Fetch the repository succeeded.
This action will force synchronization from src-openEuler/openldap, which will overwrite any changes that you have made since you forked the repository, and can not be recovered!!!
Synchronous operation will process in the background and will refresh the page when finishing processing. Please be patient.
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index d69b186..7f92783 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -2238,6 +2238,58 @@ tlsm_deferred_ctx_init( void *arg )
0, 0, 0 );
return -1;
}
+ if ( lt->lt_protocol_min >= LDAP_OPT_X_TLS_PROTOCOL_SSL3 ) {
+ SSLVersionRange supported_range, default_range, selected_range;
+ if ( SECSuccess != SSL_VersionRangeGetSupported(ssl_variant_stream, &supported_range) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not get SSL supported version range (SSL_VersionRangeGetSupported).\n",
+ 0, 0, 0 );
+ return -1;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: info: SSL supported protocol version range is (%#04x, %#04x) (SSL_VersionRangeGetSupported).\n",
+ supported_range.min, supported_range.max, 0);
+ }
+ if ( SECSuccess != SSL_VersionRangeGetDefault(ssl_variant_stream, &default_range) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not get SSL default protocol version range (SSL_VersionRangeGetDefault).\n",
+ 0, 0, 0 );
+ return -1;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: info: SSL default protocol version range is (%#04x, %#04x) (SSL_VersionRangeGetDefault).\n",
+ default_range.min, default_range.max, 0);
+ }
+ selected_range.min = lt->lt_protocol_min;
+ selected_range.max = supported_range.max;
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: info: TLS configured protocol minimal version is %#04x.\n",
+ selected_range.min, selected_range.max, 0);
+ if ( (selected_range.min > supported_range.max) ||
+ (selected_range.max < supported_range.min) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: selected protocol version range out of NSS-supported version range.\n",
+ 0, 0, 0);
+ return -1;
+ } else {
+ if ( SECSuccess != SSL_VersionRangeSet(ctx->tc_model, &selected_range) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not set protocol version range (SSL_VersionRangeSet).\n",
+ 0, 0, 0);
+ return -1;
+ }
+ if ( SECSuccess != SSL_VersionRangeGet(ctx->tc_model, &selected_range) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: error: could not get protocol version range (SSL_VersionRangeGet).\n",
+ 0, 0, 0);
+ return -1;
+ } else {
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: info: SSL set protocol version range is (%#04x, %#04x) (SSL_VersionRangeGet).\n",
+ selected_range.min, selected_range.max, 0);
+ }
+ }
+ }
if ( SECSuccess != SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_CLIENT, !ctx->tc_is_server ) ) {
Debug( LDAP_DEBUG_ANY,
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
