From f9c1ebdb7daea30ceaf73f43bf15c222dc4a58ad Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Tue, 27 Aug 2019 08:48:27 +0200
Subject: services: cups: Complete SSL-OPTIONS.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

…except for ‘AllowDH’, which makes no sense on GNU TLS systems.

* gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and
‘DenyTLS1.0’.
* doc/guix.texi (Printing Services): Document them both.
---
 gnu/services/cups.scm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'gnu/services')

diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index 9d21b6e70c..c20244cb32 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -170,7 +171,10 @@
 
 (define (ssl-options? x)
   (and (list? x)
-       (and-map (lambda (elt) (memq elt '(AllowRC4 AllowSSL3))) x)))
+       (and-map (lambda (elt) (memq elt '(AllowRC4
+                                          AllowSSL3
+                                          DenyCBC
+                                          DenyTLS1.0))) x)))
 (define (serialize-ssl-options field-name val)
   (serialize-field field-name
                    (match val
-- 
cgit v1.2.3