drop disablement of TLS1.0 on second attempt to connect,
it would not work correctly anyway and the code does not build with OpenSSL-1.1.0
This commit is contained in:
Tomas Mraz
parent
83104423d0
commit
a63c137931
32
elinks-0.12pre6-openssl11.patch
Normal file
32
elinks-0.12pre6-openssl11.patch
Normal file
@ -0,0 +1,32 @@
|
||||
diff -up elinks-0.12pre6/src/network/ssl/socket.c.openssl11 elinks-0.12pre6/src/network/ssl/socket.c
|
||||
--- elinks-0.12pre6/src/network/ssl/socket.c.openssl11 2017-02-17 16:41:26.346909430 +0100
|
||||
+++ elinks-0.12pre6/src/network/ssl/socket.c 2017-02-17 16:40:34.000000000 +0100
|
||||
@@ -82,6 +82,11 @@
|
||||
static void
|
||||
ssl_set_no_tls(struct socket *socket)
|
||||
{
|
||||
+#if 0
|
||||
+/* This implements the insecure renegotiation, which should not be used.
|
||||
+ * The code also would not work on current Fedora (>= Fedora 23) anyway,
|
||||
+ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled.
|
||||
+ */
|
||||
#ifdef CONFIG_OPENSSL
|
||||
((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
|
||||
#elif defined(CONFIG_GNUTLS)
|
||||
@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket)
|
||||
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
|
||||
}
|
||||
#endif
|
||||
+#endif
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
@@ -419,7 +425,7 @@ ssl_connect(struct socket *socket)
|
||||
}
|
||||
|
||||
if (client_cert) {
|
||||
- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
|
||||
+ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl);
|
||||
|
||||
SSL_CTX_use_certificate_chain_file(ctx, client_cert);
|
||||
SSL_CTX_use_PrivateKey_file(ctx, client_cert,
|
||||
11
elinks.spec
11
elinks.spec
@ -3,7 +3,7 @@
|
||||
Name: elinks
|
||||
Summary: A text-mode Web browser
|
||||
Version: 0.12
|
||||
Release: 0.49.%{prerel}%{?dist}
|
||||
Release: 0.50.%{prerel}%{?dist}
|
||||
License: GPLv2
|
||||
URL: http://elinks.or.cz
|
||||
Group: Applications/Internet
|
||||
@ -44,6 +44,7 @@ Patch14: elinks-0.12pre6-ssl-hostname.patch
|
||||
Patch15: elinks-0.12pre6-list_is_singleton.patch
|
||||
Patch16: elinks-0.12pre6-lua51.patch
|
||||
Patch17: elinks-0.12pre6-libidn2.patch
|
||||
Patch18: elinks-0.12pre6-openssl11.patch
|
||||
|
||||
%description
|
||||
Elinks is a text-based Web browser. Elinks does not display any images,
|
||||
@ -96,6 +97,9 @@ quickly and swiftly displays Web pages.
|
||||
# add support for GNU Libidn2, patch by Robert Scheck (#1098789)
|
||||
%patch17 -p1
|
||||
|
||||
# drop disablement of TLS1.0 on second attempt to connect
|
||||
%patch18 -p1 -b .openssl11
|
||||
|
||||
# rename the input file of autoconf to eliminate a warning
|
||||
mv -v configure.in configure.ac
|
||||
sed -e 's/configure\.in/configure.ac/' \
|
||||
@ -174,6 +178,11 @@ exit 0
|
||||
%{_mandir}/man5/*
|
||||
|
||||
%changelog
|
||||
* Fri Feb 17 2017 Tomáš Mráz <tmraz@redhat.com> - 0.12-0.50.pre6
|
||||
- drop disablement of TLS1.0 on second attempt to connect,
|
||||
it would not work correctly anyway and the code does not build
|
||||
with OpenSSL-1.1.0
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-0.49.pre6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user