diff options
author | Remi Collet <remi@remirepo.net> | 2017-11-02 10:22:47 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2017-11-02 10:22:47 +0100 |
commit | df791cd2eab7a1434db8866349d054c7e48c9471 (patch) | |
tree | 7d24e58288dd1adbfdd7079467ca59518c665800 /0001-enforce-system-crypto-policies.patch | |
parent | 03fdbccea671a7c775430cb6f783922410513aca (diff) |
update to 2.8.2
pull patches and other changes from Fedora
add libuv backend
move backends in optional sub-packages
enable upstream test suite on F25+
disable dtrace
Diffstat (limited to '0001-enforce-system-crypto-policies.patch')
-rw-r--r-- | 0001-enforce-system-crypto-policies.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/0001-enforce-system-crypto-policies.patch b/0001-enforce-system-crypto-policies.patch new file mode 100644 index 0000000..32a5833 --- /dev/null +++ b/0001-enforce-system-crypto-policies.patch @@ -0,0 +1,26 @@ +From bc5b9aecd78fe638f50dbe104fc83a67d87c0615 Mon Sep 17 00:00:00 2001 +From: Sergey Avseyev <sergey.avseyev@gmail.com> +Date: Tue, 26 Sep 2017 19:26:02 +0300 +Subject: [PATCH] Enforce system crypto policies + +--- + src/ssl/ssl_common.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/ssl/ssl_common.c b/src/ssl/ssl_common.c +index b752b5d2..8a615cfd 100644 +--- a/src/ssl/ssl_common.c ++++ b/src/ssl/ssl_common.c +@@ -277,8 +277,7 @@ lcbio_ssl_new(const char *cafile, int noverify, lcb_error_t *errp, + goto GT_ERR; + + } +- SSL_CTX_set_cipher_list(ret->ctx, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5"); +-// SSL_CTX_set_cipher_list(ret->ctx, "!NULL"); ++ SSL_CTX_set_cipher_list(ret->ctx, "PROFILE=SYSTEM"); + + if (cafile) { + if (!SSL_CTX_load_verify_locations(ret->ctx, cafile, NULL)) { +-- +2.13.5 + |