Ticket #9438: filezilla-3.7.3-no-sign-all.patch

File filezilla-3.7.3-no-sign-all.patch, 1.1 KB (added by James Ralston, 10 years ago)

patch to correct FileZilla's ciphers string for GnuTLS < 2.11.5

  • filezilla-3.8.0/src/engine/tlssocket.cpp 

    diff -up filezilla-3.8.0/src/engine/tlssocket.cpp.no-sign-all filezilla-3.8.0/src/engine/tlssocket.cpp
    old new  
    66#include <gnutls/x509.h>
    77#include <errno.h>
    88
    9 #if GNUTLS_VERSION_NUMBER >= 0x030100
    10 char const ciphers[] = "SECURE256:+SECURE128:+ARCFOUR-128:-3DES-CBC:-MD5:+SIGN-ALL:-SIGN-RSA-MD5:+CTYPE-X509:-CTYPE-OPENPGP";
    11 #else
     9#if GNUTLS_VERSION_NUMBER < 0x020b05
     10// Versions before 2.11.5 don't support SIGN-ALL
     11char const ciphers[] = "SECURE128:+ARCFOUR-128:-3DES-CBC:-MD5:+SIGN-RSA-SHA512:+SIGN-RSA-SHA384:+SIGN-RSA-SHA256:+SIGN-RSA-SHA:+SIGN-RSA-RMD160:+SIGN-DSA-SHA:+CTYPE-X509:-CTYPE-OPENPGP";
     12#elif GNUTLS_VERSION_NUMBER < 0x030100
    1213// Versions before 3.1.0 cannot combine level keywords
    1314char const ciphers[] = "SECURE128:+ARCFOUR-128:-3DES-CBC:-MD5:+SIGN-ALL:-SIGN-RSA-MD5:+CTYPE-X509:-CTYPE-OPENPGP";
     15#else
     16char const ciphers[] = "SECURE256:+SECURE128:+ARCFOUR-128:-3DES-CBC:-MD5:+SIGN-ALL:-SIGN-RSA-MD5:+CTYPE-X509:-CTYPE-OPENPGP";
    1417#endif
    1518
    1619//#define TLSDEBUG 1