代码拉取完成,页面将自动刷新
同步操作将从 src-anolis-os/libreswan 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 1dddaa3226fe1b71b68ec9665d93864a5ec69801 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 9 Jan 2023 23:26:10 +0900
Subject: [PATCH] libreswan-3.32-1861360-nodefault-rsa-pss.patch
---
lib/libipsecconf/confread.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c
index 0444118..ec87646 100644
--- a/lib/libipsecconf/confread.c
+++ b/lib/libipsecconf/confread.c
@@ -1501,9 +1501,14 @@ static bool load_conn(struct starter_conn *conn,
hunk_streq(val, "rsa")) {
conn->authby.rsasig = true;
conn->authby.rsasig_v1_5 = true;
+ /*
+ * These cause failure with RSA 1024 bits because it uses RSA-PSS
+ */
+#if 0
conn->sighash_policy |= POL_SIGHASH_SHA2_256;
conn->sighash_policy |= POL_SIGHASH_SHA2_384;
conn->sighash_policy |= POL_SIGHASH_SHA2_512;
+#endif
} else if (hunk_streq(val, "never")) {
conn->authby.never = true;
/* everything else is only supported for IKEv2 */
--
2.39.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。