packages: libsoup/libsoup-gnutls-TLS1.2.patch (NEW) - fix for https://bugzi...
pawelz
pawelz at pld-linux.org
Wed Aug 25 12:17:53 CEST 2010
Author: pawelz Date: Wed Aug 25 10:17:53 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- fix for https://bugzilla.gnome.org/show_bug.cgi?id=622857 backported from
libsoup git
---- Files affected:
packages/libsoup:
libsoup-gnutls-TLS1.2.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/libsoup/libsoup-gnutls-TLS1.2.patch
diff -u /dev/null packages/libsoup/libsoup-gnutls-TLS1.2.patch:1.1
--- /dev/null Wed Aug 25 12:17:53 2010
+++ packages/libsoup/libsoup-gnutls-TLS1.2.patch Wed Aug 25 12:17:47 2010
@@ -0,0 +1,24 @@
+author Dan Winship <danw at gnome.org> 2010-06-29 13:43:20 (GMT)
+
+ Disable TLS 1.2 in addition to 1.0 and 1.1 Due to bug 581342 we want to
+ only negotiate SSL 3.0. Previously we were telling gnutls to not do TLS1.0
+ or TLS1.1, but that means with newer versions of gnutls that support
+ TLS1.2 it would try to negotiate that instead and generally fail. Fix that
+ by disabling TLS1.2 too (which works fine even with gnutls versions that
+ don't support TLS1.2 yet).
+
+ https://bugzilla.gnome.org/show_bug.cgi?id=622857
+
+diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
+index cb0fbe5..0b57f28 100644
+--- a/libsoup/soup-gnutls.c
++++ b/libsoup/soup-gnutls.c
+@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
+ goto THROW_CREATE_ERROR;
+
+ /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
+- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
++ if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
+ goto THROW_CREATE_ERROR;
+
+ if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,
================================================================
More information about the pld-cvs-commit
mailing list