From: Michael R Sweet Date: Tue, 5 Feb 2019 18:03:22 +0000 (-0500) Subject: Fix a GNU TLS certificate problem (Issue #5506) X-Git-Tag: v2.3b8~119 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e625fa13200089ccca1a48a94deb8b00f4ed8591;p=thirdparty%2Fcups.git Fix a GNU TLS certificate problem (Issue #5506) --- diff --git a/CHANGES.md b/CHANGES.md index 5f72f68eac..64784e7fbc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -9,6 +9,8 @@ Changes in CUPS v2.3b8 - Fixed a performance regression with large PPDs (rdar://47040759) - The `ippValidateAttribute` function did not catch all instances of invalid UTF-8 strings (Issue #5509) +- Fixed an issue with the self-signed certificates generated by GNU TLS + (Issue #5506) - Fixed a potential memory leak when reading at the end of a file (Issue #5473) - Fixed potential unaligned accesses in the string pool (Issue #5474) - Fixed a potential memory leak when loading a PPD file (Issue #5475) diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index 05ec8ec7f1..8e45db27b7 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -1,7 +1,7 @@ /* * TLS support code for CUPS using GNU TLS. * - * Copyright © 2007-2018 by Apple Inc. + * Copyright © 2007-2019 by Apple Inc. * Copyright © 1997-2007 by Easy Software Products, all rights reserved. * * Licensed under Apache License v2.0. See the file "LICENSE" for more @@ -171,7 +171,7 @@ cupsMakeServerCredentials( if (num_alt_names > 0) gnutls_x509_crt_set_subject_alternative_name(crt, GNUTLS_SAN_DNSNAME, alt_names[0]); gnutls_x509_crt_set_key_purpose_oid(crt, GNUTLS_KP_TLS_WWW_SERVER, 0); - gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_KEY_ENCIPHERMENT); + gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT); gnutls_x509_crt_set_version(crt, 3); bytes = sizeof(buffer);