diff options
Diffstat (limited to 'net-vpn/openconnect/files/8.20-insecure-crypto.patch')
-rw-r--r-- | net-vpn/openconnect/files/8.20-insecure-crypto.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch deleted file mode 100644 index 7644e1a264ba..000000000000 --- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch +++ /dev/null @@ -1,46 +0,0 @@ -From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Sun, 10 Apr 2022 12:21:57 -0400 -Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is - enabled - -Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However, -according to ciphers(1), the DEFAULT keyword cannot be combined with -other strings using the + characters. In other words, ":+3DES:+RC4" gets -ignored. - -The user is opting into insecure behavior, so let's keep it simple and -just allow everything. - -This change fixes the obsolete-server-crypto test when openconnect is -built against openssl-1.1.x. - -Signed-off-by: Mike Gilbert <floppym@gentoo.org> ---- - openssl.c | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -diff --git a/openssl.c b/openssl.c -index 3205dbd7..2bf594e7 100644 ---- a/openssl.c -+++ b/openssl.c -@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo) - struct oc_text_buf *buf = buf_alloc(); - if (vpninfo->pfs) - buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA"); -+ else if (vpninfo->allow_insecure_crypto) -+ buf_append(buf, "ALL"); - else -- buf_append(buf, "DEFAULT"); -- -- if (vpninfo->allow_insecure_crypto) -- buf_append(buf, ":+3DES:+RC4"); -- else -- buf_append(buf, ":-3DES:-RC4"); -+ buf_append(buf, "DEFAULT:-3DES:-RC4"); - - if (buf_error(buf)) { - vpn_progress(vpninfo, PRG_ERR, --- -2.35.1 - |