src/client/application/main.vala: Remove explicit Poodle mitigation
Remove explicit Poodle SSL 3.0 exploit mitigation - distros are doing a better job of enabling secure TLS algos now.
This commit is contained in:
Michael Gratton
parent
c8a19a37be
commit
9597942116
4 changed files with 0 additions and 25 deletions
|
|
@ -9,7 +9,6 @@ enable_valadoc = get_option('valadoc')
|
|||
install_contractor_file = get_option('contractor')
|
||||
iso_3166_xml = get_option('iso_3166_xml')
|
||||
iso_639_xml = get_option('iso_639_xml')
|
||||
poodle = get_option('poodle')
|
||||
reference_tracking = get_option('ref_tracking')
|
||||
|
||||
# Build type
|
||||
|
|
|
|||
|
|
@ -25,12 +25,6 @@ option(
|
|||
value: false,
|
||||
description: 'Determines if libunwind is required.'
|
||||
)
|
||||
option(
|
||||
'poodle',
|
||||
type: 'boolean',
|
||||
value: true,
|
||||
description: 'Whether to apply the POODLE SSLv3 fix.'
|
||||
)
|
||||
option(
|
||||
'tnef-support',
|
||||
type: 'boolean',
|
||||
|
|
|
|||
|
|
@ -5,21 +5,6 @@
|
|||
*/
|
||||
|
||||
int main(string[] args) {
|
||||
// POODLE SSLv3: This disables SSLv3 inside of GnuTLS preventing the exploit described at:
|
||||
// http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
|
||||
// Although it's extremely unlikely Geary presents an open attack vector (because Javascript
|
||||
// must be enabled in WebKit), it still makes sense to disable this version of SSL. See more
|
||||
// at https://bugzilla.gnome.org/show_bug.cgi?id=738633
|
||||
//
|
||||
// This *must* be done before any threads are created, as their copy of the envvars is not
|
||||
// updated with this call. overwrite is set to false to allow the user to override the priority
|
||||
// string if they need to.
|
||||
//
|
||||
// Packages can disable this fix with the --disable-poodle-ssl3 configure option.
|
||||
#if !DISABLE_POODLE
|
||||
Environment.set_variable("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", false);
|
||||
#endif
|
||||
|
||||
// Temporary workaround for WebKitGTK deprecation of the
|
||||
// shared-secondary process model. Pull this out in 3.36 when the
|
||||
// proper fix lands. See GNOME/geary#558.
|
||||
|
|
|
|||
|
|
@ -31,9 +31,6 @@ geary_vala_args = [
|
|||
if reference_tracking
|
||||
geary_vala_args += [ '--define=REF_TRACKING' ]
|
||||
endif
|
||||
if not poodle
|
||||
geary_vala_args += [ '--define=DISABLE_POODLE' ]
|
||||
endif
|
||||
|
||||
# Common cc options
|
||||
geary_c_args = [
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue