rpms/curl
8
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolves: #1483972 - utilize system wide crypto policies for TLS

Browse Source
This commit is contained in:
Kamil Dudka 2017-08-22 17:39:58 +02:00
parent 8eae4647c3
commit 0480ac07c5
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
0103-curl-7.55.1-system-crypto-policy.patch Normal file
View File

@ -0,0 +1,27 @@
From 7271547cb46a4dc28004febaea19e5edaa2250d2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 22 Aug 2017 17:02:26 +0200
Subject: [PATCH] openssl: utilize system wide crypto policies
... unless explicitly overridden via libcurl API
---
lib/vtls/openssl.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h
index b9648d5..48036e1 100644
--- a/lib/vtls/openssl.h
+++ b/lib/vtls/openssl.h
@@ -119,8 +119,7 @@ bool Curl_ossl_cert_status_request(void);
#endif
#define curlssl_cert_status_request() Curl_ossl_cert_status_request()
-#define DEFAULT_CIPHER_SELECTION \
- "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
+#define DEFAULT_CIPHER_SELECTION "PROFILE=SYSTEM"
#endif /* USE_OPENSSL */
#endif /* HEADER_CURL_SSLUSE_H */
--
2.9.5

9
curl.spec
View File

@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.55.1 Version: 7.55.1
Release: 2%{?dist} Release: 3%{?dist}
License: MIT License: MIT
Group: Applications/Internet Group: Applications/Internet
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
@ -15,6 +15,9 @@ Patch101: 0101-curl-7.32.0-multilib.patch
# prevent configure script from discarding -g in CFLAGS (#496778) # prevent configure script from discarding -g in CFLAGS (#496778)
Patch102: 0102-curl-7.36.0-debug.patch Patch102: 0102-curl-7.36.0-debug.patch
# utilize system wide crypto policies for TLS (#1483972)
Patch103: 0103-curl-7.55.1-system-crypto-policy.patch
# use localhost6 instead of ip6-localhost in the curl test-suite # use localhost6 instead of ip6-localhost in the curl test-suite
Patch104: 0104-curl-7.19.7-localhost6.patch Patch104: 0104-curl-7.19.7-localhost6.patch
@ -157,6 +160,7 @@ be installed.
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
%patch103 -p1
%patch104 -p1 %patch104 -p1
# regenerate Makefile.in files # regenerate Makefile.in files
@ -306,6 +310,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal %{_libdir}/libcurl.so.[0-9].[0-9].[0-9].minimal
%changelog %changelog
* Tue Aug 22 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-3
- utilize system wide crypto policies for TLS (#1483972)
* Tue Aug 15 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-2 * Tue Aug 15 2017 Kamil Dudka <kdudka@redhat.com> 7.55.1-2
- make zsh completion work again - make zsh completion work again