/[smeserver]/rpms/qpsmtpd/sme10/qpsmtpd-0.95-allow_tls_proto_from_conf.patch
ViewVC logotype

Annotation of /rpms/qpsmtpd/sme10/qpsmtpd-0.95-allow_tls_proto_from_conf.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat Apr 16 11:27:04 2016 UTC (8 years, 6 months ago) by vip-ire
Branch: MAIN
CVS Tags: qpsmtpd-0_96-19_el7_sme, qpsmtpd-0_96-12_el7_sme, qpsmtpd-0_96-11_el7_sme, qpsmtpd-0_96-16_el7_sme, qpsmtpd-0_96-13_el7_sme, qpsmtpd-0_96-6_el7_sme, qpsmtpd-0_96-18_el7_sme, qpsmtpd-0_96-23_el7_sme, qpsmtpd-0_96-20_el7_sme, qpsmtpd-0_96-17_el7_sme, qpsmtpd-0_96-8_el7_sme, qpsmtpd-0_96-5_el7_sme, qpsmtpd-0_96-2_el7_sme, qpsmtpd-0_96-21_el7_sme, qpsmtpd-0_96-22_el7_sme, qpsmtpd-0_96-14_el7_sme, qpsmtpd-0_96-15_el7_sme, qpsmtpd-0_96-9_el7_sme, qpsmtpd-0_96-4_el7_sme, qpsmtpd-0_96-1_el7_sme, qpsmtpd-0_96-3_el7_sme, qpsmtpd-0_96-10_el7_sme, HEAD
Update to 0.96

1 vip-ire 1.1 diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
2     --- qpsmtpd-0.95/plugins/tls 2016-01-07 19:14:45.099736554 +0100
3     +++ mezzanine_patched_qpsmtpd-0.95/plugins/tls 2016-01-07 19:14:30.152736181 +0100
4     @@ -62,6 +62,14 @@
5     and put a suitable string in config/tls_ciphers (e.g. "DEFAULT" or
6     "HIGH:MEDIUM")
7    
8     +=head1 SSL/TLS protocols versions
9     +
10     +By default, SSLv2 and SSLv3 are not accepted, leaving only TLSv1,
11     +TLSv1.1 or TLSv1.2 enabled. You can customize this in config/tls_protocols
12     +For example, this will also disabled TLSv1, leaving only TLSv1.1 and TLSv1.2
13     +
14     +SSLv23:!SSLv2:!SSLv3:!TLSv1
15     +
16     =cut
17    
18     use strict;
19     @@ -94,6 +102,7 @@
20     $self->tls_ca($ca);
21     $self->tls_dhparam($dhparam);
22     $self->tls_ciphers($self->qp->config('tls_ciphers') || 'HIGH');
23     + $self->tls_protocols($self->qp->config('tls_protocols') || 'SSLv23:!SSLv2:!SSLv3');
24    
25     $self->log(LOGDEBUG, "ciphers: " . $self->tls_ciphers);
26    
27     @@ -102,7 +111,7 @@
28     IO::Socket::SSL::SSL_Context->new(
29     # Disable SSLv2 and SSLv3 to avoid POODLE attacks. This is already
30     # the default in sufficiently recent versions of IO::Socket::SSL
31     - SSL_version => 'SSLv23:!SSLv3:!SSLv2',
32     + SSL_version => $self->tls_protocols,
33     SSL_use_cert => 1,
34     SSL_cert_file => $self->tls_cert,
35     SSL_key_file => $self->tls_key,
36     @@ -226,6 +235,7 @@
37     my $tlssocket =
38     IO::Socket::SSL->new_from_fd(
39     fileno(STDIN), '+>',
40     + SSL_version => $self->tls_protocols,
41     SSL_use_cert => 1,
42     SSL_cert_file => $self->tls_cert,
43     SSL_key_file => $self->tls_key,
44     @@ -286,6 +296,12 @@
45     $self->{_tls_ciphers};
46     }
47    
48     +sub tls_protocols {
49     + my $self = shift;
50     + @_ and $self->{_tls_protocols} = shift;
51     + $self->{_tls_protocols};
52     +}
53     +
54     sub ssl_context {
55     my $self = shift;
56     @_ and $self->{_ssl_ctx} = shift;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed