From b9027004c3b739cf0088b2f3ab7618dd5faa630a Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 18 Mar 2009 17:01:02 +0000 Subject: [PATCH] enable 6 additional crypto algorithms by default (#436781) --- curl-7.19.4-enable-aes.patch | 47 ++++++++++++++++++++++++++++++++++++ curl.spec | 8 +++++- 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 curl-7.19.4-enable-aes.patch diff --git a/curl-7.19.4-enable-aes.patch b/curl-7.19.4-enable-aes.patch new file mode 100644 index 0000000..06351d8 --- /dev/null +++ b/curl-7.19.4-enable-aes.patch @@ -0,0 +1,47 @@ +diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c +--- curl.orig/lib/nss.c 2009-03-04 17:54:28.459240000 +0100 ++++ curl/lib/nss.c 2009-03-18 11:38:34.245797020 +0100 +@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = { + #endif + }; + ++/* following ciphers are new in NSS 3.4 and not enabled by default, therefor ++ they are enabled explicitly */ ++static const int enable_ciphers_by_default[] = { ++ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, ++ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_AES_128_CBC_SHA, ++ TLS_RSA_WITH_AES_256_CBC_SHA, ++ SSL_NULL_WITH_NULL_NULL ++}; ++ + #ifdef HAVE_PK11_CREATEGENERICOBJECT + static const char* pem_library = "libnsspem.so"; + #endif +@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect + #endif + char *certDir = NULL; + int curlerr; ++ const int *cipher_to_enable; + + curlerr = CURLE_SSL_CONNECT_ERROR; + +@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect + if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess) + goto error; + ++ /* enable all ciphers from enable_ciphers_by_default */ ++ cipher_to_enable = enable_ciphers_by_default; ++ while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) { ++ if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) { ++ curlerr = CURLE_SSL_CIPHER; ++ goto error; ++ } ++ cipher_to_enable++; ++ } ++ + if(data->set.ssl.cipher_list) { + if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) { + curlerr = CURLE_SSL_CIPHER; diff --git a/curl.spec b/curl.spec index 68851ad..7ef1593 100644 --- a/curl.spec +++ b/curl.spec @@ -1,7 +1,7 @@ Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Name: curl Version: 7.19.4 -Release: 4%{?dist} +Release: 5%{?dist} License: MIT Group: Applications/Internet Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2 @@ -9,6 +9,7 @@ Patch1: curl-7.15.3-multilib.patch Patch2: curl-7.16.0-privlibs.patch Patch3: curl-7.17.1-badsocket.patch Patch4: curl-7.19.4-tool-leak.patch +Patch5: curl-7.19.4-enable-aes.patch Provides: webclient URL: http://curl.haxx.se/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -54,6 +55,7 @@ use cURL's capabilities internally. %patch2 -p1 -b .privlibs %patch3 -p1 -b .badsocket %patch4 -p1 -b .toolleak +%patch5 -p1 -b .enableaes # Convert docs to UTF-8 for f in CHANGES README; do @@ -145,6 +147,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/libcurl.m4 %changelog +* Wed Mar 18 2009 Kamil Dudka 7.19.4-5 +- enable 6 additional crypto algorithms by default (#436781, + accepted by upstream) + * Thu Mar 12 2009 Kamil Dudka 7.19.4-4 - fix memory leak in src/main.c (accepted by upstream) - avoid using %ifarch