fix #3763: disable renegotiation
requires openssl crate with fix[0], like our packaged one. 0: https://github.com/sfackler/rust-openssl/pull/1584 Tested-by: Stoiko Ivanov s.ivanov@proxmox.com Reviewed-by: Stoiko Ivanov s.ivanov@proxmox.com Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
f30ada6bbe
commit
a0c69902c8
@ -64,7 +64,7 @@ log = "0.4"
|
||||
nix = "0.19.1"
|
||||
num-traits = "0.2"
|
||||
once_cell = "1.3.1"
|
||||
openssl = "0.10"
|
||||
openssl = "0.10.38" # currently patched!
|
||||
pam = "0.7"
|
||||
pam-sys = "0.5"
|
||||
percent-encoding = "2.1"
|
||||
|
@ -348,6 +348,7 @@ fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
|
||||
.map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
|
||||
acceptor.set_certificate_chain_file(cert_path)
|
||||
.map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
|
||||
acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION);
|
||||
acceptor.check_private_key().unwrap();
|
||||
|
||||
Ok(acceptor.build())
|
||||
|
Loading…
Reference in New Issue
Block a user