Tree - rpms/librelp - CentOS Git server

rpms / librelp

Blame SOURCES/librelp-1.9.0-crypto-compliance.patch

Blob History Raw

		62903a	`diff -up librelp-1.9.0/src/tcp.c.orig librelp-1.9.0/src/tcp.c`
		62903a	`--- librelp-1.9.0/src/tcp.c.orig 2021-04-26 12:50:02.988053548 +0200`
		62903a	`+++ librelp-1.9.0/src/tcp.c 2021-04-26 15:12:58.292600192 +0200`
		62903a	`@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()`
		62903a	`relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)`
		62903a	`{`
		62903a	`int r;`
		62903a	`- char pristringBuf[4096];`
		62903a	`- char *pristring;`
		62903a	`ENTER_RELPFUNC;`
		62903a	`- /* Set default priority string (in simple cases where the user does not care...) */`
		62903a	`- if(pThis->pristring == NULL) {`
		62903a	`- if (pThis->authmode == eRelpAuthMode_None) {`
		62903a	`- if(pThis->bEnableTLSZip) {`
		62903a	`- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));`
		62903a	`- } else {`
		62903a	`- strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));`
		62903a	`- }`
		62903a	`- pristringBuf[sizeof(pristringBuf)-1] = '\0';`
		62903a	`- pristring = pristringBuf;`
		62903a	`- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);`
		62903a	`- } else {`
		62903a	`- r = gnutls_set_default_priority(pThis->session);`
		62903a	`- strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));`
		62903a	`- pristringBuf[sizeof(pristringBuf)-1] = '\0';`
		62903a	`- pristring = pristringBuf;`
		62903a	`- }`
		62903a	`-`
		62903a	`- } else {`
		62903a	`- pristring = pThis->pristring;`
		62903a	`- r = gnutls_priority_set_direct(pThis->session, pristring, NULL);`
		62903a	`- }`
		62903a	`-`
		62903a	`+ r = gnutls_set_default_priority(pThis->session);`
		62903a	`if(r == GNUTLS_E_INVALID_REQUEST) {`
		62903a	`ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);`
		62903a	`} else if(r != GNUTLS_E_SUCCESS) {`
		62903a	`@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const`
		62903a	`}`
		62903a
		62903a	`finalize_it:`
		62903a	`- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);`
		62903a	`+ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);`
		62903a
		62903a	`if(iRet != RELP_RET_OK) {`
		62903a	`chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);`
		62903a	`@@ -1207,37 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS`
		62903a	`static relpRetVal LIBRELP_ATTR_NONNULL()`
		62903a	`relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)`
		62903a	`{`
		62903a	`- char pristringBuf[4096];`
		62903a	`- char *pristring;`
		62903a	`ENTER_RELPFUNC;`
		62903a	`- /* Compute priority string (in simple cases where the user does not care...) */`
		62903a	`- if(pThis->pristring == NULL) {`
		62903a	`- if (pThis->authmode == eRelpAuthMode_None) {`
		62903a	`- #if OPENSSL_VERSION_NUMBER >= 0x10100000L \`
		62903a	`- && !defined(LIBRESSL_VERSION_NUMBER)`
		62903a	`- /* NOTE: do never use: +eNULL, it DISABLES encryption! */`
		62903a	`- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",`
		62903a	`- sizeof(pristringBuf));`
		62903a	`- #else`
		62903a	`- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",`
		62903a	`- sizeof(pristringBuf));`
		62903a	`- #endif`
		62903a	`- } else {`
		62903a	`- strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));`
		62903a	`- }`
		62903a	`- pristringBuf[sizeof(pristringBuf)-1] = '\0';`
		62903a	`- pristring = pristringBuf;`
		62903a	`- } else {`
		62903a	`- pristring = pThis->pristring;`
		62903a	`- }`
		62903a
		62903a	`- if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){`
		62903a	`- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);`
		62903a	`+ if ( SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0 ){`
		62903a	`+ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");`
		62903a	`ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);`
		62903a	`}`
		62903a
		62903a	`finalize_it:`
		62903a	`- pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);`
		62903a	`+ pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);`
		62903a	`LEAVE_RELPFUNC;`
		62903a	`}`
		62903a	`#else`

rpms / librelp

Source Code

Blame SOURCES/librelp-1.9.0-crypto-compliance.patch