diff options
Diffstat (limited to 'net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch')
-rw-r--r-- | net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch new file mode 100644 index 000000000000..65f19bf49da7 --- /dev/null +++ b/net-ftp/pure-ftpd/files/pure-ftpd-1.0.47-TLSv1.3.patch @@ -0,0 +1,46 @@ +From 4a495c61ce22c893aed5ee57f6ce0b43c3be59ad Mon Sep 17 00:00:00 2001 +From: Frank Denis <github@pureftpd.org> +Date: Wed, 19 Sep 2018 23:53:45 +0200 +Subject: [PATCH] TLS1.3 compatibility + +Fixes #94 +--- + src/tls.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/src/tls.c b/src/tls.c +index c693d3b..f383ed9 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -228,7 +228,16 @@ static void ssl_info_cb(const SSL *cnx, int where, int ret) + if ((where & SSL_CB_HANDSHAKE_START) != 0) { + if ((cnx == tls_cnx && tls_cnx_handshook != 0) || + (cnx == tls_data_cnx && tls_data_cnx_handshook != 0)) { +- die(400, LOG_ERR, "TLS renegociation"); ++ const SSL_CIPHER *cipher; ++ const char *cipher_version; ++ if ((cipher = SSL_get_current_cipher(cnx)) == NULL || ++ (cipher_version = SSL_CIPHER_get_version(cipher)) == NULL) { ++ die(400, LOG_ERR, "No cipher"); ++ } ++ if (strcmp(cipher_version, "TLSv1.3") != 0) { ++ die(400, LOG_ERR, "TLS renegociation"); ++ return; ++ } + } + return; + } +@@ -264,10 +273,10 @@ int tls_init_library(void) + OpenSSL_add_all_algorithms(); + # else + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | +- OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ++ OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | +- OPENSSL_INIT_ADD_ALL_DIGESTS | +- OPENSSL_INIT_LOAD_CONFIG, NULL); ++ OPENSSL_INIT_ADD_ALL_DIGESTS | ++ OPENSSL_INIT_LOAD_CONFIG, NULL); + # endif + while (RAND_status() == 0) { + rnd = zrand(); |