diff options
| author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-02-20 22:03:34 -0600 |
|---|---|---|
| committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-02-20 22:03:34 -0600 |
| commit | 129370fc1900bc981d529ab7d4a82b6668c72183 (patch) | |
| tree | f368dd73c0761fe03732d868e857a0161d7ac7f4 /system/openssl/0010-ssl-env-zlib.patch | |
| parent | 719252b7b29749389730057387d5a43b5516f7fe (diff) | |
| download | packages-129370fc1900bc981d529ab7d4a82b6668c72183.tar.gz packages-129370fc1900bc981d529ab7d4a82b6668c72183.tar.bz2 packages-129370fc1900bc981d529ab7d4a82b6668c72183.tar.xz packages-129370fc1900bc981d529ab7d4a82b6668c72183.zip | |
system/openssl: prepare for a new OpenSSL
Diffstat (limited to 'system/openssl/0010-ssl-env-zlib.patch')
| -rw-r--r-- | system/openssl/0010-ssl-env-zlib.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/system/openssl/0010-ssl-env-zlib.patch b/system/openssl/0010-ssl-env-zlib.patch new file mode 100644 index 000000000..9eae15d72 --- /dev/null +++ b/system/openssl/0010-ssl-env-zlib.patch @@ -0,0 +1,38 @@ +diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod +--- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200 ++++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200 +@@ -47,6 +47,13 @@ + been standardized, the compression API will most likely be changed. Using + it in the current state is not recommended. + ++It is also not recommended to use compression if data transfered contain ++untrusted parts that can be manipulated by an attacker as he could then ++get information about the encrypted data. See the CRIME attack. For ++that reason the default loading of the zlib compression method is ++disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB> ++is present during the library initialization. ++ + =head1 RETURN VALUES + + SSL_COMP_add_compression_method() may return the following values: +diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c +--- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200 ++++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200 +@@ -141,6 +141,8 @@ + */ + + #include <stdio.h> ++#include <stdlib.h> ++#include <sys/auxv.h> + #include <openssl/objects.h> + #ifndef OPENSSL_NO_COMP + # include <openssl/comp.h> +@@ -481,7 +483,7 @@ + + MemCheck_off(); + ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); +- if (ssl_comp_methods != NULL) { ++ if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { + comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) { + comp->method = COMP_zlib(); |