|
Milan Crha |
a08d79 |
diff -up evolution-data-server-3.10.4/camel/camel-network-service.c.poodle-enable-tls-for-ssl evolution-data-server-3.10.4/camel/camel-network-service.c
|
|
Milan Crha |
a08d79 |
--- evolution-data-server-3.10.4/camel/camel-network-service.c.poodle-enable-tls-for-ssl 2014-10-16 17:23:12.445495018 +0200
|
|
Milan Crha |
a08d79 |
+++ evolution-data-server-3.10.4/camel/camel-network-service.c 2014-10-16 17:23:17.187494840 +0200
|
|
Milan Crha |
a08d79 |
@@ -328,7 +328,8 @@ network_service_connect_sync (CamelNetwo
|
|
Milan Crha |
a08d79 |
stream = camel_tcp_stream_ssl_new (
|
|
Milan Crha |
a08d79 |
session, host,
|
|
Milan Crha |
a08d79 |
CAMEL_TCP_STREAM_SSL_ENABLE_SSL2 |
|
|
Milan Crha |
a08d79 |
- CAMEL_TCP_STREAM_SSL_ENABLE_SSL3);
|
|
Milan Crha |
a08d79 |
+ CAMEL_TCP_STREAM_SSL_ENABLE_SSL3 |
|
|
Milan Crha |
a08d79 |
+ CAMEL_TCP_STREAM_SSL_ENABLE_TLS);
|
|
Milan Crha |
a08d79 |
break;
|
|
Milan Crha |
a08d79 |
|
|
Milan Crha |
a08d79 |
default:
|
|
Milan Crha |
320875 |
diff -up evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c.poodle-enable-tls-for-ssl evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c
|
|
Milan Crha |
320875 |
--- evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c.poodle-enable-tls-for-ssl 2013-12-08 19:42:50.000000000 +0100
|
|
Milan Crha |
a08d79 |
+++ evolution-data-server-3.10.4/camel/camel-tcp-stream-ssl.c 2014-10-16 17:14:29.590514659 +0200
|
|
Milan Crha |
320875 |
@@ -43,6 +43,8 @@
|
|
Milan Crha |
320875 |
#include <sslerr.h>
|
|
Milan Crha |
320875 |
#include "nss.h" /* Don't use <> here or it will include the system nss.h instead */
|
|
Milan Crha |
320875 |
#include <ssl.h>
|
|
Milan Crha |
320875 |
+#include <sslt.h>
|
|
Milan Crha |
320875 |
+#include <sslproto.h>
|
|
Milan Crha |
320875 |
#include <cert.h>
|
|
Milan Crha |
320875 |
#include <certdb.h>
|
|
Milan Crha |
320875 |
#include <pk11func.h>
|
|
Milan Crha |
320875 |
@@ -545,6 +547,9 @@ enable_ssl (CamelTcpStreamSSL *ssl,
|
|
Milan Crha |
320875 |
{
|
|
Milan Crha |
320875 |
PRFileDesc *ssl_fd;
|
|
Milan Crha |
320875 |
static gchar v2_enabled = -1;
|
|
Milan Crha |
320875 |
+#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
|
|
Milan Crha |
320875 |
+ SSLVersionRange versionStreamSup, versionStream;
|
|
Milan Crha |
320875 |
+#endif
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
g_assert (fd != NULL);
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
@@ -575,6 +580,7 @@ enable_ssl (CamelTcpStreamSSL *ssl,
|
|
Milan Crha |
320875 |
SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
|
|
Milan Crha |
320875 |
}
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
+#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
|
|
Milan Crha |
320875 |
if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
|
|
Milan Crha |
320875 |
SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL3, PR_TRUE);
|
|
Milan Crha |
320875 |
else
|
|
Milan Crha |
320875 |
@@ -585,6 +591,29 @@ enable_ssl (CamelTcpStreamSSL *ssl,
|
|
Milan Crha |
320875 |
else
|
|
Milan Crha |
320875 |
SSL_OptionSet (ssl_fd, SSL_ENABLE_TLS, PR_FALSE);
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
+#else
|
|
Milan Crha |
320875 |
+ SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStreamSup);
|
|
Milan Crha |
320875 |
+
|
|
Milan Crha |
320875 |
+ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL3)
|
|
Milan Crha |
320875 |
+ versionStream.min = SSL_LIBRARY_VERSION_3_0;
|
|
Milan Crha |
320875 |
+ else
|
|
Milan Crha |
320875 |
+ versionStream.min = SSL_LIBRARY_VERSION_TLS_1_0;
|
|
Milan Crha |
320875 |
+
|
|
Milan Crha |
320875 |
+ if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_TLS)
|
|
Milan Crha |
320875 |
+ versionStream.max = versionStreamSup.max;
|
|
Milan Crha |
320875 |
+ else
|
|
Milan Crha |
320875 |
+ versionStream.max = SSL_LIBRARY_VERSION_3_0;
|
|
Milan Crha |
320875 |
+
|
|
Milan Crha |
320875 |
+ if (versionStream.max < versionStream.min) {
|
|
Milan Crha |
320875 |
+ PRUint16 tmp;
|
|
Milan Crha |
320875 |
+
|
|
Milan Crha |
320875 |
+ tmp = versionStream.max;
|
|
Milan Crha |
320875 |
+ versionStream.max = versionStream.min;
|
|
Milan Crha |
320875 |
+ versionStream.min = tmp;
|
|
Milan Crha |
320875 |
+ }
|
|
Milan Crha |
320875 |
+
|
|
Milan Crha |
320875 |
+ SSL_VersionRangeSet (ssl_fd, &versionStream);
|
|
Milan Crha |
320875 |
+#endif
|
|
Milan Crha |
320875 |
SSL_SetURL (ssl_fd, ssl->priv->expected_host);
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
/* NSS provides a default implementation for the SSL_GetClientAuthDataHook callback
|
|
Milan Crha |
320875 |
diff -up evolution-data-server-3.10.4/camel/camel.c.poodle-enable-tls-for-ssl evolution-data-server-3.10.4/camel/camel.c
|
|
Milan Crha |
320875 |
--- evolution-data-server-3.10.4/camel/camel.c.poodle-enable-tls-for-ssl 2013-12-08 19:42:49.000000000 +0100
|
|
Milan Crha |
a08d79 |
+++ evolution-data-server-3.10.4/camel/camel.c 2014-10-16 17:14:29.590514659 +0200
|
|
Milan Crha |
320875 |
@@ -100,6 +100,9 @@ camel_init (const gchar *configdir,
|
|
Milan Crha |
320875 |
gchar *nss_configdir = NULL;
|
|
Milan Crha |
320875 |
gchar *nss_sql_configdir = NULL;
|
|
Milan Crha |
320875 |
SECStatus status = SECFailure;
|
|
Milan Crha |
320875 |
+#if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 14)
|
|
Milan Crha |
320875 |
+ SSLVersionRange versionStream;
|
|
Milan Crha |
320875 |
+#endif
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
|
|
Milan Crha |
320875 |
/* NSS pre-3.14 has most of the ciphers disabled, thus enable
|
|
Milan Crha |
320875 |
@@ -212,8 +215,14 @@ skip_nss_init:
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
SSL_OptionSetDefault (SSL_ENABLE_SSL2, v2_enabled ? PR_TRUE : PR_FALSE);
|
|
Milan Crha |
320875 |
SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
|
|
Milan Crha |
320875 |
+#if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14)
|
|
Milan Crha |
320875 |
SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE);
|
|
Milan Crha |
320875 |
- SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE);
|
|
Milan Crha |
320875 |
+ SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE); /* Enable TLSv1.0 */
|
|
Milan Crha |
320875 |
+#else
|
|
Milan Crha |
320875 |
+ /* Enable all SSL/TLS versions supported by NSS (this API is for SSLv3 and newer). */
|
|
Milan Crha |
320875 |
+ SSL_VersionRangeGetSupported (ssl_variant_stream, &versionStream);
|
|
Milan Crha |
320875 |
+ SSL_VersionRangeSetDefault (ssl_variant_stream, &versionStream);
|
|
Milan Crha |
320875 |
+#endif
|
|
Milan Crha |
320875 |
|
|
Milan Crha |
320875 |
PR_Unlock (nss_initlock);
|
|
Milan Crha |
320875 |
|