Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
cyrus-imapd.2645
cyrus-imapd-enable-ec.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cyrus-imapd-enable-ec.patch of Package cyrus-imapd.2645
Index: cyrus-imapd-2.3.18/imap/tls.c =================================================================== --- cyrus-imapd-2.3.18.orig/imap/tls.c +++ cyrus-imapd-2.3.18/imap/tls.c @@ -631,6 +631,7 @@ int tls_init_serverengine(const char const char *CAfile; const char *s_cert_file; const char *s_key_file; + const char *ec; int requirecert; int timeout; @@ -667,7 +668,13 @@ int tls_init_serverengine(const char off |= SSL_OP_NO_SSLv2; off |= SSL_OP_NO_SSLv3; } + SSL_CTX_set_options(s_ctx, off); + +#ifdef SSL_OP_NO_COMPRESSION + SSL_CTX_set_options(s_ctx, SSL_OP_NO_COMPRESSION); +#endif + SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback); /* Don't use an internal session cache */ @@ -746,8 +753,19 @@ int tls_init_serverengine(const char #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) /* Load DH params for DHE-* key exchanges */ SSL_CTX_set_tmp_dh(s_ctx, load_dh_param(s_key_file, s_cert_file)); - /* FIXME: Load ECDH params for ECDHE suites when 0.9.9 is released */ #endif + /* Setup an ec - default to 224 bit EC */ + + ec = config_getstring(IMAPOPT_TLS_EC); + int openssl_nid = OBJ_sn2nid(ec); + if (openssl_nid != 0) { + EC_KEY *ecdh; + ecdh = EC_KEY_new_by_curve_name(openssl_nid); + if (ecdh != NULL) { + SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); + EC_KEY_free(ecdh); + } + } verify_depth = verifydepth; if (askcert!=0) Index: cyrus-imapd-2.3.18/lib/imapoptions =================================================================== --- cyrus-imapd-2.3.18.orig/lib/imapoptions +++ cyrus-imapd-2.3.18/lib/imapoptions @@ -1234,6 +1234,10 @@ product version in the capabilities */ for later reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will disable session caching. */ +{ "tls_ec", "secp224r1", STRING } +/* The default elliptical curve parameter. + For list of curves see: openssl ecparam -list_curves */ + { "umask", "077", STRING } /* The umask value used by various Cyrus IMAP programs. */ Index: cyrus-imapd-2.3.18/lib/imapopts.c =================================================================== --- cyrus-imapd-2.3.18.orig/lib/imapopts.c +++ cyrus-imapd-2.3.18/lib/imapopts.c @@ -760,6 +760,9 @@ struct imapopt_s imapopts[] = { IMAPOPT_TLS_SESSION_TIMEOUT, "tls_session_timeout", 0, OPT_INT, {(void*)1440}, { { NULL, IMAP_ENUM_ZERO } } }, + { IMAPOPT_TLS_EC, "tls_ec", 0, OPT_STRING, + {(void*)("secp224r1")}, + { { NULL, IMAP_ENUM_ZERO } } }, { IMAPOPT_UMASK, "umask", 0, OPT_STRING, {(void *)("077")}, { { NULL, IMAP_ENUM_ZERO } } }, Index: cyrus-imapd-2.3.18/lib/imapopts.h =================================================================== --- cyrus-imapd-2.3.18.orig/lib/imapopts.h +++ cyrus-imapd-2.3.18/lib/imapopts.h @@ -225,6 +225,7 @@ enum imapopt { IMAPOPT_TLS_KEY_FILE, IMAPOPT_TLS_REQUIRE_CERT, IMAPOPT_TLS_SESSION_TIMEOUT, + IMAPOPT_TLS_EC, IMAPOPT_UMASK, IMAPOPT_USERDENY_DB, IMAPOPT_USER_FOLDER_LIMIT,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor