mrc0mmand / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone

Blame SOURCES/openldap-openssl-its7506-fix-DH-params-2.patch

02ade0
commit eacd5798a5d83e6658a823c01bcb0f600e3b9898
02ade0
Author: Howard Chu <hyc@openldap.org>
02ade0
Date:   Sat Sep 7 06:39:53 2013 -0700
02ade0
02ade0
    ITS#7506 fix prev commit
02ade0
    
02ade0
    The patch unconditionally enabled DHparams, which is a significant
02ade0
    change of behavior. Reverting to previous behavior, which only enables
02ade0
    DH use if a DHparam file was configured.
02ade0
02ade0
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
02ade0
index c6a3540c9..a2d9cd31f 100644
02ade0
--- a/libraries/libldap/tls_o.c
02ade0
+++ b/libraries/libldap/tls_o.c
02ade0
@@ -59,14 +59,6 @@ static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
02ade0
 static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
02ade0
 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
02ade0
 
02ade0
-/* From the OpenSSL 0.9.7 distro */
02ade0
-static const char tlso_dhpem1024[] =
02ade0
-"-----BEGIN DH PARAMETERS-----\n\
02ade0
-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\
02ade0
-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\
02ade0
-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\
02ade0
------END DH PARAMETERS-----\n";
02ade0
-
02ade0
 static int tlso_seed_PRNG( const char *randfile );
02ade0
 
02ade0
 #ifdef LDAP_R_COMPILE
02ade0
@@ -304,21 +296,17 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
02ade0
 		return -1;
02ade0
 	}
02ade0
 
02ade0
-	if (is_server) {
02ade0
+	if ( lo->ldo_tls_dhfile ) {
02ade0
 		DH *dh = NULL;
02ade0
 		BIO *bio;
02ade0
 		SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );
02ade0
-		if ( lo->ldo_tls_dhfile ) {
02ade0
 
02ade0
-			if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
02ade0
-				Debug( LDAP_DEBUG_ANY,
02ade0
-					"TLS: could not use DH parameters file `%s'.\n",
02ade0
-					lo->ldo_tls_dhfile,0,0);
02ade0
-				tlso_report_error();
02ade0
-				return -1;
02ade0
-			}
02ade0
-		} else {
02ade0
-			bio = BIO_new_mem_buf( tlso_dhpem1024, -1 );
02ade0
+		if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
02ade0
+			Debug( LDAP_DEBUG_ANY,
02ade0
+				"TLS: could not use DH parameters file `%s'.\n",
02ade0
+				lo->ldo_tls_dhfile,0,0);
02ade0
+			tlso_report_error();
02ade0
+			return -1;
02ade0
 		}
02ade0
 		if (!( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
02ade0
 			Debug( LDAP_DEBUG_ANY,