7a7e59d2a9
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack (CVE Id pending), improves SSL client security, and provides a couple of bug and porting fixes. Among new features, socat now enables OpenSSL server side use of ECDHE ciphers, providing PFS (Perfect Forward Secrecy) http://www.dest-unreach.org/socat/doc/CHANGES
19 lines
536 B
Diff
19 lines
536 B
Diff
--- socat-1.7.3.0/xio-openssl.c 2015-01-24 15:33:42.000000000 +0100
|
|
+++ socat-1.7.3.0-ecdhe/xio-openssl.c 2015-01-25 13:38:54.353641097 +0100
|
|
@@ -960,7 +960,6 @@
|
|
}
|
|
}
|
|
|
|
-#if defined(EC_KEY) /* not on Openindiana 5.11 */
|
|
{
|
|
/* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */
|
|
int nid;
|
|
@@ -982,7 +981,6 @@
|
|
|
|
SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
|
|
}
|
|
-#endif /* !defined(EC_KEY) */
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
|
if (opt_compress) {
|
|
|