Date: Mon, 16 Mar 2015 20:24:38 +0000 (UTC) From: Gregory Neil Shapiro <gshapiro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r280155 - head/contrib/sendmail/src Message-ID: <201503162024.t2GKOcGj014427@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gshapiro Date: Mon Mar 16 20:24:37 2015 New Revision: 280155 URL: https://svnweb.freebsd.org/changeset/base/280155 Log: Default to turning off OpenSSL SSL_OP_TLSEXT_PADDING as it breaks compatibility with some sites This change comes from 8.15 but is being backported to FreeBSD releases not yet using 8.15. MFC after: 3 days Noted by: julian@ Modified: head/contrib/sendmail/src/readcf.c Modified: head/contrib/sendmail/src/readcf.c ============================================================================== --- head/contrib/sendmail/src/readcf.c Mon Mar 16 20:13:25 2015 (r280154) +++ head/contrib/sendmail/src/readcf.c Mon Mar 16 20:24:37 2015 (r280155) @@ -124,6 +124,11 @@ readcf(cfname, safe, e) | SSL_OP_NO_TICKET #endif ; +# ifdef SSL_OP_TLSEXT_PADDING + /* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */ + Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING; + Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING; +# endif /* SSL_OP_TLSEXT_PADDING */ #endif /* STARTTLS */ if (DontLockReadFiles) sff |= SFF_NOLOCK; @@ -2406,6 +2411,9 @@ static struct ssl_options #ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG { "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG }, #endif +#ifdef SSL_OP_TLSEXT_PADDING + { "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING }, +#endif { NULL, 0 } }; #endif /* STARTTLS && _FFR_TLS_1 */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503162024.t2GKOcGj014427>