[geary/mjog/build-updates: 1/4] src/client/application/main.vala: Remove explicit Poodle mitigation

From: Michael Gratton <mjog src gnome org>
To: commits-list gnome org
Cc:
Subject: [geary/mjog/build-updates: 1/4] src/client/application/main.vala: Remove explicit Poodle mitigation
Date: Mon, 30 Mar 2020 08:52:53 +0000 (UTC)

commit 9597942116438e6b963bbee5a3810d13521f9cb0
Author: Michael Gratton <mike vee net>
Date:   Mon Mar 30 18:59:53 2020 +1100

    src/client/application/main.vala: Remove explicit Poodle mitigation
    
    Remove explicit Poodle SSL 3.0 exploit mitigation - distros are doing
    a better job of enabling secure TLS algos now.

 meson.build                      |  1 -
 meson_options.txt                |  6 ------
 src/client/application/main.vala | 15 ---------------
 src/meson.build                  |  3 ---
 4 files changed, 25 deletions(-)
---
diff --git a/meson.build b/meson.build
index dca9081f..4c1cee21 100644
--- a/meson.build
+++ b/meson.build
@@ -9,7 +9,6 @@ enable_valadoc = get_option('valadoc')
 install_contractor_file = get_option('contractor')
 iso_3166_xml = get_option('iso_3166_xml')
 iso_639_xml = get_option('iso_639_xml')
-poodle = get_option('poodle')
 reference_tracking = get_option('ref_tracking')
 
 # Build type
diff --git a/meson_options.txt b/meson_options.txt
index 5f7f7608..1e72e0af 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -25,12 +25,6 @@ option(
   value: false,
   description: 'Determines if libunwind is required.'
 )
-option(
-  'poodle',
-  type: 'boolean',
-  value: true,
-  description: 'Whether to apply the POODLE SSLv3 fix.'
-)
 option(
   'tnef-support',
   type: 'boolean',
diff --git a/src/client/application/main.vala b/src/client/application/main.vala
index 0df87838..741c0212 100644
--- a/src/client/application/main.vala
+++ b/src/client/application/main.vala
@@ -5,21 +5,6 @@
  */
 
 int main(string[] args) {
-    // POODLE SSLv3: This disables SSLv3 inside of GnuTLS preventing the exploit described at:
-    // http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
-    // Although it's extremely unlikely Geary presents an open attack vector (because Javascript
-    // must be enabled in WebKit), it still makes sense to disable this version of SSL.  See more
-    // at https://bugzilla.gnome.org/show_bug.cgi?id=738633
-    //
-    // This *must* be done before any threads are created, as their copy of the envvars is not
-    // updated with this call.  overwrite is set to false to allow the user to override the priority
-    // string if they need to.
-    //
-    // Packages can disable this fix with the --disable-poodle-ssl3 configure option.
-#if !DISABLE_POODLE
-    Environment.set_variable("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", false);
-#endif
-
     // Temporary workaround for WebKitGTK deprecation of the
     // shared-secondary process model. Pull this out in 3.36 when the
     // proper fix lands. See GNOME/geary#558.
diff --git a/src/meson.build b/src/meson.build
index 6126cb6b..db14f6d5 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -31,9 +31,6 @@ geary_vala_args = [
 if reference_tracking
   geary_vala_args += [ '--define=REF_TRACKING' ]
 endif
-if not poodle
-  geary_vala_args += [ '--define=DISABLE_POODLE' ]
-endif
 
 # Common cc options
 geary_c_args = [

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]