I suggest adding a mode that uses nc -c and use that by default, and maybe
patch the openssl mode to use eopenssl11.
--
Sent from a phone, apologies for poor formatting.
On 7 August 2021 17:45:32 Christian Weisgerber <naddy@mips.inka.de> wrote:
> Moritz Buhl:
>
>> this diff fixes CVE-2020-14387 for net/rsync.
>
> The same change was committed upstream:
> https://github.com/WayneD/rsync/commit/c3f7414c450faaf6a8281cc4a4403529aeb7d859
>
> However...
>
>> +- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet
>> -servername $hostname -connect $hostname:$port
>> ++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet
>> -servername $hostname -verify_hostname $hostname -connect $hostname:$port
>
> ... LibreSSL's openssl(1) doesn't appear to support the -verify_hostname
> option. So this change would break rsync-ssl for us.
>
> And actually, -verify_quiet doesn't exist either, so this is already
> broken.
>
> --
> Christian "naddy" Weisgerber naddy@mips.inka.de
No comments:
Post a Comment