From f794504ec68fefda0f74c00c777700089cd2f42b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 11 Feb 2018 11:20:01 +0000 Subject: [PATCH] dma: Don't only use TLSv1 Signed-off-by: Michael Tremer --- lfs/dma | 1 + src/patches/dma-0.10-better-tls.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 src/patches/dma-0.10-better-tls.patch diff --git a/lfs/dma b/lfs/dma index fc49122d02..5079671584 100644 --- a/lfs/dma +++ b/lfs/dma @@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) mkdir -pv /var/ipfire/dma touch /var/ipfire/dma/mail.conf cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dma-0.10-better-authentication.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dma-0.10-better-tls.patch cd $(DIR_APP) && sed -i '/PREFIX/s/usr\/local/usr/g' Makefile cd $(DIR_APP) && sed -i '/CONFDIR/s/etc\/dma/var\/ipfire\/dma/g' Makefile cd $(DIR_APP) && make diff --git a/src/patches/dma-0.10-better-tls.patch b/src/patches/dma-0.10-better-tls.patch new file mode 100644 index 0000000000..8f60fdd043 --- /dev/null +++ b/src/patches/dma-0.10-better-tls.patch @@ -0,0 +1,26 @@ +commit e94f50bbbe7318eec5b6b165ff73d94bbc9d20b0 +Author: Michael Tremer +Date: Sun Feb 11 11:05:43 2018 +0000 + + crypto: Don't limit to TLSv1 only + + Signed-off-by: Michael Tremer + +diff --git a/crypto.c b/crypto.c +index 897b55bfdcfc..440c882880b5 100644 +--- a/crypto.c ++++ b/crypto.c +@@ -93,7 +93,12 @@ smtp_init_crypto(int fd, int feature) + SSL_library_init(); + SSL_load_error_strings(); + +- meth = TLSv1_client_method(); ++ // Allow any possible version ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ meth = TLS_client_method(); ++#else ++ meth = SSLv23_client_method(); ++#endif + + ctx = SSL_CTX_new(meth); + if (ctx == NULL) { -- 2.39.2