[evolution-data-server/gnome-3-6] Do not use SSL_V2_COMPATIBLE_HELLO by default
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution-data-server/gnome-3-6] Do not use SSL_V2_COMPATIBLE_HELLO by default
- Date: Wed, 20 Feb 2013 12:51:44 +0000 (UTC)
commit 2cf90ed3ae1316f2d10f7b06fb34db84964f939b
Author: Milan Crha <mcrha redhat com>
Date: Wed Feb 20 13:51:04 2013 +0100
Do not use SSL_V2_COMPATIBLE_HELLO by default
Zarafa server with disabled SSL v2 rejects connection when
SSL v2 compatible hello is sent, thus disabled this by default.
After all, SSL v3 should be used in general these days anyway.
Use environment variable CAMEL_SSL_V2_HELLO=1 in case your server
requires the old behavior.
camel/camel-tcp-stream-ssl.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
---
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index d1f1bb7..c13881a 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -707,8 +707,17 @@ enable_ssl (CamelTcpStreamSSL *ssl,
SSL_OptionSet (ssl_fd, SSL_SECURITY, PR_TRUE);
if (ssl->priv->flags & CAMEL_TCP_STREAM_SSL_ENABLE_SSL2) {
+ static gchar v2_hello = -1;
+
+ /* Zarafa server with disabled SSL v2 rejects connection when
+ SSL v2 compatible hello is sent, thus disabled this by default.
+ After all, SSL v3 should be used in general these days anyway.
+ */
+ if (v2_hello == -1)
+ v2_hello = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_HELLO"), "1") == 0 ? 1 : 0;
+
SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_TRUE);
- SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_TRUE);
+ SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, v2_hello ? PR_TRUE : PR_FALSE);
} else {
SSL_OptionSet (ssl_fd, SSL_ENABLE_SSL2, PR_FALSE);
SSL_OptionSet (ssl_fd, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]