diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch new file mode 100644 index 000000000..398cef63c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch @@ -0,0 +1,39 @@ +diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c +index fad84140..d3dc3bde 100644 +--- a/plugins/curl/curl.c ++++ b/plugins/curl/curl.c +@@ -85,6 +85,7 @@ const char *proxy_user = NULL; + bool sslverify = true; + const char *ssl_version = NULL; + const char *ssl_cipher_list = NULL; ++const char *tls13_ciphers = NULL; + bool tcp_keepalive = false; + bool tcp_nodelay = true; + uint32_t timeout = 0; +@@ -309,6 +310,9 @@ curl_config (const char *key, const char *value) + else if (strcmp (key, "ssl-cipher-list") == 0) + ssl_cipher_list = value; + ++ else if (strcmp (key, "tls13-ciphers") == 0) ++ tls13_ciphers = value; ++ + else if (strcmp (key, "tcp-keepalive") == 0) { + r = nbdkit_parse_bool (value); + if (r == -1) +@@ -413,6 +417,7 @@ curl_config_complete (void) + "sslverify=false Do not verify SSL certificate of remote host.\n" \ + "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ + "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ ++ "tls13-ciphers=C1:C2:.. Specify TLS 1.3 cipher suites to be used.\n" \ + "tcp-keepalive=true Enable TCP keepalives.\n" \ + "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ + "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ +@@ -550,6 +555,8 @@ curl_open (int readonly) + } + if (ssl_cipher_list) + curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); ++ if (tls13_ciphers) ++ curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers); + if (tcp_keepalive) + curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); + if (!tcp_nodelay) |