1 files changed, 36 insertions, 0 deletions

diff --git a/core/openssl/disable-tls12-client.patch b/core/openssl/disable-tls12-client.patch
new file mode 100644
index 000000000..edb87e77f
--- /dev/null
+++ b/core/openssl/disable-tls12-client.patch
@@ -0,0 +1,36 @@
+Index: openssl/ssl/t1_lib.c
+RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
+rcsdiff -q -kk '-r1.64.2.14.2.31' '-r1.64.2.14.2.32' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null
+--- t1_lib.c	2012/02/27 16:38:10	1.64.2.14.2.31
++++ t1_lib.c	2012/03/21 21:32:57	1.64.2.14.2.32
+@@ -544,7 +544,7 @@
+ 		}
+ 		skip_ext:
+ 
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
++	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+ 		{
+ 		if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
+ 			return NULL; 
+Index: openssl/ssl/s23_clnt.c
+RCS File: /v/openssl/cvs/openssl/ssl/s23_clnt.c,v
+rcsdiff -q -kk '-r1.43.2.4.2.5' '-r1.43.2.4.2.6' -u '/v/openssl/cvs/openssl/ssl/s23_clnt.c,v' 2>/dev/null
+--- s23_clnt.c	2011/05/19 18:22:15	1.43.2.4.2.5
++++ s23_clnt.c	2012/03/29 19:08:54	1.43.2.4.2.6
+@@ -287,12 +287,14 @@
+ 
+ 	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+ 		ssl2_compat = 0;
+-
++#ifndef OPENSSL_NO_TLS1_2_CLIENT
+ 	if (!(s->options & SSL_OP_NO_TLSv1_2))
+ 		{
+ 		version = TLS1_2_VERSION;
+ 		}
+-	else if (!(s->options & SSL_OP_NO_TLSv1_1))
++	else
++#endif
++	if (!(s->options & SSL_OP_NO_TLSv1_1))
+ 		{
+ 		version = TLS1_1_VERSION;
+ 		}