diff options
| author | Fredrik Pettai <pettai@nordu.net> | 2014-03-05 00:34:40 +0100 |
|---|---|---|
| committer | Andreas Beckmann <anbe@debian.org> | 2014-04-22 18:40:45 +0200 |
| commit | 535c40f356036d41e8a32764181a16615baf3a7c (patch) | |
| tree | e346a594a0d40b0ff1a454b9d8f5cb4a424156a3 | |
| parent | fde7e9f6b674b69cd6f4cf502d7096e1fbd9c63c (diff) | |
| download | sendmail-535c40f356036d41e8a32764181a16615baf3a7c.tar.gz | |
add support for EC-ciphers
The latest sendmail release (sendmail-8.14.8) has this patch included
(but it's not mentioned nor documented in the source / docs)
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/configure.ac | 1 | ||||
| -rw-r--r-- | debian/patches/8.14/8.14.4/_ffr_tls_ec.patch | 42 | ||||
| -rw-r--r-- | debian/patches/8.14/8.14.4/series | 1 |
4 files changed, 45 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 0c9e510..6afb8bc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ sendmail (8.14.4-6) UNRELEASED; urgency=medium * Set maintainer to Debian QA Group. (See: #740070) * Add systemd socket activation support for libmilter, thanks to Mikhail Gusarov. (Closes: #741257) + * Add _FFR_TLS_EC support, thanks to Fredrik Pettai. (Closes: #740792) -- Andreas Beckmann <anbe@debian.org> Tue, 22 Apr 2014 17:01:07 +0200 diff --git a/debian/configure.ac b/debian/configure.ac index cb261fb..2ea7fe5 100644 --- a/debian/configure.ac +++ b/debian/configure.ac @@ -1612,6 +1612,7 @@ if test $sm_enable_tls != no; then sm_sendmail_envdef="$sm_sendmail_envdef -DSTARTTLS"; sm_sendmail_libs="$sm_sendmail_libs -lcrypto -lssl"; sm_ffr="$sm_ffr -D_FFR_TLS_1"; + sm_ffr="$sm_ffr -D_FFR_TLS_EC"; sm_ffr="$sm_ffr -D_FFR_DEAL_WITH_ERROR_SSL"; fi; v2i 8.13.0; diff --git a/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch b/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch new file mode 100644 index 0000000..4c52f94 --- /dev/null +++ b/debian/patches/8.14/8.14.4/_ffr_tls_ec.patch @@ -0,0 +1,42 @@ +--- sendmail-8.14.4/sendmail/conf.c.orig 2014-03-04 22:44:56.000000000 +0100 ++++ sendmail-8.14.4/sendmail/conf.c 2014-03-04 22:45:28.000000000 +0100 +@@ -6411,6 +6411,9 @@ + /* More STARTTLS options, e.g., secondary certs. */ + "_FFR_TLS_1", + #endif /* _FFR_TLS_1 */ ++#if _FFR_TLS_EC ++ "_FFR_TLS_EC", ++#endif /* _FFR_TLS_EC */ + #if _FFR_TRUSTED_QF + /* + ** If we don't own the file mark it as unsafe. +--- sendmail-8.14.4/sendmail/tls.c.orig 2014-03-04 22:45:42.000000000 +0100 ++++ sendmail-8.14.4/sendmail/tls.c 2014-03-04 22:48:38.000000000 +0100 +@@ -944,6 +944,9 @@ + /* Diffie-Hellman initialization */ + if (bitset(TLS_I_TRY_DH, req)) + { ++#if _FFR_TLS_EC ++ EC_KEY *ecdh; ++#endif /* _FFR_TLS_EC */ + if (bitset(TLS_S_DHPAR_OK, status)) + { + BIO *bio; +@@ -1018,6 +1021,17 @@ + who, 8 * DH_size(dh), *dhparam); + DH_free(dh); + } ++ ++#if _FFR_TLS_EC ++ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ if (ecdh != NULL) ++ { ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_tmp_ecdh(*ctx, ecdh); ++ EC_KEY_free(ecdh); ++ } ++#endif /* _FFR_TLS_EC */ ++ + } + # endif /* !NO_DH */ + diff --git a/debian/patches/8.14/8.14.4/series b/debian/patches/8.14/8.14.4/series index 4349920..2032473 100644 --- a/debian/patches/8.14/8.14.4/series +++ b/debian/patches/8.14/8.14.4/series @@ -16,3 +16,4 @@ hurd.patch manpage-section.patch conf.c-ipv6.patch socket_activation.patch +_ffr_tls_ec.patch |