[Pkg-voip-commits] r8857 - in /asterisk/trunk/debian: changelog patches/no_ssl2 patches/series

tzafrir at alioth.debian.org tzafrir at alioth.debian.org
Mon Apr 11 10:59:54 UTC 2011 

Author: tzafrir
Date: Mon Apr 11 10:59:50 2011
New Revision: 8857

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=8857
Log:
Patch no_ssl2: Don't require client-side SSL2 support.

Added:
    asterisk/trunk/debian/patches/no_ssl2
Modified:
    asterisk/trunk/debian/changelog
    asterisk/trunk/debian/patches/series

Modified: asterisk/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/changelog?rev=8857&op=diff
==============================================================================
--- asterisk/trunk/debian/changelog (original)
+++ asterisk/trunk/debian/changelog Mon Apr 11 10:59:50 2011
@@ -27,6 +27,7 @@
   * Patch gmime-2.4: fixes building with gmime 2.4 (Closes: #549054).
     - Requires re-generating configure script.
   * Patch openssl10: Fix detection of openssl 1.0.
+  * Patch no_ssl2: Don't require client-side SSL2 support.
   * include menuselect.makeopts in the docs directory - let us know what
     modules were not built.
 

Added: asterisk/trunk/debian/patches/no_ssl2
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/no_ssl2?rev=8857&op=file
==============================================================================
--- asterisk/trunk/debian/patches/no_ssl2 (added)
+++ asterisk/trunk/debian/patches/no_ssl2 Mon Apr 11 10:59:50 2011
@@ -1,0 +1,27 @@
+Description: Not all OpenSSL-s support obsolete SSLv2
+Author: Tzafrir cohen <tzafrir.cohen at xorcom.com>
+Bug: https://issues.asterisk.org/view.php?id=19095
+
+SSLv2 is an old and insecure variant of the SSL/TLS standard. OpenSSL
+provides a build-time option not to support it. It has been disabled in
+e.g. Debian Unstable now.
+
+There's really no good reason to use SSLv2, so if the local implementation
+does not support it, let's respect its decision and not fail the build.
+
+--- a/main/tcptls.c
++++ b/main/tcptls.c
+@@ -297,9 +297,12 @@ static int __ssl_setup(struct ast_tls_co
+ 	SSLeay_add_ssl_algorithms();
+ 
+ 	if (client) {
++#ifndef OPENSSL_NO_SSL2
+ 		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) {
+ 			cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
+-		} else if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
++		} else
++#endif
++		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
+ 			cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
+ 		} else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
+ 			cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());

Modified: asterisk/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/series?rev=8857&op=diff
==============================================================================
--- asterisk/trunk/debian/patches/series (original)
+++ asterisk/trunk/debian/patches/series Mon Apr 11 10:59:50 2011
@@ -20,3 +20,4 @@
 enable_addons
 gmime-2.4
 openssl10
+no_ssl2

More information about the Pkg-voip-commits mailing list