82c91d56c3
- Fixes fo CVE-2013-2944 - Enabled support for OS IMV/IMC - Created and applied a patch to disable ECP in fedora, because Openssl in Fedora does not allow ECP_256 and ECP_384. It makes it non-compliant to TCG's PTS standard, but there is no choice right now. see redhat bz # 319901. - Enabled Trousers support for TPM based operations.
21 lines
841 B
Diff
21 lines
841 B
Diff
diff -urNp strongswan-5.0.4-patched/src/libpts/pts/pts_dh_group.c strongswan-5.0.4-current/src/libpts/pts/pts_dh_group.c
|
|
--- strongswan-5.0.4-patched/src/libpts/pts/pts_dh_group.c 2013-05-01 15:50:51.332560748 -0400
|
|
+++ strongswan-5.0.4-current/src/libpts/pts/pts_dh_group.c 2013-05-01 15:57:53.545271367 -0400
|
|
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
|
|
{
|
|
DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
|
|
ECP_256_BIT);
|
|
+ /* Openssl in Fedora does not allow ECP_256 and ECP_384, so lets not die
|
|
+ * here. As far as, there is one dh group available, lets continue. It makes
|
|
+ * it non-compliant to TCG's PTS standard, but there is no choice right now.
|
|
+ * see redhat bz # 319901.
|
|
+ */
|
|
+ if(*dh_groups != PTS_DH_GROUP_NONE)
|
|
+ {
|
|
+ return TRUE;
|
|
+ }
|
|
+
|
|
}
|
|
return FALSE;
|
|
}
|