rpms / nss

Clone
Source Code
GIT

Blame SOURCES/nss-version-range-set.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   c7094268ee8fe1916732a7409f9e068f641088e0
  2.   SOURCES
  3.   nss-version-range-set.patch
Blob History Raw
c70942 
diff -up nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
c70942 
--- nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set	2019-04-26 16:56:32.753283497 +0200
c70942 
+++ nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc	2019-04-26 16:56:51.096889439 +0200
c70942 
@@ -151,12 +151,6 @@ class TestPolicyVersionRange
c70942 
   }
c70942
c70942 
   bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) {
c70942 
-    if (input_.min() <= SSL_LIBRARY_VERSION_3_0 &&
c70942 
-        input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) {
c70942 
-      // This is always invalid input, independent of policy
c70942 
-      return false;
c70942 
-    }
c70942 
-
c70942 
     if (input_.min() < library_.min() || input_.max() > library_.max() ||
c70942 
         input_.min() > input_.max()) {
c70942 
       // Asking for unsupported ranges is invalid input for VersionRangeSet
c70942 
diff -up nss/lib/ssl/sslsock.c.version-range-set nss/lib/ssl/sslsock.c
c70942 
--- nss/lib/ssl/sslsock.c.version-range-set	2019-04-26 16:56:11.810733383 +0200
c70942 
+++ nss/lib/ssl/sslsock.c	2019-04-26 16:56:11.813733319 +0200
c70942 
@@ -2542,13 +2542,6 @@ SSL_VersionRangeGetDefault(SSLProtocolVa
c70942 
     return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
c70942 
 }
c70942
c70942 
-static PRBool
c70942 
-ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange)
c70942 
-{
c70942 
-    return (vrange->min <= SSL_LIBRARY_VERSION_3_0 &&
c70942 
-            vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3);
c70942 
-}
c70942 
-
c70942 
 static SECStatus
c70942 
 ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant,
c70942 
                                          SSLVersionRange *vrange)
c70942 
@@ -2557,8 +2550,7 @@ ssl3_CheckRangeValidAndConstrainByPolicy
c70942
c70942 
     if (vrange->min > vrange->max ||
c70942 
         !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) ||
c70942 
-        !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) ||
c70942 
-        ssl3_HasConflictingSSLVersions(vrange)) {
c70942 
+        !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max)) {
c70942 
         PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
c70942 
         return SECFailure;
c70942 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation