[DRE-commits] [ruby-httpclient] 04/18: Drop upstreamed patch 0003-fix-ssl-config.patch

Thu Aug 27 10:37:12 UTC 2015

This is an automated email from the git hooks/post-receive script.

tsfgnu-guest pushed a commit to branch master
in repository ruby-httpclient.

commit 9443a8daafb1e79b908ef68f13028aeb6e25fe9c
Author: Hleb Valoshka <375gnu at gmail.com>
Date:   Mon Aug 17 16:01:07 2015 +0300

    Drop upstreamed patch 0003-fix-ssl-config.patch
---
 debian/patches/0003-fix-ssl-config.patch | 64 --------------------------------
 debian/patches/series                    |  1 -
 2 files changed, 65 deletions(-)

diff --git a/debian/patches/0003-fix-ssl-config.patch b/debian/patches/0003-fix-ssl-config.patch
deleted file mode 100644
index ed50c5b..0000000
--- a/debian/patches/0003-fix-ssl-config.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Description: Change default SSL configuration
- The POODLE attack (https://en.wikipedia.org/wiki/POODLE) deprecated the use
- of SSLv3 protocol. We change the default configuration to autodetection
- and try to explicitly disable SSLv2 and SSLv3, preferring TLS protocol suites
- instead.
- This patch is a minimal adaptation of a commit in the project's upstream:
- https://github.com/nahi/httpclient/commit/90d5c791c941c72521784dc4ea8eed60987800da
-
---- a/lib/httpclient/ssl_config.rb
-+++ b/lib/httpclient/ssl_config.rb
-@@ -34,7 +34,13 @@
-   class SSLConfig
-     include OpenSSL if SSLEnabled
- 
--    # String name of OpenSSL's SSL version method name: SSLv2, SSLv23 or SSLv3
-+    # Which TLS protocol version (also called method) will be used. Defaults
-+    # to :auto which means that OpenSSL decides (In my tests this resulted 
-+    # with always the highest available protocol being used).
-+    # String name of OpenSSL's SSL version method name: TLSv1_2, TLSv1_1, TLSv1,
-+    # SSLv2, SSLv23, SSLv3 or :auto (and nil) to allow version negotiation (default).
-+    # See {OpenSSL::SSL::SSLContext::METHODS} for a list of available versions
-+    # in your specific Ruby environment.
-     attr_reader :ssl_version
-     # OpenSSL::X509::Certificate:: certificate for SSL client authenticateion.
-     # nil by default. (no client authenticateion)
-@@ -83,8 +89,13 @@
-       @verify_callback = nil
-       @dest = nil
-       @timeout = nil
--      @ssl_version = "SSLv3"
--      @options = defined?(SSL::OP_ALL) ? SSL::OP_ALL | SSL::OP_NO_SSLv2 : nil
-+      @ssl_version = :auto
-+      # Follow ruby-ossl's definition
-+      @options = OpenSSL::SSL::OP_ALL
-+      @options &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
-+      @options |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-+      @options |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
-+      @options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
-       # OpenSSL 0.9.8 default: "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
-       @ciphers = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default
-       @cacerts_loaded = false
-@@ -283,7 +294,7 @@
-       ctx.timeout = @timeout
-       ctx.options = @options
-       ctx.ciphers = @ciphers
--      ctx.ssl_version = @ssl_version
-+      ctx.ssl_version = @ssl_version unless @ssl_version == :auto
-     end
- 
-     # post connection check proc for ruby < 1.8.5.
---- a/test/test_ssl.rb
-+++ b/test/test_ssl.rb
-@@ -33,7 +33,10 @@
-     assert_equal(OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT, cfg.verify_mode)
-     assert_nil(cfg.verify_callback)
-     assert_nil(cfg.timeout)
--    assert_equal(OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2, cfg.options)
-+    expected_options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
-+    expected_options &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
-+    expected_options |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-+    assert_equal(expected_options, cfg.options)
-     assert_equal("ALL:!aNULL:!eNULL:!SSLv2", cfg.ciphers)
-     assert_instance_of(OpenSSL::X509::Store, cfg.cert_store)
-   end
diff --git a/debian/patches/series b/debian/patches/series
index 3f56c83..62e76a9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
 fix-port-allocation-in-tests.patch
-0003-fix-ssl-config.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-httpclient.git

