cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge from upstream 01a43ad9824fba77384534c6d588e0e0d653986e

Browse Source 
"Due to bug 581342 we want to only negotiate SSL 3.0. Previously we
were telling gnutls to not do TLS1.0 or TLS1.1, but that means with
newer versions of gnutls that support TLS1.2 it would try to negotiate
that instead and generally fail. Fix that by disabling TLS1.2 too
(which works fine even with gnutls versions that don't support TLS1.2
yet)."

https://bugzilla.gnome.org/show_bug.cgi?id=622857
This commit is contained in:
ajacoutot 2010-09-01 11:02:26 +00:00
parent 90da3489a4
commit df70d7896b
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
devel/libsoup/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.43 2010/06/22 18:16:59 ajacoutot Exp $
# $OpenBSD: Makefile,v 1.44 2010/09/01 11:02:26 ajacoutot Exp $
COMMENT-main = SOAP implementation in C
COMMENT-gnome = GNOME specific libsoup parts
@ -9,6 +9,8 @@ GNOME_VERSION = 2.30.2
PKGNAME-main = ${DISTNAME}
PKGNAME-gnome = ${GNOME_PROJECT}-gnome-${GNOME_VERSION}
REVISION-main = 0
SHARED_LIBS += soup-2.4 2.2 # .4.0
SHARED_LIBS += soup-gnome-2.4 1.1 # .4.0
API_VERSION = 2.4

24
devel/libsoup/patches/patch-libsoup_soup-gnutls_c Normal file
View File

@ -0,0 +1,24 @@
$OpenBSD: patch-libsoup_soup-gnutls_c,v 1.1 2010/09/01 11:02:26 ajacoutot Exp $
Upstream 01a43ad9824fba77384534c6d588e0e0d653986e
Due to bug 581342 we want to only negotiate SSL 3.0. Previously we
were telling gnutls to not do TLS1.0 or TLS1.1, but that means with
newer versions of gnutls that support TLS1.2 it would try to negotiate
that instead and generally fail. Fix that by disabling TLS1.2 too
(which works fine even with gnutls versions that don't support TLS1.2
yet).
https://bugzilla.gnome.org/show_bug.cgi?id=622857
--- libsoup/soup-gnutls.c.orig Tue Jun 22 17:43:58 2010
+++ libsoup/soup-gnutls.c Wed Sep 1 12:40:59 2010
@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean no
goto THROW_CREATE_ERROR;
/* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
+ if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
goto THROW_CREATE_ERROR;
if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,