Il giorno gio, 18/11/2010 alle 21.16 +0100, Martin Jansa ha scritto: > On Thu, Nov 18, 2010 at 09:09:41PM +0100, Marco Trevisan (Treviño) wrote: > > Patch for OE to make libsoup 2.4 to work with TLS 1.2 connections, as > > required by gnutls 2.10 and higher. > > > > This patch finally fixes the HTTPS issues of the OE webkit-based > > browsers. ;) > > Please split webkit-efl change to separate patch.
Sorry, I did "git commit -a" instead of just "git commit"... :P Here you are the fixed patch ;)
From dba11701ca73d29725d8dd03e62aea5a8951680b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20(Trevi=C3=B1o)?= <[email protected]> Date: Thu, 18 Nov 2010 22:17:14 +0100 Subject: [PATCH] libsoup-2.4: added TLS 1.2 support patch Added patch to libsoup-2.4 to make it work with secure connections when using gnutls v2.10 and higher. Now webkit based browsers works with HTTPS too. --- ...isable-TLS-1.2-in-addition-to-1.0-and-1.1.patch | 29 ++++++++++++++++++++ recipes/gnome/libsoup-2.4_2.29.91.bb | 4 +++ 2 files changed, 33 insertions(+), 0 deletions(-) create mode 100644 recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch diff --git a/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch b/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch new file mode 100644 index 0000000..1a03581 --- /dev/null +++ b/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch @@ -0,0 +1,29 @@ +From 01a43ad9824fba77384534c6d588e0e0d653986e Mon Sep 17 00:00:00 2001 +From: Dan Winship <[email protected]> +Date: Tue, 29 Jun 2010 13:43:20 +0000 +Subject: Disable TLS 1.2 in addition to 1.0 and 1.1 + +Due to bug 581342 we want to only negotiate SSL 3.0. Previously we +were telling gnutls to not do TLS1.0 or TLS1.1, but that means with +newer versions of gnutls that support TLS1.2 it would try to negotiate +that instead and generally fail. Fix that by disabling TLS1.2 too +(which works fine even with gnutls versions that don't support TLS1.2 +yet). + +https://bugzilla.gnome.org/show_bug.cgi?id=622857 +--- +diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c +index cb0fbe5..0b57f28 100644 +--- a/libsoup/soup-gnutls.c ++++ b/libsoup/soup-gnutls.c +@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking, + goto THROW_CREATE_ERROR; + + /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */ +- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) ++ if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) + goto THROW_CREATE_ERROR; + + if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, +-- +cgit v0.8.3.1 diff --git a/recipes/gnome/libsoup-2.4_2.29.91.bb b/recipes/gnome/libsoup-2.4_2.29.91.bb index 46afd23..85f9fbb 100644 --- a/recipes/gnome/libsoup-2.4_2.29.91.bb +++ b/recipes/gnome/libsoup-2.4_2.29.91.bb @@ -3,12 +3,16 @@ SECTION = "x11/gnome/libs" LICENSE = "GPL" DEPENDS = "libproxy glib-2.0 gnutls libxml2 sqlite3 gnome-keyring" +PR = "r1" + inherit gnome SRC_URI = "${GNOME_MIRROR}/libsoup/$...@gnome_verdir("${PV}")}/libsoup-${PV}.tar.bz2;name=libsoup" SRC_URI[libsoup.md5sum] = "900390c0ead254fbb23f3f0b84fd18bb" SRC_URI[libsoup.sha256sum] = "626c88f6b87463cb092733d2bcd5672ca69529a766cc6c5cc817f34b49c821b1" +SRC_URI += "file://Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch" + S = "${WORKDIR}/libsoup-${PV}" PACKAGES =+ "libsoup-gnome" -- 1.7.1
_______________________________________________ Shr-devel mailing list [email protected] http://lists.shr-project.org/mailman/listinfo/shr-devel
