diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2015-01-24 14:36:40 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2015-01-24 14:37:05 +0000 |
commit | 8595cb4102d547388d0d9e699d10a14f8f7aa71c (patch) | |
tree | cd27e4b710769000b651b9af4db2704a1cd328dd /debian/patches/340_ssl-init.patch | |
parent | Update Vcs-Browser (diff) | |
download | w3m-8595cb4102d547388d0d9e699d10a14f8f7aa71c.tar.gz w3m-8595cb4102d547388d0d9e699d10a14f8f7aa71c.zip |
Integrate Debian changes into 020_debian.patch (closes: #776112)
(debian/patches/*.patch except 010_upstream.patch are merged)
Diffstat (limited to 'debian/patches/340_ssl-init.patch')
-rw-r--r-- | debian/patches/340_ssl-init.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/debian/patches/340_ssl-init.patch b/debian/patches/340_ssl-init.patch deleted file mode 100644 index b47bbb6..0000000 --- a/debian/patches/340_ssl-init.patch +++ /dev/null @@ -1,50 +0,0 @@ -Subject: Force ssl_verify_server on, and disable SSLv2 and SSLv3 -Author: Ludwig Nussel <ludwig.nussel@suse.de>, Tatsuya Kinoshita <tats@debian.org> -Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4 - - Update README.SSL to follow default values - - Disable SSLv3 by default [CVE-2014-3566] - cf. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ - - Force ssl_verify_server on and disable SSLv2 support - Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4 - -diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL -index 4aedfde..670ed5f 100644 ---- a/doc-jp/README.SSL -+++ b/doc-jp/README.SSL -@@ -25,9 +25,9 @@ SSL - - ssl_forbid_method - 使わないSSLメソッドのリスト(2: SSLv2, 3: SSLv3, t: TLSv1) -- (デフォルトは<NULL>). -+ (デフォルトは2, 3). - ssl_verify_server ON/OFF -- SSLのサーバ認証を行う(デフォルトはOFF). -+ SSLのサーバ認証を行う(デフォルトはON). - ssl_cert_file ファイル名 - SSLのクライアント用PEM形式証明書ファイル(デフォルトは<NULL>). - ssl_key_file ファイル名 -diff --git a/fm.h b/fm.h -index 8378939..ddcd4fc 100644 ---- a/fm.h -+++ b/fm.h -@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE); - #endif - - #if defined(USE_SSL) && defined(USE_SSL_VERIFY) --global int ssl_verify_server init(FALSE); -+global int ssl_verify_server init(TRUE); - global char *ssl_cert_file init(NULL); - global char *ssl_key_file init(NULL); - global char *ssl_ca_path init(NULL); -@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE); - #endif /* defined(USE_SSL) && - * defined(USE_SSL_VERIFY) */ - #ifdef USE_SSL --global char *ssl_forbid_method init(NULL); -+global char *ssl_forbid_method init("2, 3"); - #endif - - global int is_redisplay init(FALSE); |