67 lines
3.1 KiB
Diff
67 lines
3.1 KiB
Diff
Description: Do not use SSLv3 methods in Qt4
|
|
This patch makes the use of SSLv3 methods optional at compile time.
|
|
On Debian this means they will not be used and will return a null ctx
|
|
if the SSLv3 method is deliberately selected.
|
|
Author: Jon DeVree <nuxi@vault24.org>
|
|
Origin: other, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806505
|
|
Forwarded: not-needed
|
|
Reviewed-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
|
|
Last-Update: 2015-11-30
|
|
---
|
|
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
|
diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp
|
|
--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl.cpp 2015-05-07 10:14:44.000000000 -0400
|
|
+++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl.cpp 2015-11-27 20:49:36.768826857 -0500
|
|
@@ -267,7 +267,11 @@
|
|
#endif
|
|
break;
|
|
case QSsl::SslV3:
|
|
+#ifndef OPENSSL_NO_SSL3_METHOD
|
|
ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
|
|
+#else
|
|
+ ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
|
|
+#endif
|
|
break;
|
|
case QSsl::SecureProtocols: // SslV2 will be disabled below
|
|
case QSsl::TlsV1SslV3: // SslV2 will be disabled below
|
|
diff -Nru qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp
|
|
--- qt4-x11-4.8.7+dfsg.orig/src/network/ssl/qsslsocket_openssl_symbols.cpp 2015-05-07 10:14:44.000000000 -0400
|
|
+++ qt4-x11-4.8.7+dfsg/src/network/ssl/qsslsocket_openssl_symbols.cpp 2015-11-27 20:49:48.061023402 -0500
|
|
@@ -228,13 +228,17 @@
|
|
#ifndef OPENSSL_NO_SSL2
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3_METHOD
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
+#endif
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#ifndef OPENSSL_NO_SSL2
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3_METHOD
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
+#endif
|
|
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
|
|
#else
|
|
@@ -822,13 +826,17 @@
|
|
#ifndef OPENSSL_NO_SSL2
|
|
RESOLVEFUNC(SSLv2_client_method)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3_METHOD
|
|
RESOLVEFUNC(SSLv3_client_method)
|
|
+#endif
|
|
RESOLVEFUNC(SSLv23_client_method)
|
|
RESOLVEFUNC(TLSv1_client_method)
|
|
#ifndef OPENSSL_NO_SSL2
|
|
RESOLVEFUNC(SSLv2_server_method)
|
|
#endif
|
|
+#ifndef OPENSSL_NO_SSL3_METHOD
|
|
RESOLVEFUNC(SSLv3_server_method)
|
|
+#endif
|
|
RESOLVEFUNC(SSLv23_server_method)
|
|
RESOLVEFUNC(TLSv1_server_method)
|
|
RESOLVEFUNC(X509_NAME_entry_count)
|