[oe-commits] Marco Trevisan ( Treviño ) : libsoup-2.4: added TLS 1. 2 support patch
git version control
git at git.openembedded.org
Fri Nov 19 10:17:53 UTC 2010
Module: openembedded.git
Branch: master
Commit: de7821a44014ec99c9006eee57af2903444b5cf3
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=de7821a44014ec99c9006eee57af2903444b5cf3
Author: Marco Trevisan (Treviño) <mail at 3v1n0.net>
Date: Thu Nov 18 20:18:58 2010 +0000
libsoup-2.4: added TLS 1.2 support patch
* Added patch to libsoup-2.4 to make it work with secure connections
when using gnutls v2.10 and higher.
* Now webkit based browsers works with HTTPS too.
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
...isable-TLS-1.2-in-addition-to-1.0-and-1.1.patch | 29 ++++++++++++++++++++
recipes/gnome/libsoup-2.4_2.29.91.bb | 4 +++
2 files changed, 33 insertions(+), 0 deletions(-)
diff --git a/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch b/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch
new file mode 100644
index 0000000..1a03581
--- /dev/null
+++ b/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch
@@ -0,0 +1,29 @@
+From 01a43ad9824fba77384534c6d588e0e0d653986e Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw at gnome.org>
+Date: Tue, 29 Jun 2010 13:43:20 +0000
+Subject: Disable TLS 1.2 in addition to 1.0 and 1.1
+
+Due to bug 581342 we want to only negotiate SSL 3.0. Previously we
+were telling gnutls to not do TLS1.0 or TLS1.1, but that means with
+newer versions of gnutls that support TLS1.2 it would try to negotiate
+that instead and generally fail. Fix that by disabling TLS1.2 too
+(which works fine even with gnutls versions that don't support TLS1.2
+yet).
+
+https://bugzilla.gnome.org/show_bug.cgi?id=622857
+---
+diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c
+index cb0fbe5..0b57f28 100644
+--- a/libsoup/soup-gnutls.c
++++ b/libsoup/soup-gnutls.c
+@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking,
+ goto THROW_CREATE_ERROR;
+
+ /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */
+- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
++ if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0)
+ goto THROW_CREATE_ERROR;
+
+ if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE,
+--
+cgit v0.8.3.1
diff --git a/recipes/gnome/libsoup-2.4_2.29.91.bb b/recipes/gnome/libsoup-2.4_2.29.91.bb
index 46afd23..85f9fbb 100644
--- a/recipes/gnome/libsoup-2.4_2.29.91.bb
+++ b/recipes/gnome/libsoup-2.4_2.29.91.bb
@@ -3,12 +3,16 @@ SECTION = "x11/gnome/libs"
LICENSE = "GPL"
DEPENDS = "libproxy glib-2.0 gnutls libxml2 sqlite3 gnome-keyring"
+PR = "r1"
+
inherit gnome
SRC_URI = "${GNOME_MIRROR}/libsoup/${@gnome_verdir("${PV}")}/libsoup-${PV}.tar.bz2;name=libsoup"
SRC_URI[libsoup.md5sum] = "900390c0ead254fbb23f3f0b84fd18bb"
SRC_URI[libsoup.sha256sum] = "626c88f6b87463cb092733d2bcd5672ca69529a766cc6c5cc817f34b49c821b1"
+SRC_URI += "file://Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch"
+
S = "${WORKDIR}/libsoup-${PV}"
PACKAGES =+ "libsoup-gnome"
More information about the Openembedded-commits
mailing list