rpms / nss

Clone
Source Code
GIT

Blame SOURCES/disable-extended-master-secret-with-old-softoken.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   d47c419d8cf4e25de8655262e0b919c3ff6db9cb
  2.   SOURCES
  3.   disable-extended-master-secret-with-old-softoken.patch
Blob History Raw
5f1c2b 
diff -up nss/lib/ssl/sslsock.c.disable-ems nss/lib/ssl/sslsock.c
5f1c2b 
--- nss/lib/ssl/sslsock.c.disable-ems	2017-01-13 17:33:07.226905929 +0100
5f1c2b 
+++ nss/lib/ssl/sslsock.c	2017-01-13 17:35:19.175659702 +0100
5f1c2b 
@@ -75,6 +75,7 @@ static sslOptions ssl_defaults = {
5f1c2b 
     PR_TRUE,               /* reuseServerECDHEKey */
5f1c2b 
     PR_FALSE,              /* enableFallbackSCSV */
5f1c2b 
     PR_TRUE,               /* enableServerDhe */
1b6f66 
+/* Keep extended-master-secret disabled until we have a compatible softokn. */
5f1c2b 
     PR_FALSE,              /* enableExtendedMS    */
5f1c2b 
     PR_FALSE,              /* enableSignedCertTimestamps */
5f1c2b 
     PR_FALSE,              /* requireDHENamedGroups */
5f1c2b 
@@ -766,7 +767,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
5f1c2b 
             break;
1b6f66
5f1c2b 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
1b6f66 
+#if 0
1b6f66 
+/* No-Op until we have a compatible softokn. */
5f1c2b 
             ss->opt.enableExtendedMS = on;
1b6f66 
+#endif
5f1c2b 
             break;
1b6f66
5f1c2b 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
5f1c2b 
@@ -1199,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
5f1c2b 
             break;
1b6f66
5f1c2b 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
1b6f66 
+#if 0
1b6f66 
+/* No-Op until we have a compatible softokn. */
5f1c2b 
             ssl_defaults.enableExtendedMS = on;
1b6f66 
+#endif
5f1c2b 
             break;
1b6f66
5f1c2b 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation