added appropriate values to ssl_ciphers (dh and ecdh patches)

This commit is contained in:
Jiri Skala 2014-09-16 09:59:31 +02:00
parent 9f484c9266
commit cf84d93545
3 changed files with 33 additions and 25 deletions

View File

@ -1,6 +1,6 @@
diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c
--- vsftpd-3.0.2/parseconf.c.dh 2014-06-04 09:54:43.364747051 +0200
+++ vsftpd-3.0.2/parseconf.c 2014-06-04 09:54:43.368747052 +0200
--- vsftpd-3.0.2/parseconf.c.dh 2014-09-15 15:07:43.719909056 +0200
+++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:07:43.724909061 +0200
@@ -176,6 +176,7 @@ parseconf_str_array[] =
{ "email_password_file", &tunable_email_password_file },
{ "rsa_cert_file", &tunable_rsa_cert_file },
@ -11,7 +11,7 @@ diff -up vsftpd-3.0.2/parseconf.c.dh vsftpd-3.0.2/parseconf.c
{ "dsa_private_key_file", &tunable_dsa_private_key_file },
diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c
--- vsftpd-3.0.2/ssl.c.dh 2012-04-03 02:23:42.000000000 +0200
+++ vsftpd-3.0.2/ssl.c 2014-06-04 09:55:59.443770325 +0200
+++ vsftpd-3.0.2/ssl.c 2014-09-15 15:07:43.725909062 +0200
@@ -28,6 +28,8 @@
#include <openssl/err.h>
#include <openssl/rand.h>
@ -155,8 +155,8 @@ diff -up vsftpd-3.0.2/ssl.c.dh vsftpd-3.0.2/ssl.c
ssl_add_entropy(struct vsf_session* p_sess)
{
diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c
--- vsftpd-3.0.2/tunables.c.dh 2014-06-04 09:54:43.364747051 +0200
+++ vsftpd-3.0.2/tunables.c 2014-06-04 09:54:43.369747052 +0200
--- vsftpd-3.0.2/tunables.c.dh 2014-09-15 15:07:43.720909057 +0200
+++ vsftpd-3.0.2/tunables.c 2014-09-15 15:12:46.516209941 +0200
@@ -140,6 +140,7 @@ const char* tunable_user_sub_token;
const char* tunable_email_password_file;
const char* tunable_rsa_cert_file;
@ -165,17 +165,20 @@ diff -up vsftpd-3.0.2/tunables.c.dh vsftpd-3.0.2/tunables.c
const char* tunable_ssl_ciphers;
const char* tunable_rsa_private_key_file;
const char* tunable_dsa_private_key_file;
@@ -288,6 +289,7 @@ tunables_load_defaults()
@@ -288,7 +289,9 @@ tunables_load_defaults()
install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
&tunable_rsa_cert_file);
install_str_setting(0, &tunable_dsa_cert_file);
- install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
+ install_str_setting(0, &tunable_dh_param_file);
install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
+ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA",
+ &tunable_ssl_ciphers);
install_str_setting(0, &tunable_rsa_private_key_file);
install_str_setting(0, &tunable_dsa_private_key_file);
install_str_setting(0, &tunable_ca_certs_file);
diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h
--- vsftpd-3.0.2/tunables.h.dh 2014-06-04 09:54:43.364747051 +0200
+++ vsftpd-3.0.2/tunables.h 2014-06-04 09:54:43.369747052 +0200
--- vsftpd-3.0.2/tunables.h.dh 2014-09-15 15:07:43.720909057 +0200
+++ vsftpd-3.0.2/tunables.h 2014-09-15 15:07:43.725909062 +0200
@@ -142,6 +142,7 @@ extern const char* tunable_user_sub_toke
extern const char* tunable_email_password_file;
extern const char* tunable_rsa_cert_file;
@ -185,8 +188,8 @@ diff -up vsftpd-3.0.2/tunables.h.dh vsftpd-3.0.2/tunables.h
extern const char* tunable_rsa_private_key_file;
extern const char* tunable_dsa_private_key_file;
diff -up vsftpd-3.0.2/vsftpd.conf.5.dh vsftpd-3.0.2/vsftpd.conf.5
--- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-06-04 09:54:43.364747051 +0200
+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-04 09:54:43.369747052 +0200
--- vsftpd-3.0.2/vsftpd.conf.5.dh 2014-09-15 15:07:43.720909057 +0200
+++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:07:43.725909062 +0200
@@ -893,6 +893,12 @@ to be in the same file as the certificat
Default: (none)

View File

@ -1,6 +1,6 @@
diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c
--- vsftpd-3.0.2/parseconf.c.ecdh 2014-06-04 09:56:56.358788746 +0200
+++ vsftpd-3.0.2/parseconf.c 2014-06-04 09:56:56.360788747 +0200
--- vsftpd-3.0.2/parseconf.c.ecdh 2014-09-15 15:49:48.801315298 +0200
+++ vsftpd-3.0.2/parseconf.c 2014-09-15 15:49:48.804315301 +0200
@@ -177,6 +177,7 @@ parseconf_str_array[] =
{ "rsa_cert_file", &tunable_rsa_cert_file },
{ "dsa_cert_file", &tunable_dsa_cert_file },
@ -10,8 +10,8 @@ diff -up vsftpd-3.0.2/parseconf.c.ecdh vsftpd-3.0.2/parseconf.c
{ "rsa_private_key_file", &tunable_rsa_private_key_file },
{ "dsa_private_key_file", &tunable_dsa_private_key_file },
diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c
--- vsftpd-3.0.2/ssl.c.ecdh 2014-06-04 09:56:56.358788746 +0200
+++ vsftpd-3.0.2/ssl.c 2014-06-04 09:56:56.360788747 +0200
--- vsftpd-3.0.2/ssl.c.ecdh 2014-09-15 15:49:48.802315299 +0200
+++ vsftpd-3.0.2/ssl.c 2014-09-15 15:49:48.804315301 +0200
@@ -122,7 +122,7 @@ ssl_init(struct vsf_session* p_sess)
{
die("SSL: could not allocate SSL context");
@ -64,8 +64,8 @@ diff -up vsftpd-3.0.2/ssl.c.ecdh vsftpd-3.0.2/ssl.c
ssl_inited = 1;
}
diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c
--- vsftpd-3.0.2/tunables.c.ecdh 2014-06-04 09:56:56.358788746 +0200
+++ vsftpd-3.0.2/tunables.c 2014-06-04 09:56:56.361788747 +0200
--- vsftpd-3.0.2/tunables.c.ecdh 2014-09-15 15:49:48.802315299 +0200
+++ vsftpd-3.0.2/tunables.c 2014-09-15 15:51:13.176386035 +0200
@@ -141,6 +141,7 @@ const char* tunable_email_password_file;
const char* tunable_rsa_cert_file;
const char* tunable_dsa_cert_file;
@ -74,17 +74,19 @@ diff -up vsftpd-3.0.2/tunables.c.ecdh vsftpd-3.0.2/tunables.c
const char* tunable_ssl_ciphers;
const char* tunable_rsa_private_key_file;
const char* tunable_dsa_private_key_file;
@@ -290,6 +291,7 @@ tunables_load_defaults()
@@ -290,7 +291,8 @@ tunables_load_defaults()
&tunable_rsa_cert_file);
install_str_setting(0, &tunable_dsa_cert_file);
install_str_setting(0, &tunable_dh_param_file);
- install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA",
+ install_str_setting(0, &tunable_ecdh_param_file);
install_str_setting("AES128-SHA:DES-CBC3-SHA", &tunable_ssl_ciphers);
+ install_str_setting("AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA",
&tunable_ssl_ciphers);
install_str_setting(0, &tunable_rsa_private_key_file);
install_str_setting(0, &tunable_dsa_private_key_file);
diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h
--- vsftpd-3.0.2/tunables.h.ecdh 2014-06-04 09:56:56.359788746 +0200
+++ vsftpd-3.0.2/tunables.h 2014-06-04 09:56:56.361788747 +0200
--- vsftpd-3.0.2/tunables.h.ecdh 2014-09-15 15:49:48.802315299 +0200
+++ vsftpd-3.0.2/tunables.h 2014-09-15 15:49:48.804315301 +0200
@@ -143,6 +143,7 @@ extern const char* tunable_email_passwor
extern const char* tunable_rsa_cert_file;
extern const char* tunable_dsa_cert_file;
@ -94,9 +96,9 @@ diff -up vsftpd-3.0.2/tunables.h.ecdh vsftpd-3.0.2/tunables.h
extern const char* tunable_rsa_private_key_file;
extern const char* tunable_dsa_private_key_file;
diff -up vsftpd-3.0.2/vsftpd.conf.5.ecdh vsftpd-3.0.2/vsftpd.conf.5
--- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-06-04 09:56:56.359788746 +0200
+++ vsftpd-3.0.2/vsftpd.conf.5 2014-06-04 09:56:56.361788747 +0200
@@ -899,6 +899,14 @@ ephemeral Diffie-Hellman key exchange in
--- vsftpd-3.0.2/vsftpd.conf.5.ecdh 2014-09-15 15:49:48.802315299 +0200
+++ vsftpd-3.0.2/vsftpd.conf.5 2014-09-15 15:49:48.806315302 +0200
@@ -899,6 +915,14 @@ ephemeral Diffie-Hellman key exchange in
Default: (none - use built in parameters appropriate for certificate key size)
.TP

View File

@ -3,7 +3,7 @@
Name: vsftpd
Version: 3.0.2
Release: 12%{?dist}
Release: 13%{?dist}
Summary: Very Secure Ftp Daemon
Group: System Environment/Daemons
@ -167,6 +167,9 @@ rm -rf $RPM_BUILD_ROOT
%{_var}/ftp
%changelog
* Tue Sep 16 2014 Jiri Skala <jskala@redhat.com> - 3.0.2-13
- added appropriate values to ssl_ciphers (dh and ecdh patches)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild