]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commitdiff
pound: Allow to use legacy renegotiation. pound-legacy-renegotiation
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 16 May 2014 15:13:19 +0000 (17:13 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 16 May 2014 15:13:19 +0000 (17:13 +0200)
lfs/pound
src/patches/pound-2.7-legacy-regnegotiation.patch [new file with mode: 0644]

index 20e807d18707c2d472574046b55d74fb99b4123e..3635bff0f0f33caf65d2e77a48786daa0db4ec12 100644 (file)
--- a/lfs/pound
+++ b/lfs/pound
@@ -77,6 +77,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/pound-2.7-legacy-regnegotiation.patch
        cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
diff --git a/src/patches/pound-2.7-legacy-regnegotiation.patch b/src/patches/pound-2.7-legacy-regnegotiation.patch
new file mode 100644 (file)
index 0000000..eb1d772
--- /dev/null
@@ -0,0 +1,25 @@
+diff -Nur Pound-2.7c-vanilla/config.c Pound-2.7c/config.c
+--- Pound-2.7c-vanilla/config.c        2014-04-21 13:16:08.000000000 +0200
++++ Pound-2.7c/config.c        2014-05-16 12:57:33.273583192 +0200
+@@ -345,8 +345,10 @@
+ #ifdef  SSL_OP_NO_COMPRESSION
+             SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);
+ #endif
++#if 0
+             SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+             SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
++#endif
+             sprintf(lin, "%d-Pound-%ld", getpid(), random());
+             SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
+             SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);
+@@ -368,8 +370,10 @@
+ #ifdef  SSL_OP_NO_COMPRESSION
+             SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);
+ #endif
++#if 0
+             SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+             SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
++#endif
+             sprintf(lin, "%d-Pound-%ld", getpid(), random());
+             SSL_CTX_set_session_id_context(res->ctx, (unsigned char *)lin, strlen(lin));
+             SSL_CTX_set_tmp_rsa_callback(res->ctx, RSA_tmp_callback);