proxmox-mirrors/pve-http-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-http-server synced 2025-05-02 05:13:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tls: make dh to openssl 1.1 compatible

Browse Source 
Effective the same approach used in libanyevent-perl 7.140-3[0]
Stretch is also compatible with this, and we can remove it for
buster/PVE 6 once the libanyevent-perl package transitioned to
from unstable to buster, until then do it ourself to have a
functioning api/proxy...

[0]: 7f3d5721bb

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2019-03-22 10:32:46 +01:00
parent 487cedb5a7
commit ea574439f7
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
PVE/APIServer/AnyEvent.pm
View File

@ -574,6 +574,9 @@ sub proxy_request {
sslv2 => 0, sslv2 => 0,
sslv3 => 0, sslv3 => 0,
verify => 1, verify => 1,
# be compatible with openssl 1.1, fix for debian bug #923615
# remove once libanyeven-perl with this fix transitions to buster
dh => 'schmorp2048',
verify_cb => sub { verify_cb => sub {
my (undef, undef, undef, $depth, undef, undef, $cert) = @_; my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
# we don't care about intermediate or root certificates # we don't care about intermediate or root certificates