lkundrak / rpms / strongswan

Forked from rpms/strongswan 6 years ago
Clone
Source Code
GIT

Files

el6 epel7 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 lr/dbus-policy master
  1.   f17
  2.   strongswan-pts-ecp-disable.patch
Blob Blame History Raw 
diff -urNp strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c
--- strongswan-5.1.1-patched/src/libpts/pts/pts_dh_group.c	2013-11-01 13:12:05.985927156 -0400
+++ strongswan-5.1.1-current/src/libpts/pts/pts_dh_group.c	2013-11-01 13:15:12.192920500 -0400
@@ -74,6 +74,16 @@ bool pts_dh_group_probe(pts_dh_group_t *
 	{
 		DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
 											ECP_256_BIT);
+		/* Openssl in Fedora does not allow ECP_256 and ECP_384, so lets not die
+ 		 * here. As far as, there is one dh group available, lets continue. It makes
+ 		 * it non-compliant to TCG's PTS standard, but there is no choice right now.
+ 		 * see redhat bz # 319901.	
+ 		 */ 
+		if(*dh_groups != PTS_DH_GROUP_NONE) 
+		{
+			return TRUE;		
+		}
+
 	}
 	return FALSE;
 }
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.