Attachment 165527 Details for Bug 203701 – Disables flawed SSL protocols

[patch] Disables flawed SSL protocols

webjob-2016-01-13-1456.diff (text/plain), 3.33 KB, created by klm on 2016-01-13 19:58:08 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: klm

Created: 2016-01-13 19:58:08 UTC

Size: 3.33 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 406063)
>+++ Makefile	(working copy)
>@@ -3,7 +3,7 @@
> 
> PORTNAME=	webjob
> PORTVERSION=	1.9.0
>-PORTREVISION=	1
>+PORTREVISION=	2
> CATEGORIES=	sysutils security
> MASTER_SITES=	SF
> 
>Index: files/patch-src__ssl.c
>===================================================================
>--- files/patch-src__ssl.c	(revision 0)
>+++ files/patch-src__ssl.c	(working copy)
>@@ -0,0 +1,39 @@
>+diff -urN webjob-1.9.0.old/src/ssl.c webjob-1.9.0.new/src/ssl.c
>+--- src/ssl.c	2012-01-07 02:56:14.000000000 -0500
>++++ src/ssl.c	2016-01-13 14:46:53.396007393 -0500
>+@@ -241,7 +241,7 @@
>+    *
>+    *********************************************************************
>+    */
>+-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
>++  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
>+   if (psProperties->psslCTX == NULL)
>+   {
>+     ERR_error_string(ERR_get_error(), acLocalError);
>+@@ -252,6 +252,26 @@
>+   /*-
>+    *********************************************************************
>+    *
>++   * Disable protocol versions that are no longer safe to use.
>++   *
>++   *********************************************************************
>++   */
>++  SSL_CTX_set_options
>++  (
>++    psProperties->psslCTX,
>++    (
>++        SSL_OP_NO_SSLv2
>++      | SSL_OP_NO_SSLv3
>++      | SSL_OP_NO_TLSv1
>++#ifdef SSL_OP_NO_TLSv1_1
>++      | SSL_OP_NO_TLSv1_1
>++#endif
>++    )
>++  );
>++
>++  /*-
>++   *********************************************************************
>++   *
>+    * Setup SSL certificate verification. Load the bundled certificate
>+    * authorities file. A common name (CN) and a positive chain length
>+    * must be specified to activate PEER verification. If you want to
>Index: files/patch-tools__webjob-dsvtool__ssl.c
>===================================================================
>--- files/patch-tools__webjob-dsvtool__ssl.c	(revision 0)
>+++ files/patch-tools__webjob-dsvtool__ssl.c	(working copy)
>@@ -0,0 +1,39 @@
>+diff -urN webjob-1.9.0.old/tools/webjob-dsvtool/ssl.c webjob-1.9.0.new/tools/webjob-dsvtool/ssl.c
>+--- tools/webjob-dsvtool/ssl.c	2012-01-07 02:56:14.000000000 -0500
>++++ tools/webjob-dsvtool/ssl.c	2016-01-13 14:47:04.981833035 -0500
>+@@ -241,7 +241,7 @@
>+    *
>+    *********************************************************************
>+    */
>+-  psProperties->psslCTX = SSL_CTX_new(SSLv3_client_method());
>++  psProperties->psslCTX = SSL_CTX_new(SSLv23_client_method());
>+   if (psProperties->psslCTX == NULL)
>+   {
>+     ERR_error_string(ERR_get_error(), acLocalError);
>+@@ -252,6 +252,26 @@
>+   /*-
>+    *********************************************************************
>+    *
>++   * Disable protocol versions that are no longer safe to use.
>++   *
>++   *********************************************************************
>++   */
>++  SSL_CTX_set_options
>++  (
>++    psProperties->psslCTX,
>++    (
>++        SSL_OP_NO_SSLv2
>++      | SSL_OP_NO_SSLv3
>++      | SSL_OP_NO_TLSv1
>++#ifdef SSL_OP_NO_TLSv1_1
>++      | SSL_OP_NO_TLSv1_1
>++#endif
>++    )
>++  );
>++
>++  /*-
>++   *********************************************************************
>++   *
>+    * Setup SSL certificate verification. Load the bundled certificate
>+    * authorities file. A common name (CN) and a positive chain length
>+    * must be specified to activate PEER verification. If you want to

Actions: View | Diff

Attachments on bug 203701: 161914 | 161915 | 165517 | 165527 | 165531