Hotpatch missing intermediate certificates
This commit is contained in:
parent
5d2ae15edc
commit
c476a4d8a8
2 changed files with 42 additions and 0 deletions
40
0001-Fix-ssl.patch
Normal file
40
0001-Fix-ssl.patch
Normal file
|
@ -0,0 +1,40 @@
|
|||
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp
|
||||
index 22a150b6..fa77d96f 100644
|
||||
--- a/src/murmur/Server.cpp
|
||||
+++ b/src/murmur/Server.cpp
|
||||
@@ -1373,25 +1373,6 @@ void Server::newClient() {
|
||||
sock->setPrivateKey(qskKey);
|
||||
sock->setLocalCertificate(qscCert);
|
||||
|
||||
- QSslConfiguration config = sock->sslConfiguration();
|
||||
-#if QT_VERSION >= QT_VERSION_CHECK(5,15,0)
|
||||
- // Qt 5.15 introduced QSslConfiguration::addCaCertificate(s) that should be preferred over the functions in QSslSocket
|
||||
-
|
||||
- // Treat the leaf certificate as a root.
|
||||
- // This shouldn't strictly be necessary,
|
||||
- // and is a left-over from early on.
|
||||
- // Perhaps it is necessary for self-signed
|
||||
- // certs?
|
||||
- config.addCaCertificate(qscCert);
|
||||
-
|
||||
- // Add CA certificates specified via
|
||||
- // murmur.ini's sslCA option.
|
||||
- config.addCaCertificates(Meta::mp.qlCA);
|
||||
-
|
||||
- // Add intermediate CAs found in the PEM
|
||||
- // bundle used for this server's certificate.
|
||||
- config.addCaCertificates(qlIntermediates);
|
||||
-#else
|
||||
// Treat the leaf certificate as a root.
|
||||
// This shouldn't strictly be necessary,
|
||||
// and is a left-over from early on.
|
||||
@@ -1406,8 +1387,8 @@ void Server::newClient() {
|
||||
// Add intermediate CAs found in the PEM
|
||||
// bundle used for this server's certificate.
|
||||
sock->addCaCertificates(qlIntermediates);
|
||||
-#endif
|
||||
|
||||
+ QSslConfiguration config = sock->sslConfiguration();
|
||||
config.setCiphers(Meta::mp.qlCiphers);
|
||||
#if defined(USE_QSSLDIFFIEHELLMANPARAMETERS)
|
||||
config.setDiffieHellmanParameters(qsdhpDHParams);
|
|
@ -27,9 +27,11 @@ RUN apt-get update -yqq && apt-get install -yqq \
|
|||
git --no-install-recommends
|
||||
|
||||
WORKDIR /usr/src/murmur
|
||||
COPY 0001-Fix-ssl.patch /
|
||||
RUN \
|
||||
git clone https://github.com/mumble-voip/mumble.git . \
|
||||
&& git checkout master \
|
||||
&& git apply /0001-Fix-ssl.patch \
|
||||
&& git submodule init \
|
||||
&& git submodule update
|
||||
|
||||
|
|
Loading…
Reference in a new issue