RE: [Pound Mailing List] Pound patch

Tue, 26 Jun 2012 06:32:31 -0700 

If you’re applying against Pound 2.6 final, use the patch here:
https://github.com/goochjj/pound/commit/2f69c71b0314538f2a6218f624bdd2b954e5dbc8.patch

That should fix you right up.
Joe


From: Ricardo Santos [mailto:[email protected]]
Sent: Saturday, June 23, 2012 3:42 AM
To: pound
Subject: [Pound Mailing List] Pound patch

Hi there.

I have used the pound patch

http://goochfriend.org/pound_2.6f_ssl_renegotiation_and_ciphers_v2.patch


on the last stable version of Pound, but when I applied the patch it gave me a 
rejection file (config.c.rej) with:

@@ -1022,6 +1033,23 @@
             lin[matches[1].rm_eo] = '\0';
             if((res->add_head = strdup(lin + matches[1].rm_so)) == NULL)
                 conf_err("AddHeader config: out of memory - aborted");
+        } else if(!regexec(&SSLAllowClientRenegotiation, lin, 4, matches, 0)) {
+            res->allow_client_reneg = atoi(lin + matches[1].rm_so);
+            if (res->allow_client_reneg == 2) {
+                ssl_op_enable |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                ssl_op_disable &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+            } else {
+                ssl_op_disable |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                ssl_op_enable &= ~SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+            }
+        } else if(!regexec(&SSLHonorCipherOrder, lin, 4, matches, 0)) {
+            if (atoi(lin + matches[1].rm_so)) {
+                ssl_op_enable |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+                ssl_op_disable &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
+            } else {
+                ssl_op_disable |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+                ssl_op_enable &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
+            }
         } else if(!regexec(&Ciphers, lin, 4, matches, 0)) {
             has_other = 1;
             if(res->ctx == NULL)

What I have done to solve it and include those options in the pound.cfg, was to 
remove these lines from config.c:

    } else {
                if((res->add_head = realloc(res->add_head, strlen(res->add_head)
 + strlen(lin + matches[1].rm_so) + 3)) == NULL)
                    conf_err("AddHeader config: out of memory - aborted");
                strcat(res->add_head, "\r\n");
                strcat(res->add_head, lin + matches[1].rm_so);
            }

But I don't know what are the implications of that. Is there any problem when 
removing these lines?

Thanks.
--
Ricardo Santos

Reply via email to