rpms/openssl
6
1
Fork 1
Code Issues Pull Requests Releases Activity

Load system default cipher string from crypto-policies configuration file

Browse Source 
...should ignore errors.

Related: RHEL-71132
This commit is contained in:
Dmitry Belyavskiy 2025-01-29 21:36:05 +01:00
parent d6a9e4cbb6
commit 7840be76de
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@ -139,7 +139,7 @@ index 8360991ce4..33c23efb0d 100644
+
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
+ ciphers_path = SYSTEM_CIPHERS_FILE;
+
+ ERR_set_mark();
+ if (access(ciphers_path, R_OK) == 0) {
+ CONF *conf = NCONF_new_ex(NULL, NCONF_default());
+ char *value = NULL;
@ -153,7 +153,7 @@ index 8360991ce4..33c23efb0d 100644
+ } else {
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
+ }
+
+ ERR_pop_to_mark();
+ slen = strlen(suffix);
+ len = strlen(buf);
+

3
openssl.spec
View File

@ -544,6 +544,9 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
* Wed Jan 29 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-16
- Fix timing side-channel in ECDSA signature computation (CVE-2024-13176)
Resolves: RHEL-70879
- Load system default cipher string from crypto-policies configuration file
should ignore errors.
Related: RHEL-71132
* Thu Jan 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-15
- Fix providers no_cache behavior