Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/libneon/patches/004-ne_openssl.c.patch
author Norm Jacobs <Norm.Jacobs@Oracle.COM>
Sun, 03 Apr 2016 22:57:07 -0700
changeset 5787 c0615d62b41a
parent 4289 a8f2d3273985
permissions -rw-r--r--
23059439 open-fabrics should consistently use _XOPEN_SOURCE=600
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
     1
 
# Disable SSLv2 and SSLv3.
4070
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     2
 
# Internal patch. Not a chance it will be accepted upstream.
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
     3
 
--- src/ne_openssl.c	2015-05-13 12:22:57.460825869 -0700
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
     4
 
+++ src/ne_openssl.c	2015-05-13 12:31:36.644453270 -0700
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
     5
 
@@ -565,7 +565,7 @@
4070
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     6
 
         /* set client cert callback. */
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
     7
 
         SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert);
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
     8
 
         /* enable workarounds for buggy SSL server implementations */
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
     9
 
-        SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL);
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    10
 
+        SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
4070
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    11
 
         SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER, verify_callback);
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    12
 
     } else if (mode == NE_SSL_CTX_SERVER) {
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    13
 
         ctx->ctx = SSL_CTX_new(SSLv23_server_method());
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    14
 
@@ -573,7 +573,8 @@
4070
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    15
 
 #ifdef SSL_OP_NO_TICKET
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    16
 
         /* disable ticket support since it inhibits testing of session
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    17
 
          * caching. */
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    18
 
-        SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_TICKET);
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    19
 
+        SSL_CTX_set_options(ctx->ctx,
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    20
 
+                            SSL_OP_NO_TICKET|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    21
 
 #endif
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    22
 
     } else {
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    23
 
 #ifdef OPENSSL_NO_SSL2
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    24
 
@@ -581,6 +582,7 @@
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    25
 
         return NULL;
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    26
 
 #else
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    27
 
         ctx->ctx = SSL_CTX_new(SSLv2_server_method());
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    28
 
+        SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    29
 
         SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT);
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    30
 
 #endif
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    31
 
     }
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    32
 
@@ -590,18 +592,8 @@
4070
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    33
 
 void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value)
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    34
 
 {
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    35
 
     long opts = SSL_CTX_get_options(ctx->ctx);
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    36
 
-
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    37
 
-    switch (flag) {
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    38
 
-    case NE_SSL_CTX_SSLv2:
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    39
 
-        if (value) {
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    40
 
-            /* Enable SSLv2 support; clear the "no SSLv2" flag. */
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    41
 
-            opts &= ~SSL_OP_NO_SSLv2;
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    42
 
-        } else {
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    43
 
-            /* Disable it: set the flag. */
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    44
 
             opts |= SSL_OP_NO_SSLv2;
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    45
 
-        }
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    46
 
-        break;
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    47
 
-    }
4070
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    48
 
+    opts |= SSL_OP_NO_SSLv3;
de7938d475ad 20722552 upgrade libneon to 0.30.1
Stefan Teleman <stefan.teleman@oracle.com>
parents:
diff changeset 
    49
4289
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    50
 
     SSL_CTX_set_options(ctx->ctx, opts);
a8f2d3273985 21085454 libneon should allow TLSv1.0 TLSv1.1 and TLSv1.2
Stefan Teleman <stefan.teleman@oracle.com>
parents: 4070
diff changeset 
    51
 
 }
upstream/oracle/userland-gate