rpms/sendmail
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixed ECDHE to work with all curves (openssl-1.1.0-ecdhe-fix patch)

Browse Source 
Resolves: rhbz#1473971
This commit is contained in:
Jaroslav Škarvada 2017-07-27 16:30:04 +02:00
parent 64c461c0e2
commit a8b1301666
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch Normal file
View File

@ -0,0 +1,20 @@
diff --git a/sendmail/tls.c b/sendmail/tls.c
index 16cb93f..9338380 100644
--- a/sendmail/tls.c
+++ b/sendmail/tls.c
@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
}
#if _FFR_TLS_EC
- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ecdh != NULL)
- {
- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
- SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
- EC_KEY_free(ecdh);
- }
+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_ecdh_auto(*ctx, 1);
#endif /* _FFR_TLS_EC */
}

9
sendmail.spec
View File

@ -17,7 +17,7 @@
Summary: A widely used Mail Transport Agent (MTA) Summary: A widely used Mail Transport Agent (MTA)
Name: sendmail Name: sendmail
Version: 8.15.2 Version: 8.15.2
Release: 15%{?dist} Release: 16%{?dist}
License: Sendmail License: Sendmail
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.sendmail.org/ URL: http://www.sendmail.org/
@ -88,6 +88,8 @@ Patch26: sendmail-8.15.2-libmilter-socket-activation.patch
Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch
Patch28: sendmail-8.15.2-openssl-1.1.0-fix.patch Patch28: sendmail-8.15.2-openssl-1.1.0-fix.patch
Patch29: sendmail-8.15.2-compile-fix.patch Patch29: sendmail-8.15.2-compile-fix.patch
# rhbz#1473971
Patch30: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcp_wrappers-devel BuildRequires: tcp_wrappers-devel
BuildRequires: libdb-devel BuildRequires: libdb-devel
@ -215,6 +217,7 @@ cp devtools/M4/UNIX/{,shared}library.m4
%patch27 -p1 -b .smtp-session-reuse-fix %patch27 -p1 -b .smtp-session-reuse-fix
%patch28 -p1 -b .openssl-1.1.0-fix %patch28 -p1 -b .openssl-1.1.0-fix
%patch29 -p1 -b .compile-fix %patch29 -p1 -b .compile-fix
%patch30 -p1 -b .openssl-1.1.0-ecdhe-fix
for f in RELEASE_NOTES contrib/etrn.0; do for f in RELEASE_NOTES contrib/etrn.0; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} && iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@ -733,6 +736,10 @@ fi
%endif %endif
%changelog %changelog
* Thu Jul 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-16
- Fixed ECDHE to work with all curves (openssl-1.1.0-ecdhe-fix patch)
Resolves: rhbz#1473971
* Thu Mar 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-15 * Thu Mar 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-15
- Explicitly enabled sm-client statistics - Explicitly enabled sm-client statistics
Related: rhbz#890585 Related: rhbz#890585