make the --tls13-ciphers option work
This commit is contained in:
parent
8bff7e0d6b
commit
e7b6b91818
101
0003-curl-7.61.0-tls13-ciphers.patch
Normal file
101
0003-curl-7.61.0-tls13-ciphers.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
From 426b00d0587797d79806f9682b058d5c90a0ab79 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jay Satiro <raysatiro@yahoo.com>
|
||||||
|
Date: Fri, 31 Aug 2018 19:46:29 -0400
|
||||||
|
Subject: [PATCH 1/2] openssl: Fix setting TLS 1.3 cipher suites
|
||||||
|
|
||||||
|
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
|
||||||
|
missing.
|
||||||
|
|
||||||
|
Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
|
||||||
|
Reported-by: Kamil Dudka
|
||||||
|
|
||||||
|
Closes #2926
|
||||||
|
|
||||||
|
Upstream-commit: 978574b502294ae06eb97d4f590b54ed5d24cd7f
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/vtls/openssl.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
||||||
|
index bc46eca..fad4287 100644
|
||||||
|
--- a/lib/vtls/openssl.c
|
||||||
|
+++ b/lib/vtls/openssl.c
|
||||||
|
@@ -3804,6 +3804,9 @@ const struct Curl_ssl Curl_ssl_openssl = {
|
||||||
|
SSLSUPP_CERTINFO |
|
||||||
|
SSLSUPP_PINNEDPUBKEY |
|
||||||
|
SSLSUPP_SSL_CTX |
|
||||||
|
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
|
||||||
|
+ SSLSUPP_TLS13_CIPHERSUITES |
|
||||||
|
+#endif
|
||||||
|
SSLSUPP_HTTPS_PROXY,
|
||||||
|
|
||||||
|
sizeof(struct ssl_backend_data),
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
||||||
|
|
||||||
|
From 081afa4e2eb5e853833bd87ca43f48ab550fe657 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Mon, 3 Sep 2018 13:04:00 +0200
|
||||||
|
Subject: [PATCH 2/2] url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
|
||||||
|
|
||||||
|
This is a follow-up to PR #2607 and PR #2926.
|
||||||
|
|
||||||
|
Closes #2936
|
||||||
|
|
||||||
|
Upstream-commit: 52c13d6328ff56b2d2e8313e88cfdfc78acda365
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/url.c | 4 ++++
|
||||||
|
lib/vtls/vtls.c | 5 ++++-
|
||||||
|
2 files changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/url.c b/lib/url.c
|
||||||
|
index 27b2c1e..46898c4 100644
|
||||||
|
--- a/lib/url.c
|
||||||
|
+++ b/lib/url.c
|
||||||
|
@@ -4356,6 +4356,10 @@ static CURLcode create_conn(struct Curl_easy *data,
|
||||||
|
data->set.str[STRING_SSL_CIPHER_LIST_ORIG];
|
||||||
|
data->set.proxy_ssl.primary.cipher_list =
|
||||||
|
data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
|
||||||
|
+ data->set.ssl.primary.cipher_list13 =
|
||||||
|
+ data->set.str[STRING_SSL_CIPHER13_LIST_ORIG];
|
||||||
|
+ data->set.proxy_ssl.primary.cipher_list13 =
|
||||||
|
+ data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
|
||||||
|
|
||||||
|
data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
|
||||||
|
data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
|
||||||
|
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
|
||||||
|
index bf96518..b61c640 100644
|
||||||
|
--- a/lib/vtls/vtls.c
|
||||||
|
+++ b/lib/vtls/vtls.c
|
||||||
|
@@ -96,7 +96,8 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
|
||||||
|
Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
|
||||||
|
Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
|
||||||
|
Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
|
||||||
|
- Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list))
|
||||||
|
+ Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
|
||||||
|
+ Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13))
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
return FALSE;
|
||||||
|
@@ -119,6 +120,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
|
||||||
|
CLONE_STRING(random_file);
|
||||||
|
CLONE_STRING(egdsocket);
|
||||||
|
CLONE_STRING(cipher_list);
|
||||||
|
+ CLONE_STRING(cipher_list13);
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
@@ -131,6 +133,7 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
|
||||||
|
Curl_safefree(sslc->random_file);
|
||||||
|
Curl_safefree(sslc->egdsocket);
|
||||||
|
Curl_safefree(sslc->cipher_list);
|
||||||
|
+ Curl_safefree(sslc->cipher_list13);
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef USE_SSL
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.61.0
|
Version: 7.61.0
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -11,6 +11,9 @@ Patch1: 0001-curl-7.61.0-pkcs11.patch
|
|||||||
# scp/sftp: fix infinite connect loop on invalid private key (#1595135)
|
# scp/sftp: fix infinite connect loop on invalid private key (#1595135)
|
||||||
Patch2: 0002-curl-7.61.0-libssh.patch
|
Patch2: 0002-curl-7.61.0-libssh.patch
|
||||||
|
|
||||||
|
# make the --tls13-ciphers option work
|
||||||
|
Patch3: 0003-curl-7.61.0-tls13-ciphers.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -166,6 +169,7 @@ be installed.
|
|||||||
# upstream patches
|
# upstream patches
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -333,6 +337,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 04 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-8
|
||||||
|
- make the --tls13-ciphers option work
|
||||||
|
|
||||||
* Mon Aug 27 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-7
|
* Mon Aug 27 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.0-7
|
||||||
- tests: make ssh-keygen always produce PEM format (#1622594)
|
- tests: make ssh-keygen always produce PEM format (#1622594)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user