void-packages/srcpkgs/freerdp/patches/patch-libfreerdp-core_tls_c

18 lines
593 B
Plaintext

$OpenBSD: patch-libfreerdp-core_tls_c,v 1.1 2015/02/08 04:55:00 jsing Exp $
--- libfreerdp-core/tls.c.orig Sun Feb 8 04:08:05 2015
+++ libfreerdp-core/tls.c Sun Feb 8 04:12:11 2015
@@ -44,6 +44,13 @@ boolean tls_connect(rdpTls* tls)
*/
SSL_CTX_set_options(tls->ctx, SSL_OP_ALL);
+ /*
+ * Disable the SSL 3.0/TLS 1.0 CBC vulnerability workaround since this
+ * breaks NLA - the remote host will return a TLS alert 50, terminating
+ * the session.
+ */
+ SSL_CTX_set_options(tls->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+
tls->ssl = SSL_new(tls->ctx);
if (tls->ssl == NULL)