diff options
author | gshapiro <gshapiro@FreeBSD.org> | 2015-03-16 20:24:37 +0000 |
---|---|---|
committer | gshapiro <gshapiro@FreeBSD.org> | 2015-03-16 20:24:37 +0000 |
commit | 8afab6ffc306374d2b05617aafd2dd168ab340e6 (patch) | |
tree | 3dd362bcd960055c63103bc9ded3c5ca10e306c4 /contrib/sendmail | |
parent | 55b7ea0246ccf2153ff8f1541fa8963f4d186659 (diff) | |
download | FreeBSD-src-8afab6ffc306374d2b05617aafd2dd168ab340e6.zip FreeBSD-src-8afab6ffc306374d2b05617aafd2dd168ab340e6.tar.gz |
Default to turning off OpenSSL SSL_OP_TLSEXT_PADDING as it breaks
compatibility with some sites
This change comes from 8.15 but is being backported to FreeBSD releases
not yet using 8.15.
MFC after: 3 days
Noted by: julian@
Diffstat (limited to 'contrib/sendmail')
-rw-r--r-- | contrib/sendmail/src/readcf.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/contrib/sendmail/src/readcf.c b/contrib/sendmail/src/readcf.c index 9189a95..fc3bb90 100644 --- a/contrib/sendmail/src/readcf.c +++ b/contrib/sendmail/src/readcf.c @@ -124,6 +124,11 @@ readcf(cfname, safe, e) | SSL_OP_NO_TICKET #endif ; +# ifdef SSL_OP_TLSEXT_PADDING + /* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */ + Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING; + Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING; +# endif /* SSL_OP_TLSEXT_PADDING */ #endif /* STARTTLS */ if (DontLockReadFiles) sff |= SFF_NOLOCK; @@ -2406,6 +2411,9 @@ static struct ssl_options #ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG { "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG }, #endif +#ifdef SSL_OP_TLSEXT_PADDING + { "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING }, +#endif { NULL, 0 } }; #endif /* STARTTLS && _FFR_TLS_1 */ |