LogoopenSUSE Build Service > Request 155072
Sign Up | Log In

Request 155072 (accepted)

** you may want this for 12.3 ***

- Extend configure.diff so _GNU_SOURCE and largefile Support
 is tested properly
- expand inks-nosslcomp.patch to fix other misuses of the openssl
  API including TLSv1 being disabled (with the wrong API too)
- build with SSL_NO_INTERN so we can escape ABI breaks in future 
  openSSL versions

- links was used to demonstrate bnc#803004 
   "openSSL 1.0.1d breaks most, if not all, SSL connections" 
It also turns out that links is not doing SSL stuff quite right..
HTTPS clients must not negotiate SSL compression which is compromised
since CVE-2012-4929 (aka. the CRIME attack) and should not even
try to use SSLv2 either which is broken since a very long time
(links-nosslcomp.patch)

Submit package home:elvigia:branches:network / links to package network / links

[-] [+] Changed configure.diff ^

Mentioned Issues (2)

CVE-2012-4929
boo#803004 Shawn Chang shawn2012 Closed
openSSL 1.0.1d breaks most, if not all, SSL connections

There's nothing to be done right now

Request History

Cristian Rodríguez elvigia created request over 3 years ago
** you may want this for 12.3 ***

- Extend configure.diff so _GNU_SOURCE and largefile Support
 is tested properly
- expand inks-nosslcomp.patch to fix other misuses of the openssl
  API including TLSv1 being disabled (with the wrong API too)
- build with SSL_NO_INTERN so we can escape ABI breaks in future 
  openSSL versions

- links was used to demonstrate bnc#803004 
   "openSSL 1.0.1d breaks most, if not all, SSL connections" 
It also turns out that links is not doing SSL stuff quite right..
HTTPS clients must not negotiate SSL compression which is compromised
since CVE-2012-4929 (aka. the CRIME attack) and should not even
try to use SSLv2 either which is broken since a very long time
(links-nosslcomp.patch)
Berthold Gunreben azouhr Request got accepted over 3 years ago
looks ok

Comments for request 155072 (0)