File disable-sslv3.patch of Package evolution-data-server

Overview Repositories Revisions Requests Users Attributes Meta

File disable-sslv3.patch of Package evolution-data-server

Index: evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c
===================================================================
--- evolution-data-server-3.10.4.orig/camel/camel-tcp-stream-ssl.c
+++ evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c
@@ -546,7 +546,7 @@ enable_ssl (CamelTcpStreamSSL *ssl,
             PRFileDesc *fd)
 {
 	PRFileDesc *ssl_fd;
-	static gchar v2_enabled = -1;
+	static gchar v2_enabled = -1, v3_enabled = -1;
 #if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
 	SSLVersionRange versionStreamSup, versionStream;
 #endif
@@ -580,8 +580,13 @@ enable_ssl (CamelTcpStreamSSL *ssl,
 		SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
 	}
 
+	/* check camel.c for the same "CAMEL_SSL_V3_ENABLE" */
+	if (v3_enabled == -1)
+		v3_enabled = g_strcmp0 (g_getenv ("CAMEL_SSL_V3_ENABLE"), "1") == 0 ? 1 : 0;
+
+
 #if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
-	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+	if (v3_enabled && (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) != 0)
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
 	else
 		SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_FALSE);
@@ -594,7 +599,7 @@ enable_ssl (CamelTcpStreamSSL *ssl,
 #else
 	SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStreamSup);
 
-	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
+	if (v3_enabled && (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3) != 0)
 		versionStream.min = SSL_LIBRARY_VERSION_3_0;
 	else
 		versionStream.min = SSL_LIBRARY_VERSION_TLS_1_0;
@@ -602,7 +607,7 @@ enable_ssl (CamelTcpStreamSSL *ssl,
 	if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
 		versionStream.max = versionStreamSup.max;
 	else
-		versionStream.max = SSL_LIBRARY_VERSION_3_0;
+		versionStream.max = v3_enabled ? SSL_LIBRARY_VERSION_3_0 : versionStreamSup.max;
 
 	if (versionStream.max < versionStream.min) {
 		PRUint16 tmp;
Index: evolution-data-server-3.10.4/camel/camel.c
===================================================================
--- evolution-data-server-3.10.4.orig/camel/camel.c
+++ evolution-data-server-3.10.4/camel/camel.c
@@ -96,7 +96,7 @@ camel_init (const gchar *configdir,
 	camel_debug_init ();
 
 	if (nss_init) {
-		static gchar v2_enabled = -1, weak_ciphers = -1;
+		static gchar v2_enabled = -1, weak_ciphers = -1, v3_enabled = -1;
 		gchar *nss_configdir = NULL;
 		gchar *nss_sql_configdir = NULL;
 		SECStatus status = SECFailure;
@@ -116,6 +116,10 @@ camel_init (const gchar *configdir,
 		if (weak_ciphers == -1)
 			weak_ciphers = g_strcmp0 (g_getenv ("CAMEL_SSL_WEAK_CIPHERS"), "1") == 0 ? 1 : 0;
 
+		/* check camel-tcp-stream-ssl.c for the same "CAMEL_SSL_V3_ENABLE" */
+		if (v3_enabled == -1)
+			v3_enabled = g_strcmp0 (g_getenv ("CAMEL_SSL_V3_ENABLE"), "1") == 0 ? 1 : 0;
+
 		if (nss_initlock == NULL) {
 			PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10);
 			nss_initlock = PR_NewLock ();
@@ -216,11 +220,14 @@ skip_nss_init:
 		SSL_OptionSetDefault (SSL_ENABLE_SSL2, v2_enabled ? PR_TRUE : PR_FALSE);
 		SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
 #if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
-		SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
+		SSL_OptionSetDefault (SSL_ENABLE_SSL3, v3_enabled ? PR_TRUE : PR_FALSE);
 		SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE); /* Enable TLSv1.0 */
 #else
 		/* Enable all SSL/TLS versions supported by NSS (this API is for SSLv3 and newer). */
 		SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStream);
+          // 0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, etc.
+        if (v3_enabled)
+          versionStream.min = SSL_LIBRARY_VERSION_3_0 + 1;
 		SSL_VersionRangeSetDefault (ssl_variant_stream, &versionStream);
 #endif

Places

File disable-sslv3.patch of Package evolution-data-server

Places