andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0021-Issue-50834-Incorrectly-setting-the-NSS-default-SSL-.patch

8394b4
From e169d4690fb37be4fa9be1b2624c72ec90b1b68e Mon Sep 17 00:00:00 2001
8394b4
From: Mark Reynolds <mreynolds@redhat.com>
8394b4
Date: Mon, 20 Jan 2020 13:16:36 -0500
8394b4
Subject: [PATCH] Issue 50834 - Incorrectly setting the NSS default SSL version
8394b4
 max
8394b4
8394b4
Description:  We've been using the wrong function to get the NSS max
8394b4
              version We were calling SSL_VersionRangeGetSupported()
8394b4
              which gets the versions NSS "can" handle, but
8394b4
              SSL_VersionRangeGetDefault() gets the versions that
8394b4
              are actually "enabled".
8394b4
8394b4
relates: https://pagure.io/389-ds-base/issue/50834
8394b4
8394b4
Reviewed by: mreynolds(one line commit rule)
8394b4
---
8394b4
 ldap/servers/slapd/ssl.c | 2 +-
8394b4
 1 file changed, 1 insertion(+), 1 deletion(-)
8394b4
8394b4
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
8394b4
index 6a07f1ab0..71f91f761 100644
8394b4
--- a/ldap/servers/slapd/ssl.c
8394b4
+++ b/ldap/servers/slapd/ssl.c
8394b4
@@ -936,7 +936,7 @@ slapd_nss_init(int init_ssl __attribute__((unused)), int config_available __attr
8394b4
     char *certdir;
8394b4
     char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
8394b4
     /* Get the range of the supported SSL version */
8394b4
-    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
8394b4
+    SSL_VersionRangeGetDefault(ssl_variant_stream, &enabledNSSVersions);
8394b4
 
8394b4
     (void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
8394b4
     (void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
8394b4
-- 
8394b4
2.21.1
8394b4