rpms/stunnel
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Updates documentation to specify that the option "curves" can be used in server mode only.

Browse Source
This commit is contained in:
Sahana Prasad 2020-04-16 18:12:33 +02:00
parent c8a143bf4c
commit bfd45a4fd5
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
stunnel-5.56-curves-doc-update.patch Normal file
View File

@ -0,0 +1,66 @@
--- stunnel-5.56/doc/stunnel.8.in.curves-doc-update 2020-04-16 17:12:48.171590017 +0200
+++ stunnel-5.56/doc/stunnel.8.in 2020-04-16 17:16:07.001603122 +0200
@@ -473,6 +473,8 @@ This file contains multiple CRLs, used w
.IX Item "curves = list"
\&\s-1ECDH\s0 curves separated with ':'
.Sp
+Note: This option is supported for server mode sockets only.
+.Sp
Only a single curve name is allowed for OpenSSL older than 1.1.0.
.Sp
To get a list of supported curves use:
--- stunnel-5.56/doc/stunnel.html.in.curves-doc-update 2020-04-16 17:13:25.664962696 +0200
+++ stunnel-5.56/doc/stunnel.html.in 2020-04-16 17:16:55.897111302 +0200
@@ -568,6 +568,8 @@
<p>ECDH curves separated with &#39;:&#39;</p>
+<p>Note: This option is supported for server mode sockets only.</p>
+
<p>Only a single curve name is allowed for OpenSSL older than 1.1.0.</p>
<p>To get a list of supported curves use:</p>
--- stunnel-5.56/doc/stunnel.pod.in.curves-doc-update 2020-04-16 17:13:43.412139122 +0200
+++ stunnel-5.56/doc/stunnel.pod.in 2020-04-16 17:17:25.414418073 +0200
@@ -499,6 +499,8 @@ I<verifyPeer> options.
ECDH curves separated with ':'
+Note: This option is supported for server mode sockets only.
+
Only a single curve name is allowed for OpenSSL older than 1.1.0.
To get a list of supported curves use:
--- stunnel-5.56/doc/stunnel.pl.pod.in.curves-doc-update 2020-04-16 17:25:22.631934496 +0200
+++ stunnel-5.56/doc/stunnel.pl.pod.in 2020-04-16 17:47:46.872353210 +0200
@@ -507,6 +507,8 @@ przez opcje I<verifyChain> i I<verifyPee
krzywe ECDH odddzielone ':'
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+
Wersje OpenSSL starsze niż 1.1.0 pozwalają na użycie tylko jednej krzywej.
Listę dostępnych krzywych można uzyskać poleceniem:
--- stunnel-5.56/doc/stunnel.pl.html.in.curves-doc-update 2020-04-16 17:24:46.857579674 +0200
+++ stunnel-5.56/doc/stunnel.pl.html.in 2020-04-16 17:46:13.385404626 +0200
@@ -564,6 +564,8 @@
<p>krzywe ECDH odddzielone &#39;:&#39;</p>
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
+
<p>Wersje OpenSSL starsze ni&#x17C; 1.1.0 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
--- stunnel-5.56/doc/stunnel.pl.8.in.curves-doc-update 2020-04-16 17:24:25.665369474 +0200
+++ stunnel-5.56/doc/stunnel.pl.8.in 2020-04-16 17:45:14.141792786 +0200
@@ -483,6 +483,8 @@ przez opcje \fIverifyChain\fR i \fIverif
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.0 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:

7
stunnel.spec
View File

@ -10,7 +10,7 @@
Summary: A TLS-encrypting socket wrapper Summary: A TLS-encrypting socket wrapper
Name: stunnel Name: stunnel
Version: 5.56 Version: 5.56
Release: 6%{?dist} Release: 7%{?dist}
License: GPLv2 License: GPLv2
URL: http://www.stunnel.org/ URL: http://www.stunnel.org/
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
@ -26,6 +26,7 @@ Patch1: stunnel-5.50-systemd-service.patch
Patch3: stunnel-5.56-system-ciphers.patch Patch3: stunnel-5.56-system-ciphers.patch
Patch4: stunnel-5.56-coverity.patch Patch4: stunnel-5.56-coverity.patch
Patch5: stunnel-5.56-default-tls-version.patch Patch5: stunnel-5.56-default-tls-version.patch
Patch6: stunnel-5.56-curves-doc-update.patch
# util-linux is needed for rename # util-linux is needed for rename
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl-devel, pkgconfig, util-linux BuildRequires: openssl-devel, pkgconfig, util-linux
@ -53,6 +54,7 @@ conjunction with imapd to create a TLS secure IMAP server.
%patch3 -p1 -b .system-ciphers %patch3 -p1 -b .system-ciphers
%patch4 -p1 -b .coverity %patch4 -p1 -b .coverity
%patch5 -p1 -b .default-tls-version %patch5 -p1 -b .default-tls-version
%patch6 -p1 -b .curves-doc-update
# Fix the configure script output for FIPS mode and stack protector flag # Fix the configure script output for FIPS mode and stack protector flag
sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure
@ -138,6 +140,9 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done)
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%changelog %changelog
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-7
- Updates documentation to specify that the option "curves" can be used in server mode only.
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6 * Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
- Fixes default tls version patch to handle default values from OpenSSL crypto policies - Fixes default tls version patch to handle default values from OpenSSL crypto policies