diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch new file mode 100644 index 000000000..95ffc0a48 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch @@ -0,0 +1,66 @@ +diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c +index 610511f7..92be4656 100644 +--- a/plugins/curl/curl.c ++++ b/plugins/curl/curl.c +@@ -69,6 +69,8 @@ static const char *proxy = NULL; + static char *proxy_password = NULL; + static const char *proxy_user = NULL; + static bool sslverify = true; ++static const char *ssl_version = NULL; ++static const char *ssl_cipher_list = NULL; + static bool tcp_keepalive = false; + static bool tcp_nodelay = true; + static uint32_t timeout = 0; +@@ -232,6 +234,12 @@ curl_config (const char *key, const char *value) + sslverify = r; + } + ++ else if (strcmp (key, "ssl-version") == 0) ++ ssl_version = value; ++ ++ else if (strcmp (key, "ssl-cipher-list") == 0) ++ ssl_cipher_list = value; ++ + else if (strcmp (key, "tcp-keepalive") == 0) { + r = nbdkit_parse_bool (value); + if (r == -1) +@@ -302,6 +310,8 @@ curl_config_complete (void) + "proxy-user=<USER> The proxy user.\n" \ + "timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \ + "sslverify=false Do not verify SSL certificate of remote host.\n" \ ++ "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ ++ "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ + "tcp-keepalive=true Enable TCP keepalives.\n" \ + "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ + "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ +@@ -418,6 +428,30 @@ curl_open (int readonly) + curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L); + } ++ if (ssl_version) { ++ if (strcmp (ssl_version, "tlsv1") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); ++ else if (strcmp (ssl_version, "sslv2") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2); ++ else if (strcmp (ssl_version, "sslv3") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); ++ else if (strcmp (ssl_version, "tlsv1.0") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); ++ else if (strcmp (ssl_version, "tlsv1.1") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); ++ else if (strcmp (ssl_version, "tlsv1.2") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); ++ else if (strcmp (ssl_version, "tlsv1.3") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3); ++ else { ++ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]", ++ ssl_version); ++ goto err; ++ } ++ ++ } ++ if (ssl_cipher_list) ++ curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); + if (tcp_keepalive) + curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); + if (!tcp_nodelay) |