[pbs-devel] [PATCH proxmox-backup] fix #3763: disable renegotiation

public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [pbs-devel] [PATCH proxmox-backup] fix #3763: disable renegotiation
@ 2021-12-15 14:18 Fabian Grünbichler
  2021-12-27  9:38 ` [pbs-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Fabian Grünbichler @ 2021-12-15 14:18 UTC (permalink / raw)
  To: pbs-devel

requires openssl crate with fix[0], like our packaged one.

0: https://github.com/sfackler/rust-openssl/pull/1584

Tested-by: Stoiko Ivanov s.ivanov@proxmox.com
Reviewed-by: Stoiko Ivanov s.ivanov@proxmox.com

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
sending as patch since we could also wait for the PR to land and bump
the dep then accordingly..

 Cargo.toml                      | 2 +-
 src/bin/proxmox-backup-proxy.rs | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index d7ad2085..d1fe9c67 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -64,7 +64,7 @@ log = "0.4"
 nix = "0.19.1"
 num-traits = "0.2"
 once_cell = "1.3.1"
-openssl = "0.10"
+openssl = "0.10.38" # currently patched!
 pam = "0.7"
 pam-sys = "0.5"
 percent-encoding = "2.1"
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index 07a53687..5e5babd1 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -348,6 +348,7 @@ fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
         .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
     acceptor.set_certificate_chain_file(cert_path)
         .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
+    acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION);
     acceptor.check_private_key().unwrap();
 
     Ok(acceptor.build())
-- 
2.30.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* [pbs-devel] applied: Re: [PATCH proxmox-backup] fix #3763: disable renegotiation
  2021-12-15 14:18 [pbs-devel] [PATCH proxmox-backup] fix #3763: disable renegotiation Fabian Grünbichler
@ 2021-12-27  9:38 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-12-27  9:38 UTC (permalink / raw)
  To: Proxmox Backup Server development discussion, Fabian Grünbichler

On 15/12/2021 15:18, Fabian Grünbichler wrote:
> requires openssl crate with fix[0], like our packaged one.
> 
> 0: https://github.com/sfackler/rust-openssl/pull/1584
> 
> Tested-by: Stoiko Ivanov s.ivanov@proxmox.com
> Reviewed-by: Stoiko Ivanov s.ivanov@proxmox.com
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> sending as patch since we could also wait for the PR to land and bump
> the dep then accordingly..
> 
>  Cargo.toml                      | 2 +-
>  src/bin/proxmox-backup-proxy.rs | 1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
>

applied, thanks!




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-12-27  9:38 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-15 14:18 [pbs-devel] [PATCH proxmox-backup] fix #3763: disable renegotiation Fabian Grünbichler
2021-12-27  9:38 ` [pbs-devel] applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal