New upstream release
- Fixes fo CVE-2013-2944 - Enabled support for OS IMV/IMC - Created and applied a patch to disable ECP in fedora, because Openssl in Fedora does not allow ECP_256 and ECP_384. It makes it non-compliant to TCG's PTS standard, but there is no choice right now. see redhat bz # 319901. - Enabled Trousers support for TPM based operations.
This commit is contained in:
Avesh Agarwal
committed by
Jamie Nguyen
Jamie Nguyen
parent
bc95a594ac
commit
84852c31c6
20
strongswan-pts-ecp-disable.patch
Normal file
20
strongswan-pts-ecp-disable.patch
Normal file
@@ -0,0 +1,20 @@
|
||||
diff -urNp strongswan-5.0.4-patched/src/libpts/pts/pts_dh_group.c strongswan-5.0.4-current/src/libpts/pts/pts_dh_group.c
|
||||
--- strongswan-5.0.4-patched/src/libpts/pts/pts_dh_group.c 2013-05-01 15:50:51.332560748 -0400
|
||||
+++ strongswan-5.0.4-current/src/libpts/pts/pts_dh_group.c 2013-05-01 15:57:53.545271367 -0400
|
||||
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
|
||||
{
|
||||
DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
|
||||
ECP_256_BIT);
|
||||
+ /* Openssl in Fedora does not allow ECP_256 and ECP_384, so lets not die
|
||||
+ * here. As far as, there is one dh group available, lets continue. It makes
|
||||
+ * it non-compliant to TCG's PTS standard, but there is no choice right now.
|
||||
+ * see redhat bz # 319901.
|
||||
+ */
|
||||
+ if(*dh_groups != PTS_DH_GROUP_NONE)
|
||||
+ {
|
||||
+ return TRUE;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
Reference in New Issue
Block a user