Patch for OE to make libsoup 2.4 to work with TLS 1.2 connections, as required by gnutls 2.10 and higher.
This patch finally fixes the HTTPS issues of the OE webkit-based browsers. ;)
From 682780b728e041a0c54e4bd94be4cec369affa9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20(Trevi=C3=B1o)?= <[email protected]> Date: Thu, 18 Nov 2010 21:03:37 +0100 Subject: [PATCH] libsoup-2.4: added TLS 1.2 support patch Added patch to libsoup-2.4 to make it work with secure connections when using gnutls v2.10 and higher. Now webkit based browsers works with HTTPS too. --- ...isable-TLS-1.2-in-addition-to-1.0-and-1.1.patch | 29 ++++++++++++++++++++ recipes/gnome/libsoup-2.4_2.29.91.bb | 4 +++ recipes/webkit/webkit-efl_svn.bb | 6 ++-- 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch diff --git a/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch b/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch new file mode 100644 index 0000000..1a03581 --- /dev/null +++ b/recipes/gnome/libsoup-2.4/Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch @@ -0,0 +1,29 @@ +From 01a43ad9824fba77384534c6d588e0e0d653986e Mon Sep 17 00:00:00 2001 +From: Dan Winship <[email protected]> +Date: Tue, 29 Jun 2010 13:43:20 +0000 +Subject: Disable TLS 1.2 in addition to 1.0 and 1.1 + +Due to bug 581342 we want to only negotiate SSL 3.0. Previously we +were telling gnutls to not do TLS1.0 or TLS1.1, but that means with +newer versions of gnutls that support TLS1.2 it would try to negotiate +that instead and generally fail. Fix that by disabling TLS1.2 too +(which works fine even with gnutls versions that don't support TLS1.2 +yet). + +https://bugzilla.gnome.org/show_bug.cgi?id=622857 +--- +diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c +index cb0fbe5..0b57f28 100644 +--- a/libsoup/soup-gnutls.c ++++ b/libsoup/soup-gnutls.c +@@ -477,7 +477,7 @@ soup_ssl_wrap_iochannel (GIOChannel *sock, gboolean non_blocking, + goto THROW_CREATE_ERROR; + + /* See http://bugzilla.gnome.org/show_bug.cgi?id=581342 */ +- if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) ++ if (gnutls_priority_set_direct (session, "NORMAL:!VERS-TLS1.2:!VERS-TLS1.1:!VERS-TLS1.0", NULL) != 0) + goto THROW_CREATE_ERROR; + + if (gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, +-- +cgit v0.8.3.1 diff --git a/recipes/gnome/libsoup-2.4_2.29.91.bb b/recipes/gnome/libsoup-2.4_2.29.91.bb index 46afd23..85f9fbb 100644 --- a/recipes/gnome/libsoup-2.4_2.29.91.bb +++ b/recipes/gnome/libsoup-2.4_2.29.91.bb @@ -3,12 +3,16 @@ SECTION = "x11/gnome/libs" LICENSE = "GPL" DEPENDS = "libproxy glib-2.0 gnutls libxml2 sqlite3 gnome-keyring" +PR = "r1" + inherit gnome SRC_URI = "${GNOME_MIRROR}/libsoup/$...@gnome_verdir("${PV}")}/libsoup-${PV}.tar.bz2;name=libsoup" SRC_URI[libsoup.md5sum] = "900390c0ead254fbb23f3f0b84fd18bb" SRC_URI[libsoup.sha256sum] = "626c88f6b87463cb092733d2bcd5672ca69529a766cc6c5cc817f34b49c821b1" +SRC_URI += "file://Disable-TLS-1.2-in-addition-to-1.0-and-1.1.patch" + S = "${WORKDIR}/libsoup-${PV}" PACKAGES =+ "libsoup-gnome" diff --git a/recipes/webkit/webkit-efl_svn.bb b/recipes/webkit/webkit-efl_svn.bb index 33bffdf..893b4aa 100644 --- a/recipes/webkit/webkit-efl_svn.bb +++ b/recipes/webkit/webkit-efl_svn.bb @@ -1,12 +1,12 @@ DESCRIPTION = "Webkit browser engine, EFL edition" LICENSE = "GPL" DEPENDS = "icu libxslt sqlite3 gperf-native bison-native flex-native jpeg \ - libpng libxt fontconfig cairo freetype glib-2.0 libsoup-2.4 \ + libpng libxt fontconfig cairo freetype curl \ libxml2 pango eina ecore evas edje" SRCREV = "71965" PV = "1.3.4+svnr${SRCPV}" -PR = "r1" +PR = "r2" SRCREV_FORMAT = "webcore-rwebkit" @@ -34,7 +34,7 @@ inherit cmake lib_package pkgconfig # WebCore::ColorDataHash::colordata_hash_function(char const*, unsigned int)': ARM_INSTRUCTION_SET = "ARM" -EXTRA_OECMAKE = "-DPORT=Efl -DSHARED_CORE=ON" +EXTRA_OECMAKE = "-DPORT=Efl -DSHARED_CORE=ON -DNETWORK_BACKEND=curl -DENABLE_GLIB_SUPPORT=OFF -DENABLE_VIDEO=OFF" do_unpack_append() { bb.build.exec_func('do_move_files', d) -- 1.7.1
_______________________________________________ Shr-devel mailing list [email protected] http://lists.shr-project.org/mailman/listinfo/shr-devel
