[sblim-sfcb] Fix SFCB fails to start: Failure setting ECDH curve name (secp224r1)

[vcrhonek]

commit 827b9d2f8d8f044bcf8ce4372daf5084d9c4749f
Author: Vitezslav Crhonek <vcrhonek at redhat.com>
Date:   Thu May 15 12:43:40 2014 +0200

    Fix SFCB fails to start: Failure setting ECDH curve name (secp224r1)

 sblim-sfcb-1.4.8-default-ecdh-curve-name.patch |   26 ++++++++++++++++++++++++
 sblim-sfcb.spec                                |   10 ++++++++-
 2 files changed, 35 insertions(+), 1 deletions(-)
---
diff --git a/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch b/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch
new file mode 100644
index 0000000..3268d49
--- /dev/null
+++ b/sblim-sfcb-1.4.8-default-ecdh-curve-name.patch
@@ -0,0 +1,26 @@
+diff -up sblim-sfcb-1.4.8/control.c.orig sblim-sfcb-1.4.8/control.c
+--- sblim-sfcb-1.4.8/control.c.orig	2014-03-27 00:46:28.000000000 +0100
++++ sblim-sfcb-1.4.8/control.c	2014-05-15 12:31:38.304169409 +0200
+@@ -170,7 +170,7 @@ static Control init[] = {
+   {"sslCertList", CTL_STRING, SFCB_CONFDIR "/clist.pem", {0}},
+   {"sslCiphers", CTL_STRING, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH", {0}},
+   {"sslDhParamsFilePath", CTL_STRING, NULL, {0}},
+-  {"sslEcDhCurveName", CTL_STRING, "secp224r1", {0}},
++  {"sslEcDhCurveName", CTL_STRING, "secp384r1", {0}},
+   {"enableSslCipherServerPref", CTL_BOOL, NULL, {.b=0}},
+ 
+   {"registrationDir", CTL_STRING, SFCB_STATEDIR "/registration", {0}},
+diff -up sblim-sfcb-1.4.8/sfcb.cfg.pre.in.orig sblim-sfcb-1.4.8/sfcb.cfg.pre.in
+--- sblim-sfcb-1.4.8/sfcb.cfg.pre.in.orig	2014-05-15 12:31:59.188244865 +0200
++++ sblim-sfcb-1.4.8/sfcb.cfg.pre.in	2014-05-15 12:32:45.554408412 +0200
+@@ -293,8 +293,8 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STR
+ ## environment. If this value is not set, the indicated default is in effect.
+ ## If the value is set but the curve name is not recognized by the underlying
+ ## openssl implementation, SFCB will abort.
+-## Default is secp224r1
+-#sslEcDhCurveName: secp224r1
++## Default is secp384r1
++#sslEcDhCurveName: secp384r1
+ 
+ ## When set to true, sets the SSL_OP_CIPHER_SERVER_PREFERENCE flag for the ssl
+ ## context, to enforce server's preference instead of the client preference for
diff --git a/sblim-sfcb.spec b/sblim-sfcb.spec
index 4c386d1..912e2cd 100644
--- a/sblim-sfcb.spec
+++ b/sblim-sfcb.spec
@@ -8,7 +8,7 @@ Name: sblim-sfcb
 Summary: Small Footprint CIM Broker
 URL: http://sblim.wiki.sourceforge.net/
 Version: 1.4.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 Group: Applications/System
 License: EPL
 Source0: http://downloads.sourceforge.net/sblim/%{name}-%{version}.tar.bz2
@@ -28,6 +28,9 @@ Patch2: sblim-sfcb-1.3.16-maxMsgLen.patch
 Patch3: sblim-sfcb-1.4.5-service.patch
 # Patch4: fixes multilib issue with man page and config file
 Patch4: sblim-sfcb-1.3.16-multilib-man-cfg.patch
+# Patch5: change default ecdh curve name, as the original is not enabled
+#   in openssl on Fedora, rhbz#1097794
+Patch5: sblim-sfcb-1.4.8-default-ecdh-curve-name.patch
 Provides: cim-server = 0
 Requires: cim-schema
 Requires: sblim-sfcCommon
@@ -60,6 +63,7 @@ Programming Interface (CMPI).
 %patch2 -p1 -b .maxMsgLen
 %patch3 -p1 -b .service
 %patch4 -p1 -b .multilib-man-cfg
+%patch5 -p1 -b .default-ecdh-curve-name
 
 %build
 %configure --enable-debug --enable-uds --enable-ssl --enable-pam --enable-ipv6 \
@@ -119,6 +123,10 @@ fi;
 %files -f _pkg_list
 
 %changelog
+* Thu May 15 2014 Vitezslav Crhonek <vcrhonek at redhat.com> - 1.4.8-2
+- Fix SFCB fails to start: Failure setting ECDH curve name (secp224r1)
+  Resolves: #1097794
+
 * Thu Mar 27 2014 Vitezslav Crhonek <vcrhonek at redhat.com> - 1.4.8-1
 - Update to sblim-sfcb-1.4.8