From c6b3066007cc8447d3a09c904297b5c8e265876c Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 4 Nov 2019 12:13:29 +0100
Subject: v2.10.5 (from Fedora)

---
 ...hbase-0001-enforce-system-crypto-policies.patch | 32 ++++++++++++----------
 1 file changed, 18 insertions(+), 14 deletions(-)

(limited to 'libcouchbase-0001-enforce-system-crypto-policies.patch')

diff --git a/libcouchbase-0001-enforce-system-crypto-policies.patch b/libcouchbase-0001-enforce-system-crypto-policies.patch
index 4c42bc1..1cb4bd1 100644
--- a/libcouchbase-0001-enforce-system-crypto-policies.patch
+++ b/libcouchbase-0001-enforce-system-crypto-policies.patch
@@ -1,26 +1,30 @@
-From f670b34632e994661e252f5f163023f71b2741fb Mon Sep 17 00:00:00 2001
+From f056a86227675d6f653036de56e79b4b7f37db32 Mon Sep 17 00:00:00 2001
 From: Sergey Avseyev <sergey.avseyev@gmail.com>
-Date: Fri, 23 Feb 2018 19:02:53 +0300
+Date: Fri, 1 Nov 2019 17:33:22 +0300
 Subject: [PATCH] Enforce system crypto policies
 
+Change-Id: I89ac30526455ce7e51a584daa354001b3f3dd7a9
 ---
- src/ssl/ssl_common.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
+ src/ssl/ssl_common.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
 
 diff --git a/src/ssl/ssl_common.c b/src/ssl/ssl_common.c
-index 914b6f31..4b11ad04 100644
+index c223114f..95170d33 100644
 --- a/src/ssl/ssl_common.c
 +++ b/src/ssl/ssl_common.c
-@@ -278,8 +278,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
-         goto GT_ERR;
+@@ -287,11 +287,7 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
+     lcb_error_t err_s;
+     lcbio_pSSLCTX ret;
  
-     }
--    SSL_CTX_set_cipher_list(ret->ctx, "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5");
--//    SSL_CTX_set_cipher_list(ret->ctx, "!NULL");
-+    SSL_CTX_set_cipher_list(ret->ctx, "PROFILE=SYSTEM");
+-    static const char *default_ssl_cipher_list =
+-        "DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-"
+-        "CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:SEED-SHA:RC2-CBC-"
+-        "MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-"
+-        "CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5";
++    static const char *default_ssl_cipher_list = "PROFILE=SYSTEM";
  
-     if (cafile || tsfile) {
-         lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Load verify locations from \"%s\"", tsfile ? tsfile : cafile);
+     const char* cipher_list = getenv("LCB_SSL_CIPHER_LIST");
+ #if HAVE_CIPERSUITES
 -- 
-2.19.2
+2.21.0
 
-- 
cgit