rpms/curl/devel curl-7.19.4-enable-aes.patch, NONE, 1.1 curl.spec, 1.91, 1.92

Kamil Dudka kdudka at fedoraproject.org
Wed Mar 18 17:01:33 UTC 2009 

Author: kdudka

Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25902

Modified Files:
	curl.spec 
Added Files:
	curl-7.19.4-enable-aes.patch 
Log Message:
enable 6 additional crypto algorithms by default (#436781)

curl-7.19.4-enable-aes.patch:

--- NEW FILE curl-7.19.4-enable-aes.patch ---
diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
--- curl.orig/lib/nss.c	2009-03-04 17:54:28.459240000 +0100
+++ curl/lib/nss.c	2009-03-18 11:38:34.245797020 +0100
@@ -162,6 +162,18 @@ static const cipher_s cipherlist[] = {
 #endif
 };
 
+/* following ciphers are new in NSS 3.4 and not enabled by default, therefor
+   they are enabled explicitly */
+static const int enable_ciphers_by_default[] = {
+  TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+  TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+  TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+  TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+  TLS_RSA_WITH_AES_128_CBC_SHA,
+  TLS_RSA_WITH_AES_256_CBC_SHA,
+  SSL_NULL_WITH_NULL_NULL
+};
+
 #ifdef HAVE_PK11_CREATEGENERICOBJECT
 static const char* pem_library = "libnsspem.so";
 #endif
@@ -954,6 +966,7 @@ CURLcode Curl_nss_connect(struct connect
 #endif
   char *certDir = NULL;
   int curlerr;
+  const int *cipher_to_enable;
 
   curlerr = CURLE_SSL_CONNECT_ERROR;
 
@@ -1057,6 +1070,16 @@ CURLcode Curl_nss_connect(struct connect
   if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
     goto error;
 
+  /* enable all ciphers from enable_ciphers_by_default */
+  cipher_to_enable = enable_ciphers_by_default;
+  while (SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
+    if (SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
+      curlerr = CURLE_SSL_CIPHER;
+      goto error;
+    }
+    cipher_to_enable++;
+  }
+
   if(data->set.ssl.cipher_list) {
     if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
       curlerr = CURLE_SSL_CIPHER;


Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- curl.spec	12 Mar 2009 10:20:53 -0000	1.91
+++ curl.spec	18 Mar 2009 17:01:02 -0000	1.92
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -9,6 +9,7 @@
 Patch2: curl-7.16.0-privlibs.patch
 Patch3: curl-7.17.1-badsocket.patch
 Patch4: curl-7.19.4-tool-leak.patch
+Patch5: curl-7.19.4-enable-aes.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -54,6 +55,7 @@
 %patch2 -p1 -b .privlibs
 %patch3 -p1 -b .badsocket
 %patch4 -p1 -b .toolleak
+%patch5 -p1 -b .enableaes
 
 # Convert docs to UTF-8
 for f in CHANGES README; do
@@ -145,6 +147,10 @@
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Mar 18 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-5
+- enable 6 additional crypto algorithms by default (#436781,
+  accepted by upstream)
+
 * Thu Mar 12 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-4
 - fix memory leak in src/main.c (accepted by upstream)
 - avoid using %ifarch

More information about the fedora-extras-commits mailing list