rpms / mozldap

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 fc6 main rawhide
  1.   f23
  2.   support-tls1.1-and-later.patch
Blob Blame History Raw 
--- mozldap-6.0.5/mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c.orig	2006-10-10 06:37:35.000000000 -0700
+++ mozldap-6.0.5/mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c	2014-11-03 14:18:59.908337004 -0800
@@ -59,8 +59,9 @@
 #endif /* OSF1V4D */
 
 #include <errno.h>
 #include <nspr.h>
+#include <nss.h>
 #include <cert.h>
 #include <key.h>
 #include <ssl.h>
 #include <sslproto.h>
@@ -70,8 +71,21 @@
 #include <ldap.h>
 #include <ldap_ssl.h>
 #include <ldappr.h>
 #include <pk11func.h>
+ 
+#if NSS_VMAJOR * 100 + NSS_VMINOR >= 314
+/* TLS1.1 is defined in RFC4346. */
+#define NSS_TLS11 1
+static SSLVersionRange enabledNSSVersions;
+static SSLVersionRange ldapNSSVersions;
+#else
+/* 
+ *  * TLS1.0 is defined in RFC2246.
+ *   * Close to SSL 3.0.
+ *    */
+#define NSS_TLS10 1
+#endif
 
 /*
  * Macro that determines how many SSL options we support. As of June, 2002
  * NSS supports 14 options numbered 1-14 (see nss/ssl.h).  We allow some
@@ -247,8 +261,20 @@
     PRLDAPSocketInfo	soi;
     LDAPSSLSocketInfo	*ssoip = NULL;
     LDAPSSLSessionInfo	*sseip;
     PRFileDesc		*sslfd = NULL;
+#if defined(NSS_TLS11)
+    SECStatus sslStatus = SECSuccess;
+    char *s = getenv("LDAPSSL_ALLOW_OLD_SSL_VERSION");
+    /* Get the range of the supported SSL version */
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+    if (s) {
+        ldapNSSVersions.min = enabledNSSVersions.min;
+    } else {
+        ldapNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    ldapNSSVersions.max = enabledNSSVersions.max;
+#endif
 
     /*
      * Determine if secure option is set.  Also, clear secure bit in options
      * the we pass to the standard connect() function (since it doesn't know
@@ -305,9 +331,18 @@
     if (( sslfd = SSL_ImportFD( NULL, soi.soinfo_prfd )) == NULL ) {
 	goto close_socket_and_exit_with_error;
     }
 
+#if defined(NSS_TLS11)
+    sslStatus = SSL_VersionRangeSet(sslfd, &ldapNSSVersions);
+    if (sslStatus != SECSuccess) {
+        goto close_socket_and_exit_with_error;
+    }
+#endif
     if ( SSL_OptionSet( sslfd, SSL_SECURITY, secure ) != SECSuccess ||
+#if defined(NSS_TLS10)
+         SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
+#endif
 		SSL_OptionSet( sslfd, SSL_HANDSHAKE_AS_CLIENT, secure )
 		!= SECSuccess || ( secure && SSL_ResetHandshake( sslfd,
 		PR_FALSE ) != SECSuccess )) {
 	goto close_socket_and_exit_with_error;
@@ -505,8 +540,20 @@
     LBER_SOCKET 	intfd = -1;
     int			rc = LDAP_LOCAL_ERROR;
     char 		*hostlist = NULL;
     struct lextiof_socket_private *socketargp = NULL;
+#if defined(NSS_TLS11)
+    SECStatus sslStatus = SECSuccess;
+    char *s = getenv("LDAPSSL_ALLOW_OLD_SSL_VERSION");
+    /* Get the range of the supported SSL version */
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+    if (s) {
+        ldapNSSVersions.min = enabledNSSVersions.min;
+    } else {
+        ldapNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    ldapNSSVersions.max = enabledNSSVersions.max;
+#endif
         
     /*
      * Get hostlist from LDAP Handle
      */
@@ -570,10 +617,18 @@
 	rc = LDAP_LOCAL_ERROR;
 	goto close_socket_and_exit_with_error;
     }
     
+#if defined(NSS_TLS11)
+    sslStatus = SSL_VersionRangeSet(sslfd, &ldapNSSVersions);
+    if (sslStatus != SECSuccess) {
+        goto close_socket_and_exit_with_error;
+    }
+#endif
     if ( SSL_OptionSet( sslfd, SSL_SECURITY, secure ) != SECSuccess ||
-		 SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) != SECSuccess ||
+#if defined(NSS_TLS10)
+         SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) != SECSuccess ||
+#endif
 		 SSL_OptionSet( sslfd, SSL_HANDSHAKE_AS_CLIENT, secure ) != SECSuccess ||
 		 ( secure && SSL_ResetHandshake( sslfd, PR_FALSE ) != SECSuccess ) ) {
 	rc = LDAP_LOCAL_ERROR;
 	goto close_socket_and_exit_with_error;
@@ -1350,13 +1405,25 @@
     PRLDAPSocketInfo				soi;
     LDAPSSLSocketInfo				*ssoip = NULL;
     LDAPSSLSessionInfo				*sseip;
     PRFileDesc						*sslfd = NULL;
-	LBER_SOCKET						intfd = -1;
-	char							*hostlist;
-	struct lextiof_socket_private	*socketargp;
+    LBER_SOCKET						intfd = -1;
+    char							*hostlist;
+    struct lextiof_socket_private	*socketargp;
+#if defined(NSS_TLS11)
+    SECStatus sslStatus = SECSuccess;
+    char *s = getenv("LDAPSSL_ALLOW_OLD_SSL_VERSION");
+    /* Get the range of the supported SSL version */
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
+    if (s) {
+        ldapNSSVersions.min = enabledNSSVersions.min;
+    } else {
+        ldapNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    ldapNSSVersions.max = enabledNSSVersions.max;
+#endif
 
-	/*
+    /*
      * Get hostlist from LDAP Handle
      */
     if ( ldap_get_option(ld, LDAP_OPT_HOST_NAME, &hostlist) < 0 ) {
 		return( -1 );
@@ -1411,10 +1478,18 @@
     if (( sslfd = SSL_ImportFD( NULL, soi.soinfo_prfd )) == NULL ) {
         goto reset_socket_and_exit_with_error;
     }
 
+#if defined(NSS_TLS11)
+    sslStatus = SSL_VersionRangeSet(sslfd, &ldapNSSVersions);
+    if (sslStatus != SECSuccess) {
+        goto reset_socket_and_exit_with_error;
+    }
+#endif
     if ( SSL_OptionSet( sslfd, SSL_SECURITY, secure ) != SECSuccess ||
-				SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
+#if defined(NSS_TLS10)
+                SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
+#endif
                 SSL_OptionSet( sslfd, SSL_HANDSHAKE_AS_CLIENT, secure )
                 != SECSuccess || ( secure && SSL_ResetHandshake( sslfd,
                 PR_FALSE ) != SECSuccess )) {
         goto reset_socket_and_exit_with_error;
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.