diff options
Diffstat (limited to 'extra/qt/disable-ssl-compression.patch')
-rw-r--r-- | extra/qt/disable-ssl-compression.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/extra/qt/disable-ssl-compression.patch b/extra/qt/disable-ssl-compression.patch deleted file mode 100644 index 443af57f3..000000000 --- a/extra/qt/disable-ssl-compression.patch +++ /dev/null @@ -1,68 +0,0 @@ -From d41dc3e101a694dec98d7bbb582d428d209e5401 Mon Sep 17 00:00:00 2001 -From: Richard Moore <rich@kde.org> -Date: Fri, 14 Sep 2012 00:13:08 +0100 -Subject: [PATCH] Disable SSL compression by default. - -Disable SSL compression by default since this appears to be the a likely -cause of the currently hyped CRIME attack. - -This is a backport of 5ea896fbc63593f424a7dfbb11387599c0025c74 - -Change-Id: I6eeefb23c6b140a9633b28ed85879459c474348a -Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> -Reviewed-by: Peter Hartmann <phartmann@rim.com> ---- - src/network/ssl/qssl.cpp | 5 +++-- - src/network/ssl/qsslconfiguration.cpp | 4 +++- - src/network/ssl/qsslconfiguration_p.h | 4 +++- - 3 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp -index 49e086f..9578178 100644 ---- a/src/network/ssl/qssl.cpp -+++ b/src/network/ssl/qssl.cpp -@@ -148,8 +148,9 @@ QT_BEGIN_NAMESPACE - - By default, SslOptionDisableEmptyFragments is turned on since this causes - problems with a large number of servers. SslOptionDisableLegacyRenegotiation -- is also turned on, since it introduces a security risk. The other options -- are turned off. -+ is also turned on, since it introduces a security risk. -+ SslOptionDisableCompression is turned on to prevent the attack publicised by -+ CRIME. The other options are turned off. - - Note: Availability of above options depends on the version of the SSL - backend in use. -diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp -index 24c7b77..3a05f54 100644 ---- a/src/network/ssl/qsslconfiguration.cpp -+++ b/src/network/ssl/qsslconfiguration.cpp -@@ -201,7 +201,9 @@ bool QSslConfiguration::isNull() const - d->privateKey.isNull() && - d->peerCertificate.isNull() && - d->peerCertificateChain.count() == 0 && -- d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)); -+ d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments -+ |QSsl::SslOptionDisableLegacyRenegotiation -+ |QSsl::SslOptionDisableCompression)); - } - - /*! -diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h -index 74f17cd..c36b651 100644 ---- a/src/network/ssl/qsslconfiguration_p.h -+++ b/src/network/ssl/qsslconfiguration_p.h -@@ -83,7 +83,9 @@ public: - : protocol(QSsl::SecureProtocols), - peerVerifyMode(QSslSocket::AutoVerifyPeer), - peerVerifyDepth(0), -- sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation) -+ sslOptions(QSsl::SslOptionDisableEmptyFragments -+ |QSsl::SslOptionDisableLegacyRenegotiation -+ |QSsl::SslOptionDisableCompression) - { } - - QSslCertificate peerCertificate; --- -1.7.10 - |