- update tls 1.3 patch to allow building with tls 1.0

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=73
2020-05-19 12:05:10 +00:00 · 2020-05-19 12:05:10 +00:00 · f0df186eb7
commit f0df186eb7
parent 99d7c3bd24
2 changed files with 19 additions and 11 deletions
--- a/allow-tls1.3-only.patch
+++ b/allow-tls1.3-only.patch
@ -1,20 +1,21 @@
-Index: dovecot-2.3.10/src/config/old-set-parser.c
+Index: dovecot-2.3.10.1/src/config/old-set-parser.c
 ===================================================================
--- dovecot-2.3.10.orig/src/config/old-set-parser.c
+--- dovecot-2.3.10.1.orig/src/config/old-set-parser.c
-+++ dovecot-2.3.10/src/config/old-set-parser.c
+++ dovecot-2.3.10.1/src/config/old-set-parser.c
-@@ -171,7 +171,7 @@ static int ssl_protocols_to_min_protocol
+@@ -172,6 +172,9 @@ static int ssl_protocols_to_min_protocol
 					 const char **error_r)
 {
 	static const char *protocol_versions[] = {
-		"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2",
+ 		"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2",
-+		"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3",
+#ifdef TLS1_3_VERSION
 +    "TLSv1.3",
 +#endif
 	};
 	/* Array where -1 = disable, 0 = not found, 1 = enable */
 	int protos[N_ELEMENTS(protocol_versions)];
-Index: dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
+Index: dovecot-2.3.10.1/src/lib-ssl-iostream/iostream-openssl-common.c
 ===================================================================
--- dovecot-2.3.10.orig/src/lib-ssl-iostream/iostream-openssl-common.c
+--- dovecot-2.3.10.1.orig/src/lib-ssl-iostream/iostream-openssl-common.c
-+++ dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
+++ dovecot-2.3.10.1/src/lib-ssl-iostream/iostream-openssl-common.c
@@ -9,6 +9,16 @@
 #include <openssl/err.h>
 #include <arpa/inet.h>
@ -32,12 +33,14 @@ Index: dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
 /* openssl_min_protocol_to_options() scans this array for name and returns
    version and opt. opt is used with SSL_set_options() and version is used with
    SSL_set_min_proto_version(). Using either method should enable the same
-@@ -23,6 +33,8 @@ static const struct {
+@@ -23,6 +33,10 @@ static const struct {
 	{ SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 },
 	{ SSL_TXT_TLSV1_2, TLS1_2_VERSION,
 		SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 },
 +#ifdef TLS1_3_VERSION
 +	{ SSL_TXT_TLSV1_3, TLS1_3_VERSION,
 +		SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 },
 +#endif
 };
 int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r,
 				    int *version_r)
--- a/dovecot23.changes
+++ b/dovecot23.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Tue May 19 12:04:55 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
 - update tls 1.3 patch to allow building with tls 1.0
 -------------------------------------------------------------------
 Mon May 18 14:04:52 UTC 2020 - Michael Ströder <michael@stroeder.com>