rpms / nss

Clone
Source Code
GIT

Blame SOURCES/Bug-1001841-disable-sslv2-libssl.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   f57139425e3147c5ef2a6c6461dbaa3b5b10546e
  2.   SOURCES
  3.   Bug-1001841-disable-sslv2-libssl.patch
Blob History Raw
f57139 
diff -up ./nss/lib/ssl/config.mk.disableSSL2 ./nss/lib/ssl/config.mk
f57139 
--- ./nss/lib/ssl/config.mk.disableSSL2	2013-09-25 06:57:55.000000000 -0700
f57139 
+++ ./nss/lib/ssl/config.mk	2013-11-05 16:09:47.459727948 -0800
f57139 
@@ -7,6 +7,10 @@ ifdef NISCC_TEST
f57139 
 DEFINES += -DNISCC_TEST
f57139 
 endif
f57139
f57139 
+ifdef NSS_NO_SSL2
f57139 
+DEFINES += -DNSS_NO_SSL2
f57139 
+endif
f57139 
+
f57139 
 ifdef NSS_NO_PKCS11_BYPASS
f57139 
 DEFINES += -DNO_PKCS11_BYPASS
f57139 
 else
f57139 
diff -up ./nss/lib/ssl/sslsock.c.disableSSL2 ./nss/lib/ssl/sslsock.c
f57139 
--- ./nss/lib/ssl/sslsock.c.disableSSL2	2013-11-05 16:09:47.419727310 -0800
f57139 
+++ ./nss/lib/ssl/sslsock.c	2013-11-05 16:09:47.461727980 -0800
f57139 
@@ -639,6 +639,14 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
f57139 
 	break;
f57139
f57139 
       case SSL_ENABLE_SSL2:
f57139 
+#ifdef NSS_NO_SSL2
f57139 
+	if (on) {
f57139 
+	    PORT_SetError(SSL_ERROR_SSL2_DISABLED);
f57139 
+	    rv = SECFailure; /* not allowed */
f57139 
+	}
f57139 
+	break;
f57139 
+	ss->opt.enableSSL2      = on;
f57139 
+#else
f57139 
         if (IS_DTLS(ss)) {
f57139 
 	    if (on) {
f57139 
 		PORT_SetError(SEC_ERROR_INVALID_ARGS);
f57139 
@@ -650,6 +658,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
f57139 
 	if (on) {
f57139 
 	    ss->opt.v2CompatibleHello = on;
f57139 
 	}
f57139 
+#endif
f57139 
 	ss->preferredCipher     = NULL;
f57139 
 	if (ss->cipherSpecs) {
f57139 
 	    PORT_Free(ss->cipherSpecs);
f57139 
@@ -671,6 +680,13 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
f57139 
 	break;
f57139
f57139 
       case SSL_V2_COMPATIBLE_HELLO:
f57139 
+#ifdef NSS_NO_SSL2
f57139 
+	if (on) {
f57139 
+	    PORT_SetError(SSL_ERROR_SSL2_DISABLED);
f57139 
+	    rv = SECFailure; /* not allowed */
f57139 
+	    break;
f57139 
+	}
f57139 
+#else
f57139 
         if (IS_DTLS(ss)) {
f57139 
 	    if (on) {
f57139 
 		PORT_SetError(SEC_ERROR_INVALID_ARGS);
f57139 
@@ -678,6 +694,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
f57139 
 	    }
f57139 
 	    break;
f57139 
 	}
f57139 
+#endif
f57139 
       	ss->opt.v2CompatibleHello = on;
f57139 
 	if (!on) {
f57139 
 	    ss->opt.enableSSL2    = on;
f57139 
@@ -1112,7 +1129,12 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
f57139 
     if (ssl_IsRemovedCipherSuite(which)) {
f57139 
     	rv = SECSuccess;
f57139 
     } else if (SSL_IS_SSL2_CIPHER(which)) {
f57139 
+#ifdef NSS_NO_SSL2
f57139 
+	PORT_SetError(SSL_ERROR_SSL2_DISABLED);
f57139 
+	rv = SECFailure; /* not allowed */
f57139 
+#else
f57139 
 	rv = ssl2_SetPolicy(which, policy);
f57139 
+#endif
f57139 
     } else {
f57139 
 	rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
f57139 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation