rpms / openldap

Clone
Source Code
GIT

Blame SOURCES/openldap-openssl-its7506-fix-DH-params-2.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   5ed10dcd29bcf6d5bb391f4a94bcc74589944342
  2.   SOURCES
  3.   openldap-openssl-its7506-fix-DH-params-2.patch
Blob History Raw
5ed10d 
commit eacd5798a5d83e6658a823c01bcb0f600e3b9898
5ed10d 
Author: Howard Chu <hyc@openldap.org>
5ed10d 
Date:   Sat Sep 7 06:39:53 2013 -0700
5ed10d
5ed10d 
    ITS#7506 fix prev commit
5ed10d
5ed10d 
    The patch unconditionally enabled DHparams, which is a significant
5ed10d 
    change of behavior. Reverting to previous behavior, which only enables
5ed10d 
    DH use if a DHparam file was configured.
5ed10d
5ed10d 
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
5ed10d 
index c6a3540c9..a2d9cd31f 100644
5ed10d 
--- a/libraries/libldap/tls_o.c
5ed10d 
+++ b/libraries/libldap/tls_o.c
5ed10d 
@@ -59,14 +59,6 @@ static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
5ed10d 
 static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
5ed10d 
 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
5ed10d
5ed10d 
-/* From the OpenSSL 0.9.7 distro */
5ed10d 
-static const char tlso_dhpem1024[] =
5ed10d 
-"-----BEGIN DH PARAMETERS-----\n\
5ed10d 
-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\
5ed10d 
-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\
5ed10d 
-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\
5ed10d 
------END DH PARAMETERS-----\n";
5ed10d 
-
5ed10d 
 static int tlso_seed_PRNG( const char *randfile );
5ed10d
5ed10d 
 #ifdef LDAP_R_COMPILE
5ed10d 
@@ -304,21 +296,17 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
5ed10d 
 		return -1;
5ed10d 
 	}
5ed10d
5ed10d 
-	if (is_server) {
5ed10d 
+	if ( lo->ldo_tls_dhfile ) {
5ed10d 
 		DH *dh = NULL;
5ed10d 
 		BIO *bio;
5ed10d 
 		SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );
5ed10d 
-		if ( lo->ldo_tls_dhfile ) {
5ed10d
5ed10d 
-			if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
5ed10d 
-				Debug( LDAP_DEBUG_ANY,
5ed10d 
-					"TLS: could not use DH parameters file `%s'.\n",
5ed10d 
-					lo->ldo_tls_dhfile,0,0);
5ed10d 
-				tlso_report_error();
5ed10d 
-				return -1;
5ed10d 
-			}
5ed10d 
-		} else {
5ed10d 
-			bio = BIO_new_mem_buf( tlso_dhpem1024, -1 );
5ed10d 
+		if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
5ed10d 
+			Debug( LDAP_DEBUG_ANY,
5ed10d 
+				"TLS: could not use DH parameters file `%s'.\n",
5ed10d 
+				lo->ldo_tls_dhfile,0,0);
5ed10d 
+			tlso_report_error();
5ed10d 
+			return -1;
5ed10d 
 		}
5ed10d 
 		if (!( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
5ed10d 
 			Debug( LDAP_DEBUG_ANY,

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation