96 lines
4.2 KiB
Diff
96 lines
4.2 KiB
Diff
|
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl.c webserver-1.2.104/cherokee/cryptor_libssl.c
|
||
|
--- webserver-1.2.104.orig/cherokee/cryptor_libssl.c 2014-04-01 11:12:48.000000000 -0600
|
||
|
+++ webserver-1.2.104/cherokee/cryptor_libssl.c 2022-03-18 05:44:45.000000000 -0600
|
||
|
@@ -238,13 +238,13 @@ cherokee_cryptor_libssl_find_vserver (SS
|
||
|
/* SSL_set_SSL_CTX() only change certificates. We need to
|
||
|
* changes more options by hand.
|
||
|
*/
|
||
|
- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
|
||
|
+ SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl)));
|
||
|
|
||
|
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
|
||
|
(SSL_num_renegotiations(ssl) == 0)) {
|
||
|
|
||
|
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
|
||
|
- SSL_CTX_get_verify_callback(ssl->ctx));
|
||
|
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)),
|
||
|
+ SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl)));
|
||
|
}
|
||
|
|
||
|
return ret_ok;
|
||
|
@@ -792,9 +792,7 @@ _socket_init_tls (cherokee_cryptor_socke
|
||
|
|
||
|
/* Disable Ciphers renegotiation (CVE-2009-3555)
|
||
|
*/
|
||
|
- if (cryp->session->s3) {
|
||
|
- cryp->session->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
|
||
|
- }
|
||
|
+ SSL_set_options(cryp->session, SSL_OP_NO_RENEGOTIATION);
|
||
|
|
||
|
return ret_ok;
|
||
|
}
|
||
|
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_1024.c webserver-1.2.104/cherokee/cryptor_libssl_dh_1024.c
|
||
|
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_1024.c 2014-04-01 11:12:48.000000000 -0600
|
||
|
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_1024.c 2022-03-18 05:08:11.000000000 -0600
|
||
|
@@ -23,9 +23,9 @@ static DH *get_dh1024()
|
||
|
DH *dh;
|
||
|
|
||
|
if ((dh=DH_new()) == NULL) return(NULL);
|
||
|
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
|
||
|
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
|
||
|
- if ((dh->p == NULL) || (dh->g == NULL)) {
|
||
|
+ DH_set0_pqg(dh, BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL),
|
||
|
+ NULL, BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL));
|
||
|
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
|
||
|
DH_free(dh); return(NULL);
|
||
|
}
|
||
|
return(dh);
|
||
|
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_2048.c webserver-1.2.104/cherokee/cryptor_libssl_dh_2048.c
|
||
|
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_2048.c 2014-04-01 11:12:48.000000000 -0600
|
||
|
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_2048.c 2022-03-18 05:09:20.000000000 -0600
|
||
|
@@ -34,9 +34,9 @@ static DH *get_dh2048()
|
||
|
DH *dh;
|
||
|
|
||
|
if ((dh=DH_new()) == NULL) return(NULL);
|
||
|
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
||
|
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
||
|
- if ((dh->p == NULL) || (dh->g == NULL)) {
|
||
|
+ DH_set0_pqg(dh, BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
|
||
|
+ NULL, BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL));
|
||
|
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
|
||
|
DH_free(dh); return(NULL);
|
||
|
}
|
||
|
return(dh);
|
||
|
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_4096.c webserver-1.2.104/cherokee/cryptor_libssl_dh_4096.c
|
||
|
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_4096.c 2014-04-01 11:12:48.000000000 -0600
|
||
|
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_4096.c 2022-03-18 05:10:34.000000000 -0600
|
||
|
@@ -55,9 +55,9 @@ static DH *get_dh4096()
|
||
|
DH *dh;
|
||
|
|
||
|
if ((dh=DH_new()) == NULL) return(NULL);
|
||
|
- dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);
|
||
|
- dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);
|
||
|
- if ((dh->p == NULL) || (dh->g == NULL)) {
|
||
|
+ DH_set0_pqg(dh, BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL),
|
||
|
+ NULL, BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL));
|
||
|
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
|
||
|
DH_free(dh); return(NULL);
|
||
|
}
|
||
|
return(dh);
|
||
|
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_512.c webserver-1.2.104/cherokee/cryptor_libssl_dh_512.c
|
||
|
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_512.c 2014-04-01 11:12:48.000000000 -0600
|
||
|
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_512.c 2022-03-18 05:05:46.000000000 -0600
|
||
|
@@ -18,9 +18,9 @@ static DH *get_dh512()
|
||
|
DH *dh;
|
||
|
|
||
|
if ((dh=DH_new()) == NULL) return(NULL);
|
||
|
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
|
||
|
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
|
||
|
- if ((dh->p == NULL) || (dh->g == NULL)) {
|
||
|
+ DH_set0_pqg(dh, BN_bin2bn(dh512_p,sizeof(dh512_p),NULL),
|
||
|
+ NULL, BN_bin2bn(dh512_g,sizeof(dh512_g),NULL));
|
||
|
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
|
||
|
DH_free(dh); return(NULL);
|
||
|
}
|
||
|
return(dh);
|