Blame SOURCES/nss-old-pkcs11-num.patch
|
 |
1b6f66 |
diff -up ./nss/lib/ssl/ssl3con.c.old_pkcs11_num ./nss/lib/ssl/ssl3con.c
|
|
|
1b6f66 |
--- ./nss/lib/ssl/ssl3con.c.old_pkcs11_num 2016-02-24 17:53:31.936203961 -0500
|
|
|
1b6f66 |
+++ ./nss/lib/ssl/ssl3con.c 2016-02-24 17:54:34.643037802 -0500
|
|
|
1b6f66 |
@@ -11075,7 +11075,9 @@ ssl3_ComputeTLSFinished(sslSocket *ss, s
|
|
|
1b6f66 |
tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
|
|
|
1b6f66 |
param.data = (unsigned char *)&tls_mac_params;
|
|
|
1b6f66 |
param.len = sizeof(tls_mac_params);
|
|
|
1b6f66 |
- prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
|
|
|
1b6f66 |
+ /* RHEL 7.2 had the wrong number for CKM_TLS12_MACH instead of CKM_TLS_MAC. In the new scheme that
|
|
|
1b6f66 |
+ * number matches with CKM_TLS_KDF, so until softoken gets updated, use CKM_TLS_KDF on RHEL7 */
|
|
|
1b6f66 |
+ prf_context = PK11_CreateContextBySymKey(CKM_TLS_KDF, CKA_SIGN,
|
|
|
1b6f66 |
spec->master_secret, ¶m;;
|
|
|
1b6f66 |
if (!prf_context)
|
|
|
1b6f66 |
return SECFailure;
|