rpms/elinks
5
0
Fork 0
Code Issues Pull Requests Releases Activity

drop disablement of TLS1.0 on second attempt to connect,

Browse Source 
it would not work correctly anyway and the code does not build
  with OpenSSL-1.1.0
This commit is contained in:
Tomas Mraz 2017-02-17 16:44:11 +01:00
parent 83104423d0
commit a63c137931
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
elinks-0.12pre6-openssl11.patch Normal file
View File

@ -0,0 +1,32 @@
diff -up elinks-0.12pre6/src/network/ssl/socket.c.openssl11 elinks-0.12pre6/src/network/ssl/socket.c
--- elinks-0.12pre6/src/network/ssl/socket.c.openssl11 2017-02-17 16:41:26.346909430 +0100
+++ elinks-0.12pre6/src/network/ssl/socket.c 2017-02-17 16:40:34.000000000 +0100
@@ -82,6 +82,11 @@
static void
ssl_set_no_tls(struct socket *socket)
{
+#if 0
+/* This implements the insecure renegotiation, which should not be used.
+ * The code also would not work on current Fedora (>= Fedora 23) anyway,
+ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled.
+ */
#ifdef CONFIG_OPENSSL
((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
#elif defined(CONFIG_GNUTLS)
@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket)
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
}
#endif
+#endif
}
#ifdef USE_OPENSSL
@@ -419,7 +425,7 @@ ssl_connect(struct socket *socket)
}
if (client_cert) {
- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
+ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl);
SSL_CTX_use_certificate_chain_file(ctx, client_cert);
SSL_CTX_use_PrivateKey_file(ctx, client_cert,

11
elinks.spec
View File

@ -3,7 +3,7 @@
Name: elinks Name: elinks
Summary: A text-mode Web browser Summary: A text-mode Web browser
Version: 0.12 Version: 0.12
Release: 0.49.%{prerel}%{?dist} Release: 0.50.%{prerel}%{?dist}
License: GPLv2 License: GPLv2
URL: http://elinks.or.cz URL: http://elinks.or.cz
Group: Applications/Internet Group: Applications/Internet
@ -44,6 +44,7 @@ Patch14: elinks-0.12pre6-ssl-hostname.patch
Patch15: elinks-0.12pre6-list_is_singleton.patch Patch15: elinks-0.12pre6-list_is_singleton.patch
Patch16: elinks-0.12pre6-lua51.patch Patch16: elinks-0.12pre6-lua51.patch
Patch17: elinks-0.12pre6-libidn2.patch Patch17: elinks-0.12pre6-libidn2.patch
Patch18: elinks-0.12pre6-openssl11.patch
%description %description
Elinks is a text-based Web browser. Elinks does not display any images, Elinks is a text-based Web browser. Elinks does not display any images,
@ -96,6 +97,9 @@ quickly and swiftly displays Web pages.
# add support for GNU Libidn2, patch by Robert Scheck (#1098789) # add support for GNU Libidn2, patch by Robert Scheck (#1098789)
%patch17 -p1 %patch17 -p1
# drop disablement of TLS1.0 on second attempt to connect
%patch18 -p1 -b .openssl11
# rename the input file of autoconf to eliminate a warning # rename the input file of autoconf to eliminate a warning
mv -v configure.in configure.ac mv -v configure.in configure.ac
sed -e 's/configure\.in/configure.ac/' \ sed -e 's/configure\.in/configure.ac/' \
@ -174,6 +178,11 @@ exit 0
%{_mandir}/man5/* %{_mandir}/man5/*
%changelog %changelog
* Fri Feb 17 2017 Tomáš Mráz <tmraz@redhat.com> - 0.12-0.50.pre6
- drop disablement of TLS1.0 on second attempt to connect,
it would not work correctly anyway and the code does not build
with OpenSSL-1.1.0
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-0.49.pre6 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-0.49.pre6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild