summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/curl-7.77-tls-priority-string.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/curl-7.77-tls-priority-string.patch')
-rw-r--r--gnu/packages/patches/curl-7.77-tls-priority-string.patch98
1 files changed, 0 insertions, 98 deletions
diff --git a/gnu/packages/patches/curl-7.77-tls-priority-string.patch b/gnu/packages/patches/curl-7.77-tls-priority-string.patch
deleted file mode 100644
index bf1bfa8aaa..0000000000
--- a/gnu/packages/patches/curl-7.77-tls-priority-string.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-cURL 7.77.0 would use a bogus TLS priority string favoring older TLS
-protocol versions, which in turn would prevent access to bitbucket.org:
-
- https://issues.guix.gnu.org/49035
- https://github.com/curl/curl/pull/7278
-
-This patch fixes it.
-From <https://github.com/curl/curl/pull/7278/commits/b98f79f6ecdb708c67f9a0cec56ce48952a54556>.
-
-From b98f79f6ecdb708c67f9a0cec56ce48952a54556 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Fri, 18 Jun 2021 14:54:07 +0200
-Subject: [PATCH] gnutls: set the prefer ciphers in correct order
-
-Reported-by: civodul on github
-Assisted-by: Nikos Mavrogiannopoulos
-Fixes #7277
----
- lib/vtls/gtls.c | 30 +++++++++++++-----------------
- 1 file changed, 13 insertions(+), 17 deletions(-)
-
-diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
-index d9bc5611e8f9..da2af64955c3 100644
---- a/lib/vtls/gtls.c
-+++ b/lib/vtls/gtls.c
-@@ -330,6 +330,9 @@ set_ssl_version_min_max(struct Curl_easy *data,
- ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
- }
- }
-+ else if(ssl_version_max == CURL_SSLVERSION_MAX_DEFAULT) {
-+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3;
-+ }
-
- switch(ssl_version | ssl_version_max) {
- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0:
-@@ -338,11 +341,11 @@ set_ssl_version_min_max(struct Curl_easy *data,
- return CURLE_OK;
- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.0:+VERS-TLS1.1";
-+ "+VERS-TLS1.1:+VERS-TLS1.0";
- return CURLE_OK;
- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2";
-+ "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
- return CURLE_OK;
- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-@@ -350,7 +353,7 @@ set_ssl_version_min_max(struct Curl_easy *data,
- return CURLE_OK;
- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.1:+VERS-TLS1.2";
-+ "+VERS-TLS1.2:+VERS-TLS1.1";
- return CURLE_OK;
- case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-@@ -360,25 +363,17 @@ set_ssl_version_min_max(struct Curl_easy *data,
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
- "+VERS-TLS1.3";
- return CURLE_OK;
-- case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
-- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2"
-- ":+VERS-TLS1.3";
-+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_3:
-+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0";
- return CURLE_OK;
-- case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
-+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_3:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.1:+VERS-TLS1.2"
-- ":+VERS-TLS1.3";
-+ "+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1";
- return CURLE_OK;
-- case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
-+ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_3:
- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.2"
-- ":+VERS-TLS1.3";
-+ "+VERS-TLS1.3:+VERS-TLS1.2";
- return CURLE_OK;
-- case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT:
-- *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
-- "+VERS-TLS1.2"
-- ":+VERS-TLS1.3";
- return CURLE_OK;
- }
-
-@@ -608,6 +603,7 @@ gtls_connect_step1(struct Curl_easy *data,
- }
- else {
- #endif
-+ infof(data, "GnuTLS ciphers: %s\n", prioritylist);
- rc = gnutls_priority_set_direct(session, prioritylist, &err);
- #ifdef HAVE_GNUTLS_SRP
- }
generated by cgit v1.2.3 (git 2.45.2) at 2024-07-07 07:52:42 +0000