|
 |
e52775 |
From a1c4b869645eca6bf81e1b7bc116bbb0de389197 Mon Sep 17 00:00:00 2001
|
|
|
e52775 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
e52775 |
Date: Mon, 20 Jan 2020 13:16:36 -0500
|
|
|
e52775 |
Subject: [PATCH] Issue 50834 - Incorrectly setting the NSS default SSL version
|
|
|
e52775 |
max
|
|
|
e52775 |
|
|
|
e52775 |
Description: We've been using the wrong function to get the NSS max
|
|
|
e52775 |
version We were calling SSL_VersionRangeGetSupported()
|
|
|
e52775 |
which gets the versions NSS "can" handle, but
|
|
|
e52775 |
SSL_VersionRangeGetDefault() gets the versions that
|
|
|
e52775 |
are actually "enabled".
|
|
|
e52775 |
|
|
|
e52775 |
relates: https://pagure.io/389-ds-base/issue/50834
|
|
|
e52775 |
|
|
|
e52775 |
Reviewed by: mreynolds(one line commit rule)
|
|
|
e52775 |
---
|
|
|
e52775 |
ldap/servers/slapd/ssl.c | 2 +-
|
|
|
e52775 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
e52775 |
|
|
|
e52775 |
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
|
|
|
e52775 |
index ed054db44..c71e3019b 100644
|
|
|
e52775 |
--- a/ldap/servers/slapd/ssl.c
|
|
|
e52775 |
+++ b/ldap/servers/slapd/ssl.c
|
|
|
e52775 |
@@ -1164,7 +1164,7 @@ slapd_nss_init(int init_ssl __attribute__((unused)), int config_available __attr
|
|
|
e52775 |
char *certdir;
|
|
|
e52775 |
char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
|
|
|
e52775 |
/* Get the range of the supported SSL version */
|
|
|
e52775 |
- SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
|
|
|
e52775 |
+ SSL_VersionRangeGetDefault(ssl_variant_stream, &enabledNSSVersions);
|
|
|
e52775 |
|
|
|
e52775 |
(void)slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
|
|
|
e52775 |
(void)slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
|
|
|
e52775 |
--
|
|
|
e52775 |
2.24.1
|
|
|
e52775 |
|