Blame openldap-nss-ciphers-use-nss-defaults.patch
|
Matúš Honěk |
22dbdbf |
Use what NSS considers default for DEFAULT cipher string.
|
|
Matúš Honěk |
22dbdbf |
|
|
Matúš Honěk |
22dbdbf |
Author: Matus Honek <mhonek@redhat.com>
|
|
Matúš Honěk |
22dbdbf |
Resolves: #1387868
|
|
Matúš Honěk |
22dbdbf |
Backports: #1245279 #1300701
|
|
Matúš Honěk |
22dbdbf |
|
|
Matúš Honěk |
22dbdbf |
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|
Matúš Honěk |
22dbdbf |
--- a/libraries/libldap/tls_m.c
|
|
Matúš Honěk |
22dbdbf |
+++ b/libraries/libldap/tls_m.c
|
|
Matúš Honěk |
22dbdbf |
@@ -645,7 +645,16 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum])
|
|
Matúš Honěk |
22dbdbf |
}
|
|
Matúš Honěk |
22dbdbf |
} else if (!strcmp(cipher, "DEFAULT")) {
|
|
Matúš Honěk |
22dbdbf |
for (i=0; i
|
|
Matúš Honěk |
22dbdbf |
- cipher_list[i] = ciphers_def[i].enabled == SSL_ALLOWED ? 1 : 0;
|
|
Matúš Honěk |
22dbdbf |
+ PRBool enabled;
|
|
Matúš Honěk |
22dbdbf |
+ if (SSL_CipherPrefGetDefault(ciphers_def[i].num, &enabled) == SECSuccess) {
|
|
Matúš Honěk |
22dbdbf |
+ if (!(ciphers_def[i].attr & SSL_eNULL)) {
|
|
Matúš Honěk |
22dbdbf |
+ cipher_list[i] = enabled == SSL_ALLOWED ? 1 : 0;
|
|
Matúš Honěk |
22dbdbf |
+ } else {
|
|
Matúš Honěk |
22dbdbf |
+ cipher_list[i] = -1;
|
|
Matúš Honěk |
22dbdbf |
+ }
|
|
Matúš Honěk |
22dbdbf |
+ } else {
|
|
Matúš Honěk |
22dbdbf |
+ cipher_list[i] = -1;
|
|
Matúš Honěk |
22dbdbf |
+ }
|
|
Matúš Honěk |
22dbdbf |
}
|
|
Matúš Honěk |
22dbdbf |
} else {
|
|
Matúš Honěk |
22dbdbf |
int mask = 0;
|