enable 6 additional crypto algorithms by default (#436781)

This commit is contained in:
Kamil Dudka 2009-03-18 17:01:02 +00:00
parent 8acdb5038c
commit b9027004c3
2 changed files with 54 additions and 1 deletions

View File

@ -0,0 +1,47 @@
diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
--- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100
+++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100
@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
#endif
};
+/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
+ they are enabled explicitly */
+static const int enable_ciphers_by_default[] = {
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ SSL_NULL_WITH_NULL_NULL
+};
+
#ifdef HAVE_PK11_CREATEGENERICOBJECT
static const char* pem_library = "libnsspem.so";
#endif
@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect
#endif
char *certDir = NULL;
int curlerr;
+ const int *cipher_to_enable;
curlerr = CURLE_SSL_CONNECT_ERROR;
@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
goto error;
+ /* enable all ciphers from enable_ciphers_by_default */
+ cipher_to_enable = enable_ciphers_by_default;
+ while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
+ if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
+ curlerr = CURLE_SSL_CIPHER;
+ goto error;
+ }
+ cipher_to_enable++;
+ }
+
if(data->set.ssl.cipher_list) {
if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
curlerr = CURLE_SSL_CIPHER;

View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.19.4 Version: 7.19.4
Release: 4%{?dist} Release: 5%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@ -9,6 +9,7 @@ Patch1: curl-7.15.3-multilib.patch
Patch2: curl-7.16.0-privlibs.patch Patch2: curl-7.16.0-privlibs.patch
Patch3: curl-7.17.1-badsocket.patch Patch3: curl-7.17.1-badsocket.patch
Patch4: curl-7.19.4-tool-leak.patch Patch4: curl-7.19.4-tool-leak.patch
Patch5: curl-7.19.4-enable-aes.patch
Provides: webclient Provides: webclient
URL: http://curl.haxx.se/ URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -54,6 +55,7 @@ use cURL's capabilities internally.
%patch2 -p1 -b .privlibs %patch2 -p1 -b .privlibs
%patch3 -p1 -b .badsocket %patch3 -p1 -b .badsocket
%patch4 -p1 -b .toolleak %patch4 -p1 -b .toolleak
%patch5 -p1 -b .enableaes
# Convert docs to UTF-8 # Convert docs to UTF-8
for f in CHANGES README; do for f in CHANGES README; do
@ -145,6 +147,10 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4 %{_datadir}/aclocal/libcurl.m4
%changelog %changelog
* Wed Mar 18 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-5
- enable 6 additional crypto algorithms by default (#436781,
accepted by upstream)
* Thu Mar 12 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-4 * Thu Mar 12 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-4
- fix memory leak in src/main.c (accepted by upstream) - fix memory leak in src/main.c (accepted by upstream)
- avoid using %ifarch - avoid using %ifarch