Hi there.

I have used the pound patch

http://goochfriend.org/pound_2.6f_ssl_renegotiation_and_ciphers_v2.patch


on the last stable version of Pound, but when I applied the patch it gave
me a rejection file (config.c.rej) with:

@@ -1022,6 +1033,23 @@
             lin[matches[1].rm_eo] = '\0';
             if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL)
                 conf_err("AddHeader config: out of memory - aborted");
+        } else if(!regexec(&SSLAllowClientRenegotiation, lin, 4, matches,
0)) {
+            res->allow_client_reneg = atoi(lin + matches[1].rm_so);
+            if (res->allow_client_reneg == 2) {
+                ssl_op_enable |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                ssl_op_disable &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_
RENEGOTIATION;
+            } else {
+                ssl_op_disable |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                ssl_op_enable &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+            }
+        } else if(!regexec(&SSLHonorCipherOrder, lin, 4, matches, 0)) {
+            if (atoi(lin + matches[1].rm_so)) {
+                ssl_op_enable |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+                ssl_op_disable &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
+            } else {
+                ssl_op_disable |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+                ssl_op_enable &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
+            }
         } else if(!regexec(&Ciphers, lin, 4, matches, 0)) {
             has_other = 1;
             if(res->ctx == NULL)

What I have done to solve it and include those options in the pound.cfg,
was to remove these lines from config.c:

    } else {
                if((res->add_head = realloc(res->add_head,
strlen(res->add_head)
 + strlen(lin + matches[1].rm_so) + 3)) == NULL)
                    conf_err("AddHeader config: out of memory - aborted");
                strcat(res->add_head, "\r\n");
                strcat(res->add_head, lin + matches[1].rm_so);
            }

But I don't know what are the implications of that. Is there any problem
when removing these lines?

Thanks.

--
Ricardo Santos

Reply via email to