rpms/rsyslog
7
0
Fork 0
Code Issues Pull Requests Releases Activity
5ed1f72be1
rsyslog/SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch
CentOS Sources 4066a6fcea import rsyslog-8.1911.0-3.el8
2021-09-10 04:01:55 +00:00

59 lines
2.3 KiB
Diff
Raw Blame History

From 0de93c9e1597b20f71bb61d5375ded546cfd2fa8 Mon Sep 17 00:00:00 2001
From: Jiri Vymazal <jvymazal@redhat.com>
Date: Wed, 11 Dec 2019 15:35:26 +0100
Subject: [PATCH] Changed default for permitExpiredCerts to "off"
This is to be conssitent with rsyslog's prior behavior where
expired certs were automatically rejected
---
runtime/nsd_gtls.c | 10 +++++-----
runtime/nsd_ossl.c | 8 ++++----
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 5df12994d1..2be0ca9c92 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -1461,16 +1461,16 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode)
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
ISOBJ_TYPE_assert((pThis), nsd_gtls);
- /* default is set to warn! */
- if(mode == NULL || !strcasecmp((char*)mode, "warn")) {
- pThis->permitExpiredCerts = GTLS_EXPIRED_WARN;
- } else if(!strcasecmp((char*) mode, "off")) {
+ /* default is set to off! */
+ if(mode == NULL || !strcasecmp((char*)mode, "off")) {
pThis->permitExpiredCerts = GTLS_EXPIRED_DENY;
+ } else if(!strcasecmp((char*) mode, "warn")) {
+ pThis->permitExpiredCerts = GTLS_EXPIRED_WARN;
} else if(!strcasecmp((char*) mode, "on")) {
pThis->permitExpiredCerts = GTLS_EXPIRED_PERMIT;
} else {
LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts mode '%s' not supported by "
- "ossl netstream driver", mode);
+ "gtls netstream driver", mode);
ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
}
diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
index 4f8dd845ab..ebb2537d72 100644
--- a/runtime/nsd_ossl.c
+++ b/runtime/nsd_ossl.c
@@ -1130,11 +1130,11 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode)
nsd_ossl_t *pThis = (nsd_ossl_t*) pNsd;
ISOBJ_TYPE_assert((pThis), nsd_ossl);
- /* default is set to warn! */
- if(mode == NULL || !strcasecmp((char*)mode, "warn")) {
- pThis->permitExpiredCerts = OSSL_EXPIRED_WARN;
- } else if(!strcasecmp((char*) mode, "off")) {
+ /* default is set to off! */
+ if(mode == NULL || !strcasecmp((char*)mode, "off")) {
pThis->permitExpiredCerts = OSSL_EXPIRED_DENY;
+ } else if(!strcasecmp((char*) mode, "warn")) {
+ pThis->permitExpiredCerts = OSSL_EXPIRED_WARN;
} else if(!strcasecmp((char*) mode, "on")) {
pThis->permitExpiredCerts = OSSL_EXPIRED_PERMIT;
} else {
Reference in New Issue View Git Blame Copy Permalink