summaryrefslogtreecommitdiffstats
path: root/libcouchbase-0001-enforce-system-crypto-policies.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libcouchbase-0001-enforce-system-crypto-policies.patch')
-rw-r--r--libcouchbase-0001-enforce-system-crypto-policies.patch32
1 files changed, 18 insertions, 14 deletions
diff --git a/libcouchbase-0001-enforce-system-crypto-policies.patch b/libcouchbase-0001-enforce-system-crypto-policies.patch
index 4c42bc1..1cb4bd1 100644
--- a/libcouchbase-0001-enforce-system-crypto-policies.patch
+++ b/libcouchbase-0001-enforce-system-crypto-policies.patch
@@ -1,26 +1,30 @@
-From f670b34632e994661e252f5f163023f71b2741fb Mon Sep 17 00:00:00 2001
+From f056a86227675d6f653036de56e79b4b7f37db32 Mon Sep 17 00:00:00 2001
From: Sergey Avseyev <sergey.avseyev@gmail.com>
-Date: Fri, 23 Feb 2018 19:02:53 +0300
+Date: Fri, 1 Nov 2019 17:33:22 +0300
Subject: [PATCH] Enforce system crypto policies
+Change-Id: I89ac30526455ce7e51a584daa354001b3f3dd7a9
---
- src/ssl/ssl_common.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
+ src/ssl/ssl_common.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/ssl/ssl_common.c b/src/ssl/ssl_common.c
-index 914b6f31..4b11ad04 100644
+index c223114f..95170d33 100644
--- a/src/ssl/ssl_common.c
+++ b/src/ssl/ssl_common.c
-@@ -278,8 +278,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
- goto GT_ERR;
+@@ -287,11 +287,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
+ lcb_error_t err_s;
+ lcbio_pSSLCTX ret;
- }
-- SSL_CTX_set_cipher_list(ret->ctx, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5");
--// SSL_CTX_set_cipher_list(ret->ctx, "!NULL");
-+ SSL_CTX_set_cipher_list(ret->ctx, "PROFILE=SYSTEM");
+- static const char *default_ssl_cipher_list =
+- "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-"
+- "CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-"
+- "MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-"
+- "CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5";
++ static const char *default_ssl_cipher_list = "PROFILE=SYSTEM";
- if (cafile || tsfile) {
- lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Load verify locations from \"%s\"", tsfile ? tsfile : cafile);
+ const char* cipher_list = getenv("LCB_SSL_CIPHER_LIST");
+ #if HAVE_CIPERSUITES
--
-2.19.2
+2.21.0
generated by cgit (git 2.34.1) at 2024-04-25 16:10:05 +0000