rpms/stunnel
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Preserve NO_TLSv1.[123] option compatibility

Browse Source 
On RHEL 8, stunnel used to support the NO_TLSv1.1, NO_TLSv1.2, and
NO_TLSv1.3 values for the options directive. Since we do not break
compatibility, preserve these options for customers that have them set.

Resolves: RHEL-2340
Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
Clemens Lang 2023-10-19 14:52:34 +02:00
parent 49fc206f2d
commit 0334b7c96b
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
stunnel-5.71-Preserve-NO_TLSv1.-123-option-compatibility.patch Normal file
View File

@ -0,0 +1,37 @@
From 4ffcbcecaf901b13a36dba1e651cfc16e5242e5a Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 19 Oct 2023 14:41:54 +0200
Subject: [PATCH] Preserve NO_TLSv1.[123] option compatibility
On RHEL 8, stunnel used to support the NO_TLSv1.1, NO_TLSv1.2, and
NO_TLSv1.3 values for the options directive. Since we do not break
compatibility, preserve these options for customers that have them set.
Related: RHEL-2340
---
src/options.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/options.c b/src/options.c
index a306c4c..c05692c 100644
--- a/src/options.c
+++ b/src/options.c
@@ -229,12 +229,15 @@ static const SSL_OPTION ssl_opts[] = {
#endif
#ifdef SSL_OP_NO_TLSv1_1
{"NO_TLSv1_1", SSL_OP_NO_TLSv1_1},
+ {"NO_TLSv1.1", SSL_OP_NO_TLSv1_1},
#endif
#ifdef SSL_OP_NO_TLSv1_2
{"NO_TLSv1_2", SSL_OP_NO_TLSv1_2},
+ {"NO_TLSv1.2", SSL_OP_NO_TLSv1_2},
#endif
#ifdef SSL_OP_NO_TLSv1_3
{"NO_TLSv1_3", SSL_OP_NO_TLSv1_3},
+ {"NO_TLSv1.3", SSL_OP_NO_TLSv1_3},
#endif
#ifdef SSL_OP_PKCS1_CHECK_1
{"PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1},
--
2.41.0

8
stunnel.spec
View File

@ -10,7 +10,7 @@
Summary: A TLS-encrypting socket wrapper Summary: A TLS-encrypting socket wrapper
Name: stunnel Name: stunnel
Version: 5.71 Version: 5.71
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2 License: GPLv2
Group: Applications/Internet Group: Applications/Internet
URL: https://www.stunnel.org/ URL: https://www.stunnel.org/
@ -31,6 +31,7 @@ Patch1: stunnel-5.61-systemd-service.patch
Patch3: stunnel-5.69-system-ciphers.patch Patch3: stunnel-5.69-system-ciphers.patch
Patch5: stunnel-5.69-default-tls-version.patch Patch5: stunnel-5.69-default-tls-version.patch
Patch6: stunnel-5.56-curves-doc-update.patch Patch6: stunnel-5.56-curves-doc-update.patch
Patch7: stunnel-5.71-Preserve-NO_TLSv1.-123-option-compatibility.patch
# util-linux is needed for rename # util-linux is needed for rename
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -62,6 +63,7 @@ conjunction with imapd to create a TLS secure IMAP server.
%patch3 -p1 -b .system-ciphers %patch3 -p1 -b .system-ciphers
%patch5 -p1 -b .default-tls-version %patch5 -p1 -b .default-tls-version
%patch6 -p1 -b .curves-doc-update %patch6 -p1 -b .curves-doc-update
%patch7 -p1 -b .preserve-no-tlsv1-123-option-compatibility
# Fix the stack protector flag # Fix the stack protector flag
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
@ -140,6 +142,10 @@ fi
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%changelog %changelog
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 5.71-2
- Restore support for the NO_TLSv1.[123] values for the option directive
Resolves: RHEL-2340
* Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1 * Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
- New upstream release 5.71 - New upstream release 5.71
Resolves: RHEL-2340 Resolves: RHEL-2340