Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 386752 Details for
Bug 462380
www-servers/pound-2.7c version bump
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Disable SSL on request
pound-2.7c-disable-ssl-tls.patch (text/plain), 4.27 KB, created by
Markus Ullmann
on 2014-10-15 23:36:59 UTC
(
hide
)
Description:
Disable SSL on request
Filename:
MIME Type:
Creator:
Markus Ullmann
Created:
2014-10-15 23:36:59 UTC
Size:
4.27 KB
patch
obsolete
>diff -urN ./Pound-2.7c.orig/config.c ./Pound-2.7c/config.c >--- ./Pound-2.7c.orig/config.c 2014-04-21 13:16:08.000000000 +0200 >+++ ./Pound-2.7c/config.c 2014-10-16 01:25:50.190376633 +0200 >@@ -78,7 +78,7 @@ > static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; > static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; > static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; >-static regex_t ClientCert, AddHeader, DisableSSLv2, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; >+static regex_t ClientCert, AddHeader, DisableSSLv2, DisableSSLv3, DisableTLSv1, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; > static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; > static regex_t Disabled, Threads, CNName, Anonymise; > >@@ -928,6 +928,8 @@ > res->err503 = "The service is not available. Please try again later."; > res->allow_client_reneg = 0; > res->disable_ssl_v2 = 0; >+ res->disable_ssl_v3 = 0; >+ res->disable_tls_v1 = 0; > res->log_level = log_level; > if(regcomp(&res->verb, xhttp[0], REG_ICASE | REG_NEWLINE | REG_EXTENDED)) > conf_err("xHTTP bad default pattern - aborted"); >@@ -1118,6 +1120,10 @@ > } > } else if(!regexec(&DisableSSLv2, lin, 4, matches, 0)) { > res->disable_ssl_v2 = 1; >+ } else if(!regexec(&DisableSSLv3, lin, 4, matches, 0)) { >+ res->disable_ssl_v3 = 1; >+ } else if(!regexec(&DisableTLSv1, lin, 4, matches, 0)) { >+ res->disable_tls_v1 = 1; > } else if(!regexec(&SSLAllowClientRenegotiation, lin, 4, matches, 0)) { > res->allow_client_reneg = atoi(lin + matches[1].rm_so); > if (res->allow_client_reneg == 2) { >@@ -1218,6 +1224,10 @@ > SSL_CTX_clear_options(pc->ctx, ssl_op_disable); > if (res->disable_ssl_v2 == 1) > SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv2); >+ if (res->disable_ssl_v3 == 1) >+ SSL_CTX_set_options(pc->ctx, SSL_OP_NO_SSLv3); >+ if (res->disable_tls_v1 == 1) >+ SSL_CTX_set_options(pc->ctx, SSL_OP_NO_TLSv1); > sprintf(lin, "%d-Pound-%ld", getpid(), random()); > SSL_CTX_set_session_id_context(pc->ctx, (unsigned char *)lin, strlen(lin)); > SSL_CTX_set_tmp_rsa_callback(pc->ctx, RSA_tmp_callback); >@@ -1421,6 +1431,8 @@ > || regcomp(&AddHeader, "^[ \t]*AddHeader[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&SSLAllowClientRenegotiation, "^[ \t]*SSLAllowClientRenegotiation[ \t]+([012])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) >+ || regcomp(&DisableSSLv3, "^[ \t]*DisableSSLv3[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) >+ || regcomp(&DisableTLSv1, "^[ \t]*DisableTLSv1[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) >@@ -1583,6 +1595,8 @@ > regfree(&AddHeader); > regfree(&SSLAllowClientRenegotiation); > regfree(&DisableSSLv2); >+ regfree(&DisableSSLv3); >+ regfree(&DisableTLSv1); > regfree(&SSLHonorCipherOrder); > regfree(&Ciphers); > regfree(&CAlist); >diff -urN ./Pound-2.7c.orig/pound.h ./Pound-2.7c/pound.h >--- ./Pound-2.7c.orig/pound.h 2014-04-21 13:16:08.000000000 +0200 >+++ ./Pound-2.7c/pound.h 2014-10-16 01:24:52.581141100 +0200 >@@ -409,6 +409,8 @@ > int log_level; /* log level for this listener */ > int allow_client_reneg; /* Allow Client SSL Renegotiation */ > int disable_ssl_v2; /* Disable SSL version 2 */ >+ int disable_ssl_v3; /* Disable SSL version 3 */ >+ int disable_tls_v1; /* Disable TLSv1 */ > SERVICE *services; > struct _listener *next; > } LISTENER;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=386752">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 462380
:
342674
|
342678
| 386752 |
386754
