aboutsummaryrefslogtreecommitdiffstats
path: root/main/elinks/elinks-0.12pre6-openssl11.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/elinks/elinks-0.12pre6-openssl11.patch')
-rw-r--r--main/elinks/elinks-0.12pre6-openssl11.patch73
1 files changed, 0 insertions, 73 deletions
diff --git a/main/elinks/elinks-0.12pre6-openssl11.patch b/main/elinks/elinks-0.12pre6-openssl11.patch
deleted file mode 100644
index 29c4ef6bcb..0000000000
--- a/main/elinks/elinks-0.12pre6-openssl11.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From d83c0edf4c6ae42359ff856d7a879ecba5769595 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Fri, 17 Feb 2017 16:51:41 +0100
-Subject: [PATCH 1/2] fix compatibility with OpenSSL 1.1
-
----
- src/network/ssl/socket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
-index c9e2be4..467fc48 100644
---- a/src/network/ssl/socket.c
-+++ b/src/network/ssl/socket.c
-@@ -83,7 +83,7 @@ static void
- ssl_set_no_tls(struct socket *socket)
- {
- #ifdef CONFIG_OPENSSL
-- ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
-+ SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
- #elif defined(CONFIG_GNUTLS)
- {
- /* GnuTLS does not support SSLv2 because it is "insecure".
-@@ -419,7 +419,7 @@ ssl_connect(struct socket *socket)
- (SSL *) socket->ssl,
- client_cert);
- #else
-- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
-+ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl);
-
- SSL_CTX_use_certificate_chain_file(ctx, client_cert);
- SSL_CTX_use_PrivateKey_file(ctx, client_cert,
---
-2.7.4
-
-
-From ec952cc5b79973bee73fcfc813159d40c22b7228 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Fri, 17 Feb 2017 16:44:11 +0100
-Subject: [PATCH 2/2] drop disablement of TLS1.0 on second attempt to connect
-
-It would not work correctly anyway and the code does not build
-with OpenSSL-1.1.0.
----
- src/network/ssl/socket.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
-index 467fc48..b981c1e 100644
---- a/src/network/ssl/socket.c
-+++ b/src/network/ssl/socket.c
-@@ -82,6 +82,11 @@
- static void
- ssl_set_no_tls(struct socket *socket)
- {
-+#if 0
-+/* This implements the insecure renegotiation, which should not be used.
-+ * The code also would not work on current Fedora (>= Fedora 23) anyway,
-+ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled.
-+ */
- #ifdef CONFIG_OPENSSL
- SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
- #elif defined(CONFIG_GNUTLS)
-@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket)
- gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
- }
- #endif
-+#endif
- }
-
- #ifdef USE_OPENSSL
---
-2.7.4
-