546328 – app-crypt/qca[ssl]: Add use flags to disable insecure protocols/ciphers

Bug 546328 - app-crypt/qca[ssl]: Add use flags to disable insecure protocols/ciphers

Summary: app-crypt/qca[ssl]: Add use flags to disable insecure protocols/ciphers

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement
Assignee:	Gentoo KDE team

URL:	http://quickgit.kde.org/?p=qca.git&a=...
Whiteboard:
Keywords:

Duplicates (1):	546326 (view as bug list)
Depends on:
Blocks:	510798
	Show dependency tree

Reported:	2015-04-12 08:40 UTC by Thomas Bettler
Modified:	2016-11-21 20:29 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
patch for ebuild (qca-ossl_2.0.0_beta3-r2.ebuild.patch,1.03 KB, patch) 2015-04-12 08:45 UTC, Thomas Bettler	Details \| Diff
qca-ossl-remove-ssl2.patch (qca-ossl-remove-ssl2.patch,2.08 KB, patch) 2015-04-12 08:46 UTC, Thomas Bettler	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Bettler 2015-04-12 08:40:58 UTC

I propose a patch for app-crypt/qca-ossl-2.0.0_beta3 to prepare for openssl phasing out SSL2 support.

Comment 1 Thomas Bettler 2015-04-12 08:45:18 UTC

Created attachment 401070 [details, diff]
patch for ebuild

Comment 2 Thomas Bettler 2015-04-12 08:46:26 UTC

Created attachment 401072 [details, diff]
qca-ossl-remove-ssl2.patch

Comment 3 Thomas Bettler 2015-04-12 08:54:18 UTC

*** Bug 546326 has been marked as a duplicate of this bug. ***

Comment 4 Thomas Bettler 2015-04-20 20:51:37 UTC

When we introduce any USE=ssl2 we may do so concurrently in all the relevant packages, see blocker #510798 therefore.

Comment 5 Michael Palimaka (kensington) gentoo-dev

2015-04-22 16:15:44 UTC

There is a commit upstream that looks like it would let us do openssl[ssl2=] if/when that flag's introduced. It's part of qca[openssl] which replaces qca-ossl.

Comment 6 Johannes Huber (RETIRED) gentoo-dev

2016-05-03 07:20:00 UTC

I wonder why this blocks 510798. Imho this should depend on it.

Comment 7 Michael Palimaka (kensington) gentoo-dev

2016-06-15 16:07:34 UTC

plugins/qca-ossl/qca-ossl.cpp now has:

#ifndef OPENSSL_NO_SSL2
                case TLS::SSL_v2:
                        ctx = SSL_CTX_new(SSLv2_client_method());
                        break;
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
                case TLS::SSL_v3:
                        ctx = SSL_CTX_new(SSLv3_client_method());
                        break;
#endif

should we now add sslv2 and sslv3 USE flags to qca with the appropriate USE dep on openssl?

Comment 8 Thomas Bettler 2016-11-21 20:29:58 UTC

@kensington: Thanks for your hint. Use flags are no longer needed.