rpms / spice

Clone
Source Code
GIT

Blame SOURCES/0007-OpenSSL-1.0.2-disable-client-side-renegotiation.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s
  1.   c8s
  2.   SOURCES
  3.   0007-OpenSSL-1.0.2-disable-client-side-renegotiation.patch
Blob History Raw
cc1132 
From 95a0cfac8a1c8eff50f05e65df945da3bb501fc9 Mon Sep 17 00:00:00 2001
cc1132 
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
cc1132 
Date: Thu, 3 Dec 2020 09:33:48 +0100
cc1132 
Subject: [PATCH] With OpenSSL 1.0.2 and earlier: disable client-side
cc1132 
 renegotiation.
cc1132 
MIME-Version: 1.0
cc1132 
Content-Type: text/plain; charset=UTF-8
cc1132 
Content-Transfer-Encoding: 8bit
cc1132
cc1132 
Fixed issue #49
cc1132 
Fixes BZ#1904459
cc1132
cc1132 
Signed-off-by: Julien Ropé <jrope@redhat.com>
cc1132 
Reported-by: BlackKD
cc1132 
Acked-by: Frediano Ziglio <fziglio@redhat.com>
cc1132 
---
cc1132 
 server/red-stream.cpp | 5 +++++
cc1132 
 1 file changed, 5 insertions(+)
cc1132
cc1132 
diff --git a/server/red-stream.cpp b/server/red-stream.cpp
cc1132 
index 420433bd..c1f0f00c 100644
cc1132 
--- a/server/red-stream.c
cc1132 
+++ b/server/red-stream.c
cc1132 
@@ -523,6 +523,11 @@ RedStreamSslStatus red_stream_ssl_accept(RedStream *stream)
cc1132 
         return RED_STREAM_SSL_STATUS_OK;
cc1132 
     }
cc1132
cc1132 
+#ifndef SSL_OP_NO_RENEGOTIATION
cc1132 
+    // With OpenSSL 1.0.2 and earlier: disable client-side renogotiation
cc1132 
+    stream->priv->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
cc1132 
+#endif
cc1132 
+
cc1132 
     ssl_error = SSL_get_error(stream->priv->ssl, return_code);
cc1132 
     if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
cc1132 
                               ssl_error == SSL_ERROR_WANT_WRITE)) {
cc1132 
--
cc1132 
2.29.2
cc1132

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation