blob: 6d192799134576c6189475a593df5c812aeedd55 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Description: Force ssl_verify_server on and disable SSLv2 support
Origin: http://www.openwall.com/lists/oss-security/2010/06/14/4
Author: Ludwig Nussel <ludwig.nussel@suse.de>
Bug-Debian: http://bugs.debian.org/587445
--- w3m-0.5.2.orig/fm.h
+++ w3m-0.5.2/fm.h
@@ -1120,7 +1120,7 @@ global int view_unseenobject init(TRUE);
#endif
#if defined(USE_SSL) && defined(USE_SSL_VERIFY)
-global int ssl_verify_server init(FALSE);
+global int ssl_verify_server init(TRUE);
global char *ssl_cert_file init(NULL);
global char *ssl_key_file init(NULL);
global char *ssl_ca_path init(NULL);
@@ -1129,7 +1129,7 @@ global int ssl_path_modified init(FALSE)
#endif /* defined(USE_SSL) &&
* defined(USE_SSL_VERIFY) */
#ifdef USE_SSL
-global char *ssl_forbid_method init(NULL);
+global char *ssl_forbid_method init("2");
#endif
global int is_redisplay init(FALSE);
|
