Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stunnel: check ECDSA certs curves #712

Merged
merged 1 commit into from
Nov 25, 2019
Merged

stunnel: check ECDSA certs curves #712

merged 1 commit into from
Nov 25, 2019

Conversation

vktg
Copy link
Contributor

@vktg vktg commented Nov 23, 2019

Redmine Issue: https://redmine.pfsense.org/issues/9919
Ready for review

stunnel client can use cert with any ECDSA curve,
but if stunnel server use incorrect (not prime256v1, secp384r1, secp521r1) curve, an error occurs:
SSL_connect: /build/ce-crossbuild-master/pfSense/tmp/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1528: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

same func as #710
maybe we can create system-wide pkg_get_ca_or_certs($type) function?

@vktg vktg mentioned this pull request Nov 23, 2019
Merged
@rbgarga rbgarga requested a review from jim-p November 25, 2019 13:42
@jim-p
Copy link
Contributor

jim-p commented Nov 25, 2019

I added an extra parameter to cert_build_list() which will generate this output format. https://redmine.pfsense.org/issues/9923 pfsense/pfsense@59fac81
Additionally, if you add a function_exists test that looks for cert_build_list(), packages could fall back to the old behavior, so that we can keep them in sync between 2.4.4 and 2.5.0.

netgate-git-updates pushed a commit that referenced this pull request Nov 25, 2019
@rbgarga
Merge pull request #712 from vktg/stunnelecdsa
11b167c
@netgate-git-updates netgate-git-updates merged commit f0ed5d3 into pfsense:devel Nov 25, 2019
@DandelionSprout DandelionSprout mentioned this pull request Nov 26, 2019
Merged
netgate-git-updates pushed a commit that referenced this pull request Nov 27, 2021
@tcberner
graphics/ksnip: update to 1.9.2
5c14e0d 
Changelog:
	* Fixed: Version `Qt_5.15' not found (required by
	  /usr/bin/ksnip). (#712)
	* Fixed: CI packages show continuous suffix for tagged build.
	  (#710)
	* Fixed: kImageAnnotator not translated with deb package. (#359)
	* Fixed: Windows packages increased in size. (#713)
	* Fixed: The string 'Actions' is not available for translation.
	  (#729)
	* Fixed: HiDPI issue with multiple screen on Windows. (#668)
	* Fixed: Snipping Area not closing when pressing ESC. (#735)
	* Fixed: Sometimes "Snipping Area Rulers" not shown after
	  starting rectangular selection. (#684)
	* Fixed: Cursor not positioned correctly when snipping area
	  opens. (#736)
	* Fixed: Mouse cursor not captured when triggered via global
	  shortcut. (#737)
	* Fixed: Dual 4K screens get scrambled on X11. (#734)
	* Fixed: VCRUNTIME140_1.dll was not found. (#743)
	* Fixed: Screenshot area issue when monitor count changes on
	  Windows. (#722)
	* Fixed: Wayland does not support QWindow::requestActivate().
	  (#656)
	* Fixed: Wrong area is captured on a Wayland screen scaling.
	  (#691)
	* Changed: Enforce xdg-desktop-portal screenshots for Gnome >=
	  41. (#727)
	* Fixed kImageAnnotator: Crash while typing text on wayland.
	  (#256)
	* Changed kImageAnnotator: Show scrollbar when not all tools
	  visible. (#258)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jim-p jim-p Awaiting requested review from jim-p

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@vktg @jim-p @netgate-git-updates