cipher is unknown it logs a warning at server startup, but
7c7f29
              if it's disabled there is no reason to check if it exists.
7c7f29
7c7f29
https://fedorahosted.org/389/ticket/48743
7c7f29
7c7f29
Reviewed by: nhosoi(Thanks!)
7c7f29
7c7f29
(cherry picked from commit 6b61e05e04661312871c0b1c6121901d786d54c3)
7c7f29
---
7c7f29
 ldap/servers/slapd/ssl.c | 2 +-
7c7f29
 1 file changed, 1 insertion(+), 1 deletion(-)
7c7f29
7c7f29
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
7c7f29
index 12a0360..b176460 100644
7c7f29
--- a/ldap/servers/slapd/ssl.c
7c7f29
+++ b/ldap/servers/slapd/ssl.c
7c7f29
@@ -749,7 +749,7 @@ _conf_setciphers(char *ciphers, int flags)
7c7f29
             if (lookup) { /* lookup with old cipher name and get NSS cipherSuiteName */
7c7f29
                 for (i = 0; _lookup_cipher[i].alias; i++) {
7c7f29
                     if (!PL_strcasecmp(ciphers, _lookup_cipher[i].alias)) {
7c7f29
-                        if (!_lookup_cipher[i].name[0]) {
7c7f29
+                        if (enabled && !_lookup_cipher[i].name[0]) {
7c7f29
                             slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d.  Ignoring %s",
7c7f29
                                            ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
7c7f29
                             continue;
7c7f29
-- 
7c7f29
2.4.11
7c7f29