diff options
Diffstat (limited to 'net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch')
-rw-r--r-- | net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch deleted file mode 100644 index 9c8d04f55851..000000000000 --- a/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky <michael@orlitzky.com> -Date: Tue, 23 Aug 2016 18:13:47 -0400 -Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method. - -The SSLv2 and SSLv3 protocols are insecure, and people have begun to -operate without them. LibreSSL, for example, does not have them -enabled, and it is possible to build OpenSSL in the same manner. - -If SSLv[23] are disabled, the user would not be able to choose "ssl2" -or "ssl3" as his "ssl_method", an option that was undocumented -anywhere. Therefore there is not much lost, and some security to gain, -by removing the option completely. This commit does that, and uses the -automatic protocol choice that is capable of negotiating TLSv1, -TLSv1.1 and TLSv1.2. - -Gentoo-Bug: 591940 ---- - lib5250/sslstream.c | 26 ++++++++++---------------- - 1 file changed, 10 insertions(+), 16 deletions(-) - -diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c -index 7181566..2f91d1a 100644 ---- a/lib5250/sslstream.c -+++ b/lib5250/sslstream.c -@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This) - - /* which SSL method do we use? */ - -- strcpy(methstr,"auto"); -- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) { -- strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4); -- methstr[4] = '\0'; -- } -- -- if (!strcmp(methstr, "ssl2")) { -- meth = SSLv2_client_method(); -- TN5250_LOG(("SSL Method = SSLv2_client_method()\n")); -- } else if (!strcmp(methstr, "ssl3")) { -- meth = SSLv3_client_method(); -- TN5250_LOG(("SSL Method = SSLv3_client_method()\n")); -- } else { -- meth = SSLv23_client_method(); -- TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); -- } -+ /* Ignore the user's choice of ssl_method (which isn't documented -+ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure, -+ * and this is only safe supported method left. -+ * -+ * This is a Gentoo-specific modification that lets us build -+ * against LibreSSL and newer OpenSSL with its insecure protocols -+ * disabled. -+ */ -+ meth = SSLv23_client_method(); -+ TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); - - /* create a new SSL context */ - --- -2.7.3 - |