From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] fix #3763: disable renegotiation
Date: Wed, 15 Dec 2021 15:18:36 +0100 [thread overview]
Message-ID: <20211215141836.3406716-1-f.gruenbichler@proxmox.com> (raw)
requires openssl crate with fix[0], like our packaged one.
0: https://github.com/sfackler/rust-openssl/pull/1584
Tested-by: Stoiko Ivanov s.ivanov@proxmox.com
Reviewed-by: Stoiko Ivanov s.ivanov@proxmox.com
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
sending as patch since we could also wait for the PR to land and bump
the dep then accordingly..
Cargo.toml | 2 +-
src/bin/proxmox-backup-proxy.rs | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index d7ad2085..d1fe9c67 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -64,7 +64,7 @@ log = "0.4"
nix = "0.19.1"
num-traits = "0.2"
once_cell = "1.3.1"
-openssl = "0.10"
+openssl = "0.10.38" # currently patched!
pam = "0.7"
pam-sys = "0.5"
percent-encoding = "2.1"
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index 07a53687..5e5babd1 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -348,6 +348,7 @@ fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
.map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
acceptor.set_certificate_chain_file(cert_path)
.map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
+ acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION);
acceptor.check_private_key().unwrap();
Ok(acceptor.build())
--
2.30.2
next reply other threads:[~2021-12-15 14:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-15 14:18 Fabian Grünbichler [this message]
2021-12-27 9:38 ` [pbs-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211215141836.3406716-1-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox