Fixes default tls version patch to handle default values from OpenSSL crypto policies

2020-04-08 16:12:55 +02:00 · 2020-04-08 16:12:55 +02:00 · 4130928dd2
commit 4130928dd2
parent cf3d71fba4
2 changed files with 20 additions and 5 deletions
--- a/stunnel-5.56-default-tls-version.patch
+++ b/stunnel-5.56-default-tls-version.patch
@ -10,9 +10,21 @@
 #endif /* defined PROTOTYPES_H */

 /* end of prototypes.h */
--- stunnel-5.56/src/options.c.default-tls-version	2020-04-06 11:14:41.993334510 +0200
-+++ stunnel-5.56/src/options.c	2020-04-06 11:22:37.393391977 +0200
-@@ -3142,7 +3142,10 @@ NOEXPORT char *parse_service_option(CMD
+--- stunnel-5.56/src/options.c.default-tls-version	2020-04-06 18:58:48.947214149 +0200
+++ stunnel-5.56/src/options.c	2020-04-08 15:45:18.093520780 +0200
+@@ -3123,8 +3123,9 @@ NOEXPORT char *parse_service_option(CMD
+             return "Invalid protocol version";
+         return NULL; /* OK */
+     case CMD_INITIALIZE:
+-        if(section->max_proto_version && section->min_proto_version &&
+-                section->max_proto_version<section->min_proto_version)
+        if(section->max_proto_version != USE_DEFAULT_TLS_VERSION
+                && section->min_proto_version != USE_DEFAULT_TLS_VERSION
+                && section->max_proto_version<section->min_proto_version)
+             return "Invalid protocol version range";
+         break;
+     case CMD_PRINT_DEFAULTS:
+@@ -3142,7 +3143,10 @@ NOEXPORT char *parse_service_option(CMD
     /* sslVersionMax */
     switch(cmd) {
     case CMD_SET_DEFAULTS:
@ -24,7 +36,7 @@
         break;
     case CMD_SET_COPY:
         section->max_proto_version=new_service_options.max_proto_version;
-@@ -3173,7 +3176,10 @@ NOEXPORT char *parse_service_option(CMD
+@@ -3173,7 +3177,10 @@ NOEXPORT char *parse_service_option(CMD
     /* sslVersionMin */
     switch(cmd) {
     case CMD_SET_DEFAULTS:
--- a/stunnel.spec
+++ b/stunnel.spec
@ -10,7 +10,7 @@
 Summary: A TLS-encrypting socket wrapper
 Name: stunnel
 Version: 5.56
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2
 URL: http://www.stunnel.org/
 Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
@ -138,6 +138,9 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done)
 %systemd_postun_with_restart %{name}.service

 %changelog
+* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
+- Fixes default tls version patch to handle default values from OpenSSL crypto policies
+
 * Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-5
 - Removes warnings caused by the patch