[pve-devel] applied: [PATCH http-server] tls: make dh to openssl 1.1 compatible
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Mar 22 10:35:51 CET 2019
Effective the same approach used in libanyevent-perl 7.140-3[0]
Stretch is also compatible with this, and we can remove it for
buster/PVE 6 once the libanyevent-perl package transitioned to
from unstable to buster, until then do it ourself to have a
functioning api/proxy...
[0]: https://salsa.debian.org/perl-team/modules/packages/libanyevent-perl/commit/7f3d5721bb915c0c24088c3ff361238938172108
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
PVE/APIServer/AnyEvent.pm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
index b2330a5..1a01d17 100644
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@@ -574,6 +574,9 @@ sub proxy_request {
sslv2 => 0,
sslv3 => 0,
verify => 1,
+ # be compatible with openssl 1.1, fix for debian bug #923615
+ # remove once libanyeven-perl with this fix transitions to buster
+ dh => 'schmorp2048',
verify_cb => sub {
my (undef, undef, undef, $depth, undef, undef, $cert) = @_;
# we don't care about intermediate or root certificates
--
2.20.1
More information about the pve-devel
mailing list