You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by jf...@apache.org on 2018/11/29 13:06:21 UTC
svn commit: r1847714 - /tomcat/native/trunk/native/src/sslconf.c
Author: jfclere
Date: Thu Nov 29 13:06:21 2018
New Revision: 1847714
URL: http://svn.apache.org/viewvc?rev=1847714&view=rev
Log:
Allow to compile with --enable-insecure-export-ciphers
Modified:
tomcat/native/trunk/native/src/sslconf.c
Modified: tomcat/native/trunk/native/src/sslconf.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslconf.c?rev=1847714&r1=1847713&r2=1847714&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslconf.c (original)
+++ tomcat/native/trunk/native/src/sslconf.c Thu Nov 29 13:06:21 2018
@@ -220,8 +220,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)
unsigned long ec;
#ifndef HAVE_EXPORT_CIPHERS
size_t len;
- char *buf = NULL;
#endif
+ char *buf = NULL;
TCN_ALLOC_CSTRING(cmd);
TCN_ALLOC_CSTRING(value);
UNREFERENCED(o);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1847714 - /tomcat/native/trunk/native/src/sslconf.c
Posted by jean-frederic clere <jf...@gmail.com>.
On 29/11/2018 18:25, Christopher Schultz wrote:
> Jean-Frederic,
>
> On 11/29/18 12:18, jean-frederic clere wrote:
>> On 29/11/2018 18:13, Christopher Schultz wrote:
>>> Jean-Frederic,
>>>
>>> On 11/29/18 08:06, jfclere@apache.org wrote:
>>>> Author: jfclere Date: Thu Nov 29 13:06:21 2018 New Revision:
>>>> 1847714
>>>
>>>> URL: http://svn.apache.org/viewvc?rev=1847714&view=rev Log:
>>>> Allow to compile with --enable-insecure-export-ciphers
>>>
>>> **WHY**?!
>
>> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslconf.c?
> view=markup&pathrev=1847714#l252
>
>> that can't compile otherwise.
>
> Oh, I know the "technical" answer, but why should we ever allow
> --enable-insecure-export-ciphers?
>
> Are there a lot of people who want to use the TLS_RSA_ROT13_MD5 cipher
> suite?
To test the broken TLS-1.0 in my case :D, customers using broken, unsafe
browser or clients...
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1847714 - /tomcat/native/trunk/native/src/sslconf.c
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jean-Frederic,
On 11/29/18 12:18, jean-frederic clere wrote:
> On 29/11/2018 18:13, Christopher Schultz wrote:
>> Jean-Frederic,
>>
>> On 11/29/18 08:06, jfclere@apache.org wrote:
>>> Author: jfclere Date: Thu Nov 29 13:06:21 2018 New Revision:
>>> 1847714
>>
>>> URL: http://svn.apache.org/viewvc?rev=1847714&view=rev Log:
>>> Allow to compile with --enable-insecure-export-ciphers
>>
>> **WHY**?!
>
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslconf.c?
view=markup&pathrev=1847714#l252
>
> that can't compile otherwise.
Oh, I know the "technical" answer, but why should we ever allow
- --enable-insecure-export-ciphers?
Are there a lot of people who want to use the TLS_RSA_ROT13_MD5 cipher
suite?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwAIOsACgkQHPApP6U8
pFi6eRAAqe8wjvpnbXUx1wu7OBnsKYNRndWJvCYJ5HqPP2Aq3BHj6afBi56MKsmU
UVKC+/L6nPdzDhR9GmBAHCDYVdgWxpq1GtDH8QIoYiZh/2pwzGd7Ai5/XeRjpjqx
m8Yl6k8vHIGcgTe1+AZ0/cU3zm925ENDNfcyEVqIfRT+n1PY0kZokcgJIZpg2du5
XsqwKwAw760CbiEt3ygF6AWOdQVZ1oFEQh8RhxIG9dhdApgVX6ddH4L4ikz5MGG8
r+Fdpd24XeSKMMXmi+tx81ADukcRY9ybHFCNZ+YMUqmfQLn3L0y6C0lF2vBk8qFa
GmoE7J1KLbDd6qgAMRZLaleoTZIFyEYM53gAB0sOuPfu01dGvBhwj2GhiusDnWy7
n7R1GZfM6MUikNvGe2HBDF+lUyqixFJwrE1Q98ZNoGhD7jr7OIH+/5zDKDBDwuvK
f2JnlE14lzsiqzjf51owkjQNizrUXF2Xilr17gmkJT8qckmW5rcVVfkOmnHdVKHS
U3IEseOcZQkm4j0jwVjAosPtf25cupwSXTH368sszAa9sh287lJsFz5aaOp6E/Rt
2EsgDI03fE4vm9R+xaDKAd3cjO83nIT0REx2/DMTI6l/Y/d1vNP8KT6GsE4TzKIx
PY5r6dWQV2qFvg0JtYxOedMKtoYCByRUmXM1YcRdJ3DYBgfMFeM=
=MCjw
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1847714 - /tomcat/native/trunk/native/src/sslconf.c
Posted by jean-frederic clere <jf...@gmail.com>.
On 29/11/2018 18:13, Christopher Schultz wrote:
> Jean-Frederic,
>
> On 11/29/18 08:06, jfclere@apache.org wrote:
>> Author: jfclere Date: Thu Nov 29 13:06:21 2018 New Revision:
>> 1847714
>
>> URL: http://svn.apache.org/viewvc?rev=1847714&view=rev Log: Allow
>> to compile with --enable-insecure-export-ciphers
>
> **WHY**?!
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslconf.c?view=markup&pathrev=1847714#l252
that can't compile otherwise.
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1847714 - /tomcat/native/trunk/native/src/sslconf.c
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jean-Frederic,
On 11/29/18 08:06, jfclere@apache.org wrote:
> Author: jfclere Date: Thu Nov 29 13:06:21 2018 New Revision:
> 1847714
>
> URL: http://svn.apache.org/viewvc?rev=1847714&view=rev Log: Allow
> to compile with --enable-insecure-export-ciphers
**WHY**?!
- -chris
> Modified: tomcat/native/trunk/native/src/sslconf.c
>
> Modified: tomcat/native/trunk/native/src/sslconf.c URL:
> http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslconf.c?
rev=1847714&r1=1847713&r2=1847714&view=diff
>
>
========================================================================
======
> --- tomcat/native/trunk/native/src/sslconf.c (original) +++
> tomcat/native/trunk/native/src/sslconf.c Thu Nov 29 13:06:21 2018
> @@ -220,8 +220,8 @@ TCN_IMPLEMENT_CALL(jint, SSLConf, apply)
> unsigned long ec; #ifndef HAVE_EXPORT_CIPHERS size_t len; - char
> *buf = NULL; #endif + char *buf = NULL; TCN_ALLOC_CSTRING(cmd);
> TCN_ALLOC_CSTRING(value); UNREFERENCED(o);
>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwAHh0ACgkQHPApP6U8
pFhw5A/+ID8JAnZYLfPn11OVem/f+LMuD+gI4Ixkee6a0tR/1ybbxB1Xf0nH4rqw
HddBmCWncQaXwuQAahqkco8Oz5+h3aVA1FbZihsbSYoH68dWGZJGGgnQHZPvML9k
ypC19B4I+AisD9XTbDczszvo+cNoH3aBpOvyhPGE1KHs6/eFR86phPJzcGrke04l
UtYTLV/MO1RPYcOniCSm/5nrp8kJg2kSrIY2RfACFVFHQDSslPeMKkV0lLMg5/m3
NpvFF2v1pwf0HzW8SoUO72NMOYq/cyPmuyQAYSEgl0dO42Py2ZsG2TwYvQASRMzR
o1KQ09EHvJnNbGU12NwG1O++0fH0C4URbXcVVCIgdTS79qVN+bcud+4YsU1pHMcf
On6yvgeE9q2b0deyhAIkDyBel2v8z4ksDPBoHaCzxNfnDQJPnF9Bb54YTrfGj0qh
OGe7Ir6GCYVlUj75S+tb/78k9Mc1if6Polpp0I4Y9Pu7AS45MU5+EYeJXhh1QK8q
eiZ5UJt3/QEfXXltqNcbLSivmUxfXQE+DGSGP2tm/jC8Hii1V0BwiqZfMKnN6Z/E
NYiuy6bWpEWCSZDaZDh+ZP9gR6H0DFfwDA1R5GpH7JH31JhTIHypEtjNg67ITymU
oJU5XmiqaLegpx0n4HQi0E6By53HV6vDhAuN+Q767W7pBUUVQvA=
=hyDx
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org