diff options
Diffstat (limited to 'net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch')
-rw-r--r-- | net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch deleted file mode 100644 index 65f19bf49da7..000000000000 --- a/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 4a495c61ce22c893aed5ee57f6ce0b43c3be59ad Mon Sep 17 00:00:00 2001 -From: Frank Denis <github@pureftpd.org> -Date: Wed, 19 Sep 2018 23:53:45 +0200 -Subject: [PATCH] TLS1.3 compatibility - -Fixes #94 ---- - src/tls.c | 17 +++++++++++++---- - 1 file changed, 13 insertions(+), 4 deletions(-) - -diff --git a/src/tls.c b/src/tls.c -index c693d3b..f383ed9 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -228,7 +228,16 @@ static void ssl_info_cb(const SSL *cnx, int where, int ret) - if ((where & SSL_CB_HANDSHAKE_START) != 0) { - if ((cnx == tls_cnx && tls_cnx_handshook != 0) || - (cnx == tls_data_cnx && tls_data_cnx_handshook != 0)) { -- die(400, LOG_ERR, "TLS renegociation"); -+ const SSL_CIPHER *cipher; -+ const char *cipher_version; -+ if ((cipher = SSL_get_current_cipher(cnx)) == NULL || -+ (cipher_version = SSL_CIPHER_get_version(cipher)) == NULL) { -+ die(400, LOG_ERR, "No cipher"); -+ } -+ if (strcmp(cipher_version, "TLSv1.3") != 0) { -+ die(400, LOG_ERR, "TLS renegociation"); -+ return; -+ } - } - return; - } -@@ -264,10 +273,10 @@ int tls_init_library(void) - OpenSSL_add_all_algorithms(); - # else - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | -- OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); -+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | -- OPENSSL_INIT_ADD_ALL_DIGESTS | -- OPENSSL_INIT_LOAD_CONFIG, NULL); -+ OPENSSL_INIT_ADD_ALL_DIGESTS | -+ OPENSSL_INIT_LOAD_CONFIG, NULL); - # endif - while (RAND_status() == 0) { - rnd = zrand(); |