mutt/mutt-1.5.23-ssl_ciphers.patch
Matej Muzila f5db476a28 Utilize system-wide crypto-policies
- rhbz#1179324
2015-08-31 13:55:43 +02:00

75 lines
2.2 KiB
Diff

diff -rup mutt-17a4f92e4a95-orig/init.h mutt-17a4f92e4a95/init.h
--- mutt-17a4f92e4a95-orig/init.h 2015-07-30 11:09:54.536930119 +0200
+++ mutt-17a4f92e4a95/init.h 2015-07-30 11:11:17.383772131 +0200
@@ -3092,7 +3092,7 @@ struct option_t MuttVars[] = {
** URL. You should only unset this for particular known hosts, using
** the \fC$<account-hook>\fP function.
*/
- { "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL 0 },
+ { "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL "@SYSTEM" },
/*
** .pp
** Contains a colon-seperated list of ciphers to use when using SSL.
--- mutt-17a4f92e4a95/mutt_ssl_gnutls.c.ssl_ciphers 2015-08-20 13:19:24.990481900 +0200
+++ mutt-17a4f92e4a95/mutt_ssl_gnutls.c 2015-08-20 14:37:18.405928684 +0200
@@ -286,32 +286,35 @@
else
safe_strcat (priority, priority_size, "NORMAL");
- if (! option(OPTTLSV1_2))
+ if (SslCiphers && strcmp(SslCiphers, "@SYSTEM"))
{
- nproto--;
- safe_strcat (priority, priority_size, ":-VERS-TLS1.2");
- }
- if (! option(OPTTLSV1_1))
- {
- nproto--;
- safe_strcat (priority, priority_size, ":-VERS-TLS1.1");
- }
- if (! option(OPTTLSV1))
- {
- nproto--;
- safe_strcat (priority, priority_size, ":-VERS-TLS1.0");
- }
- if (! option(OPTSSLV3))
- {
- nproto--;
- safe_strcat (priority, priority_size, ":-VERS-SSL3.0");
- }
+ if (! option(OPTTLSV1_2))
+ {
+ nproto--;
+ safe_strcat (priority, priority_size, ":-VERS-TLS1.2");
+ }
+ if (! option(OPTTLSV1_1))
+ {
+ nproto--;
+ safe_strcat (priority, priority_size, ":-VERS-TLS1.1");
+ }
+ if (! option(OPTTLSV1))
+ {
+ nproto--;
+ safe_strcat (priority, priority_size, ":-VERS-TLS1.0");
+ }
+ if (! option(OPTSSLV3))
+ {
+ nproto--;
+ safe_strcat (priority, priority_size, ":-VERS-SSL3.0");
+ }
- if (nproto == 0)
- {
- mutt_error (_("All available protocols for TLS/SSL connection disabled"));
- FREE (&priority);
- return -1;
+ if (nproto == 0)
+ {
+ mutt_error (_("All available protocols for TLS/SSL connection disabled"));
+ FREE (&priority);
+ return -1;
+ }
}
if ((err = gnutls_priority_set_direct (data->state, priority, NULL)) < 0)