dma: Don't only use TLSv1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/dma b/lfs/dma
index fc49122d026e0ae639ef4dae0403d68349feccc1..50796715844f8a3ba7fba730bb7a43190ced92ca 100644 (file)
--- a/lfs/dma
+++ b/lfs/dma
@@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        mkdir -pv /var/ipfire/dma
        touch /var/ipfire/dma/mail.conf
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dma-0.10-better-authentication.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dma-0.10-better-tls.patch
        cd $(DIR_APP) && sed -i '/PREFIX/s/usr\/local/usr/g' Makefile
        cd $(DIR_APP) && sed -i '/CONFDIR/s/etc\/dma/var\/ipfire\/dma/g' Makefile
        cd $(DIR_APP) && make

diff --git a/src/patches/dma-0.10-better-tls.patch b/src/patches/dma-0.10-better-tls.patch
new file mode 100644 (file)
index 0000000..8f60fdd
--- /dev/null
+++ b/src/patches/dma-0.10-better-tls.patch
@@ -0,0 +1,26 @@
+commit e94f50bbbe7318eec5b6b165ff73d94bbc9d20b0
+Author: Michael Tremer <michael.tremer@ipfire.org>
+Date:   Sun Feb 11 11:05:43 2018 +0000
+
+    crypto: Don't limit to TLSv1 only
+    
+    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+
+diff --git a/crypto.c b/crypto.c
+index 897b55bfdcfc..440c882880b5 100644
+--- a/crypto.c
++++ b/crypto.c
+@@ -93,7 +93,12 @@ smtp_init_crypto(int fd, int feature)
+       SSL_library_init();
+       SSL_load_error_strings();
+ 
+-      meth = TLSv1_client_method();
++      // Allow any possible version
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++      meth = TLS_client_method();
++#else
++      meth = SSLv23_client_method();
++#endif
+ 
+       ctx = SSL_CTX_new(meth);
+       if (ctx == NULL) {