git.ipfire.org Git - thirdparty/cups.git/commit

]> git.ipfire.org Git - thirdparty/cups.git/commit - cups/tls-sspi.c

projects / thirdparty / cups.git / commit

author	Michael Sweet <michael.r.sweet@gmail.com>
	Fri, 20 Oct 2017 02:44:12 +0000 (22:44 -0400)
committer	Michael Sweet <michael.r.sweet@gmail.com>
	Fri, 20 Oct 2017 02:44:12 +0000 (22:44 -0400)
commit	02c88e673ea6d700e52fa89ee83aabae905370a8
tree	a2b54e1ce5d98ba107e730e634dda0b26e38e23c	tree \| snapshot
parent	0ae5b012b2f5f37bee24044180beae7ed663182e	commit \| diff

Fix cipher suite selection with GNU TLS (Issue #5145)

Also make sure that client.conf SSLOptions do not override cupsd.conf
SSLOptions, and document the (hopefully obvious) fact that Allow* is less
secure and Deny* is more secure.

- cups/http-private.h: Add "_HTTP_TLS_SET_DEFAULT" flag for options set from
client.conf.
- cups/tls-*.c: Use new flag.
- cups/tls-gnutls.c: Fix CBC cipher suite exclusion logic, and always disable
anonymous DH.
- cups/usersys.c: Pass new flag when calling _httpTLSSetOptions.
- man/*: Update documentation.

CHANGES.md		diff \| blob \| blame \| history
cups/http-private.h		diff \| blob \| blame \| history
cups/tls-darwin.c		diff \| blob \| blame \| history
cups/tls-gnutls.c		diff \| blob \| blame \| history
cups/tls-sspi.c		diff \| blob \| blame \| history
cups/usersys.c		diff \| blob \| blame \| history
man/client.conf.man.in		diff \| blob \| blame \| history
man/cupsd.conf.man.in		diff \| blob \| blame \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom