Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 152153 | Differences between
and this patch

Collapse All | Expand All

(-)file_not_specified_in_diff (-62 / +98 lines)
Line  Link Here
0
-- kio/kssl/kssl.cc
0
++ kio/kssl/kssl.cc
Lines 129-135 Link Here
129
		return false;
129
		return false;
130
130
131
	if (m_bAutoReconfig)
131
	if (m_bAutoReconfig)
132
	m_cfg->load();
132
		m_cfg->load();
133
133
134
	if (!m_cfg->tlsv1())
134
	if (!m_cfg->tlsv1())
135
		return false;
135
		return false;
Lines 138-143 Link Here
138
	d->m_meth = d->kossl->TLSv1_client_method();
138
	d->m_meth = d->kossl->TLSv1_client_method();
139
	d->lastInitTLS = true;
139
	d->lastInitTLS = true;
140
140
141
	m_pi.reset();
142
141
	d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth);
143
	d->m_ctx = d->kossl->SSL_CTX_new(d->m_meth);
142
	if (d->m_ctx == 0L) {
144
	if (d->m_ctx == 0L) {
143
		return false;
145
		return false;
Lines 172-180 Link Here
172
174
173
	m_pi.reset();
175
	m_pi.reset();
174
176
175
	if (m_cfg->sslv2() && !m_cfg->sslv3())
177
	if (!m_cfg->tlsv1() && !m_cfg->sslv3() && m_cfg->sslv2())
176
		d->m_meth = d->kossl->SSLv2_client_method();
178
		d->m_meth = d->kossl->SSLv2_client_method();
177
	else if (m_cfg->sslv3() && !m_cfg->sslv2())
179
        else if (m_cfg->tlsv1() && !m_cfg->sslv3() && !m_cfg->sslv2())
180
		d->m_meth = d->kossl->TLSv1_client_method();
181
	else if (!m_cfg->tlsv1() && m_cfg->sslv3() && !m_cfg->sslv2())
178
		d->m_meth = d->kossl->SSLv3_client_method();
182
		d->m_meth = d->kossl->SSLv3_client_method();
179
	else d->m_meth = d->kossl->SSLv23_client_method();
183
	else d->m_meth = d->kossl->SSLv23_client_method();
180
184
Lines 304-313 Link Here
304
	}
308
	}
305
*/
309
*/
306
310
307
	if (!d->lastInitTLS)
311
	int off = SSL_OP_ALL;
308
		d->kossl->SSL_set_options(d->m_ssl, SSL_OP_NO_TLSv1);
312
	if (!d->lastInitTLS && !m_cfg->tlsv1())
313
		off |= SSL_OP_NO_TLSv1;
314
	if (!m_cfg->sslv3())
315
		off |= SSL_OP_NO_SSLv3;
316
	if (!m_cfg->sslv2())
317
		off |= SSL_OP_NO_SSLv2;
309
318
310
	d->kossl->SSL_set_options(d->m_ssl, SSL_OP_ALL);
319
	d->kossl->SSL_set_options(d->m_ssl, off);
311
320
312
	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
321
	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
313
	if (rc == 0) {
322
	if (rc == 0) {
Lines 390-399 Link Here
390
	}
399
	}
391
*/
400
*/
392
401
393
	if (!d->lastInitTLS)
402
	int off = SSL_OP_ALL;
394
		d->kossl->SSL_set_options(d->m_ssl, SSL_OP_NO_TLSv1);
403
	if (!d->lastInitTLS && !m_cfg->tlsv1())
404
		off |= SSL_OP_NO_TLSv1;
405
	if (!m_cfg->sslv3())
406
		off |= SSL_OP_NO_SSLv3;
407
	if (!m_cfg->sslv2())
408
		off |= SSL_OP_NO_SSLv2;
395
409
396
	d->kossl->SSL_set_options(d->m_ssl, SSL_OP_ALL);
410
	d->kossl->SSL_set_options(d->m_ssl, off);
397
411
398
	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
412
	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
399
	if (rc == 0) {
413
	if (rc == 0) {
Lines 499-504 Link Here
499
		if (err != SSL_ERROR_NONE &&
513
		if (err != SSL_ERROR_NONE &&
500
		    err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) {
514
		    err != SSL_ERROR_ZERO_RETURN && err != SSL_ERROR_SYSCALL) {
501
			rc = -1;      // OpenSSL returns 0 on error too
515
			rc = -1;      // OpenSSL returns 0 on error too
516
			d->kossl->ERR_print_errors_fp(stderr);
502
		}
517
		}
503
518
504
//		else if (err == SSL_ERROR_ZERO_RETURN)
519
//		else if (err == SSL_ERROR_ZERO_RETURN)
505
-- kio/kssl/kopenssl.h
520
++ kio/kssl/kopenssl.h
Lines 882-887 Link Here
882
   /* Set the subject */
882
   /* Set the subject */
883
   int X509_REQ_set_subject_name(X509_REQ*,X509_NAME*);
883
   int X509_REQ_set_subject_name(X509_REQ*,X509_NAME*);
884
884
885
   /* get list of available SSL_CIPHER's sorted by preference */
886
   STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl);
887
885
#endif
888
#endif
886
889
887
private:
890
private:
888
-- kio/kssl/ksslsettings.cc
891
++ kio/kssl/ksslsettings.cc
Lines 179-188 Link Here
179
  }
179
  }
180
180
181
  // Remove any ADH ciphers as per RFC2246
181
  // Remove any ADH ciphers as per RFC2246
182
  // Also remove NULL ciphers and 168bit ciphers
182
  for (unsigned int i = 0; i < cipherSort.count(); i++) {
183
  for (unsigned int i = 0; i < cipherSort.count(); i++) {
183
    CipherNode *j = 0L;
184
    CipherNode *j = 0L;
184
    while ((j = cipherSort.at(i)) != 0L) {
185
    while ((j = cipherSort.at(i)) != 0L) {
185
      if (j->name.contains("ADH-")) {
186
      if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) {
186
        cipherSort.remove(j);
187
        cipherSort.remove(j);
187
      } else {
188
      } else {
188
        break;
189
        break;
189
-- kio/kssl/ksslsettings.cc
190
++ kio/kssl/ksslsettings.cc
Lines 44-52 Link Here
44
#include <openssl/ssl.h>
44
#include <openssl/ssl.h>
45
#undef crypt
45
#undef crypt
46
#endif
46
#endif
47
48
#include <kopenssl.h>
47
#include <kopenssl.h>
49
48
49
#ifdef KSSL_HAVE_SSL
50
#define sk_new d->kossl->sk_new
51
#define sk_push d->kossl->sk_push
52
#define sk_free d->kossl->sk_free
53
#define sk_value d->kossl->sk_value
54
#define sk_num d->kossl->sk_num
55
#define sk_dup d->kossl->sk_dup
56
#define sk_pop d->kossl->sk_pop
57
#endif
58
50
      class CipherNode {
59
      class CipherNode {
51
      public:
60
      public:
52
        CipherNode(const char *_name, int _keylen) : 
61
        CipherNode(const char *_name, int _keylen) : 
Lines 128-190 Link Here
128
  QString tcipher;
137
  QString tcipher;
129
  bool firstcipher = true;
138
  bool firstcipher = true;
130
  SSL_METHOD *meth = 0L;
139
  SSL_METHOD *meth = 0L;
131
  QSortedList<CipherNode> cipherSort;
140
  QPtrList<CipherNode> cipherList;
132
141
133
  cipherSort.setAutoDelete(true);
142
  cipherList.setAutoDelete(true);
134
143
135
  if (!d->kossl)
144
  if (!d->kossl)
136
    d->kossl = KOSSL::self();
145
    d->kossl = KOSSL::self();
137
146
138
  if (m_bUseSSLv3) {
147
  if (m_bUseSSLv3 && m_bUseSSLv2)
139
    m_cfg->setGroup("SSLv3");
148
    meth = d->kossl->SSLv23_client_method();
149
  else if(m_bUseSSLv3)
140
    meth = d->kossl->SSLv3_client_method();
150
    meth = d->kossl->SSLv3_client_method();
141
    for(int i = 0; ; i++) {
151
  else if (m_bUseSSLv2)
142
      SSL_CIPHER *sc = (meth->get_cipher)(i);
143
      if (!sc)
144
        break;
145
      tcipher.sprintf("cipher_%s", sc->name);
146
      int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
147
148
      if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
149
        CipherNode *xx = new CipherNode(sc->name,bits);
150
        if (!cipherSort.contains(xx)) {
151
          cipherSort.prepend(xx);
152
        } else {
153
          delete xx;
154
        }
155
      }
156
    }
157
  }
158
159
  if (m_bUseSSLv2) {
160
    m_cfg->setGroup("SSLv2");
161
    meth = d->kossl->SSLv2_client_method();
152
    meth = d->kossl->SSLv2_client_method();
162
153
163
    for(int i = 0; meth; i++) {
154
  SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
164
      SSL_CIPHER *sc = (meth->get_cipher)(i);
155
  SSL* ssl = d->kossl->SSL_new(ctx);
165
      if (!sc)
156
  STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
166
        break;
157
  int cnt = sk_SSL_CIPHER_num(sk);
167
      tcipher.sprintf("cipher_%s", sc->name);
158
  for (int i=0; i< cnt; i++) {
168
      int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
159
    SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
169
160
    if (!sc)
170
      if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
161
      break;
171
        CipherNode *xx = new CipherNode(sc->name,bits);
162
172
        if (!cipherSort.contains(xx)) {
163
    if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
173
          cipherSort.prepend(xx);
164
      m_cfg->setGroup("SSLv2");
174
        } else {
165
    else
175
          delete xx;
166
      m_cfg->setGroup("SSLv3");
176
        }
167
177
      }
168
    tcipher.sprintf("cipher_%s", sc->name);
169
    int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
170
    if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
171
      CipherNode *xx = new CipherNode(sc->name,bits);
172
      if (!cipherList.contains(xx))
173
	cipherList.prepend(xx);
174
      else
175
	delete xx;
178
    }
176
    }
179
  }
177
  }
178
  d->kossl->SSL_free(ssl);
179
  d->kossl->SSL_CTX_free(ctx);
180
180
181
  // Remove any ADH ciphers as per RFC2246
181
  // Remove any ADH ciphers as per RFC2246
182
  // Also remove NULL ciphers and 168bit ciphers
182
  // Also remove NULL ciphers and 168bit ciphers
183
  for (unsigned int i = 0; i < cipherSort.count(); i++) {
183
  for (unsigned int i = 0; i < cipherList.count(); i++) {
184
    CipherNode *j = 0L;
184
    CipherNode *j = 0L;
185
    while ((j = cipherSort.at(i)) != 0L) {
185
    while ((j = cipherList.at(i)) != 0L) {
186
      if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) {
186
      if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) {
187
        cipherSort.remove(j);
187
        cipherList.remove(j);
188
      } else {
188
      } else {
189
        break;
189
        break;
190
      }
190
      }
Lines 192-203 Link Here
192
  } 
192
  } 
193
193
194
  // now assemble the list  cipher1:cipher2:cipher3:...:ciphern
194
  // now assemble the list  cipher1:cipher2:cipher3:...:ciphern
195
  while (!cipherSort.isEmpty()) {
195
  while (!cipherList.isEmpty()) {
196
    if (firstcipher)
196
    if (firstcipher)
197
      firstcipher = false;
197
      firstcipher = false;
198
    else clist.append(":");
198
    else clist.append(":");
199
    clist.append(cipherSort.getLast()->name);
199
    clist.append(cipherList.getLast()->name);
200
    cipherSort.removeLast();
200
    cipherList.removeLast();
201
  } // while
201
  } // while
202
202
203
  kdDebug(7029) << "Cipher list is: " << clist << endl;
203
  kdDebug(7029) << "Cipher list is: " << clist << endl;
Lines 344-346 Link Here
344
344
345
QString& KSSLSettings::getEGDPath()       { return d->m_EGDPath; }
345
QString& KSSLSettings::getEGDPath()       { return d->m_EGDPath; }
346
346
347
-- kio/kssl/kopenssl.cc
347
#ifdef KSSL_HAVE_SSL
348
#undef sk_new
349
#undef sk_push
350
#undef sk_free
351
#undef sk_value
352
#undef sk_num
353
#undef sk_pop
354
#undef sk_dup
355
#endif
356
357
++ kio/kssl/kopenssl.cc
Lines 20-26 Link Here
20
#include <config.h>
20
#include <config.h>
21
#endif
21
#endif
22
22
23
24
#ifdef KSSL_HAVE_SSL
23
#ifdef KSSL_HAVE_SSL
25
#include <openssl/opensslv.h>
24
#include <openssl/opensslv.h>
26
#endif
25
#endif
Lines 197-202 Link Here
197
static X509_NAME *(*K_X509_NAME_new)() = 0L;
196
static X509_NAME *(*K_X509_NAME_new)() = 0L;
198
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
197
static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L;
199
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
198
static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L;
199
static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L;
200
200
#endif
201
#endif
201
}
202
}
202
203
Lines 567-572 Link Here
567
      K_SSL_set_session = (int (*)(SSL*,SSL_SESSION*)) _sslLib->symbol("SSL_set_session");
568
      K_SSL_set_session = (int (*)(SSL*,SSL_SESSION*)) _sslLib->symbol("SSL_set_session");
568
      K_d2i_SSL_SESSION = (SSL_SESSION* (*)(SSL_SESSION**,unsigned char**, long)) _sslLib->symbol("d2i_SSL_SESSION");
569
      K_d2i_SSL_SESSION = (SSL_SESSION* (*)(SSL_SESSION**,unsigned char**, long)) _sslLib->symbol("d2i_SSL_SESSION");
569
      K_i2d_SSL_SESSION = (int (*)(SSL_SESSION*,unsigned char**)) _sslLib->symbol("i2d_SSL_SESSION");
570
      K_i2d_SSL_SESSION = (int (*)(SSL_SESSION*,unsigned char**)) _sslLib->symbol("i2d_SSL_SESSION");
571
      K_SSL_get_ciphers = (STACK *(*)(const SSL*)) _sslLib->symbol("SSL_get_ciphers");
570
#endif
572
#endif
571
573
572
574
Lines 1543-1547 Link Here
1543
   return 0L;
1545
   return 0L;
1544
}
1546
}
1545
1547
1548
STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) {
1549
  if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl);
1550
  return 0L;
1551
}
1552
1546
#endif
1553
#endif
1547
1554

Return to bug 152153