dma: Don't only use TLSv1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-11 19:55:52 +02:00 · 2018-02-11 11:20:01 +00:00
parent b349f4da63
commit f794504ec6
2 changed files with 27 additions and 0 deletions
--- a/lfs/dma
+++ b/lfs/dma
@@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	mkdir -pv /var/ipfire/dma
 	touch /var/ipfire/dma/mail.conf
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dma-0.10-better-authentication.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dma-0.10-better-tls.patch
 	cd $(DIR_APP) && sed -i '/PREFIX/s/usr\/local/usr/g' Makefile
 	cd $(DIR_APP) && sed -i '/CONFDIR/s/etc\/dma/var\/ipfire\/dma/g' Makefile
 	cd $(DIR_APP) && make
--- a/src/patches/dma-0.10-better-tls.patch
+++ b/src/patches/dma-0.10-better-tls.patch
@@ -0,0 +1,26 @@
+commit e94f50bbbe7318eec5b6b165ff73d94bbc9d20b0
+Author: Michael Tremer <michael.tremer@ipfire.org>
+Date:   Sun Feb 11 11:05:43 2018 +0000
+
+    crypto: Don't limit to TLSv1 only
+    
+    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+
+diff --git a/crypto.c b/crypto.c
+index 897b55bfdcfc..440c882880b5 100644
+--- a/crypto.c
+++ b/crypto.c
+@@ -93,7 +93,12 @@ smtp_init_crypto(int fd, int feature)
+ 	SSL_library_init();
+ 	SSL_load_error_strings();
+ 
+-	meth = TLSv1_client_method();
+	// Allow any possible version
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+	meth = TLS_client_method();
+#else
+	meth = SSLv23_client_method();
+#endif
+ 
+ 	ctx = SSL_CTX_new(meth);
+ 	if (ctx == NULL) {