diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2018-10-24 17:07:24 +0200 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2018-10-24 17:07:39 +0200 |
| commit | c2626757b304cbe1ba5da551b0db496989e95cc0 (patch) | |
| tree | 53b0393002f080af33cf4bcd94cf1a65d39df011 /net-libs/c-client/files | |
| parent | net-libs/qxmpp: upstream build system change in 9999 (diff) | |
| download | gentoo-c2626757b304cbe1ba5da551b0db496989e95cc0.tar.gz gentoo-c2626757b304cbe1ba5da551b0db496989e95cc0.tar.bz2 gentoo-c2626757b304cbe1ba5da551b0db496989e95cc0.zip | |
net-libs/c-client: Fixed build with openssl-1.1
Closes: https://bugs.gentoo.org/647616
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
Diffstat (limited to 'net-libs/c-client/files')
| -rw-r--r-- | net-libs/c-client/files/c-client-2007f-openssl-1.1.patch | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch new file mode 100644 index 000000000000..918f0bd3fbd5 --- /dev/null +++ b/net-libs/c-client/files/c-client-2007f-openssl-1.1.patch @@ -0,0 +1,66 @@ +diff -Nru a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c +--- a/src/osdep/unix/ssl_unix.c 2011-07-23 02:20:10.000000000 +0200 ++++ b/src/osdep/unix/ssl_unix.c 2018-09-22 09:34:26.492765776 +0200 +@@ -59,7 +59,7 @@ + static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); + static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); + static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); +-static char *ssl_validate_cert (X509 *cert,char *host); ++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj); + static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat); + static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size, + long *contd); +@@ -210,6 +210,7 @@ + BIO *bio; + X509 *cert; + unsigned long sl,tl; ++ char cert_subj[250]; + char *s,*t,*err,tmp[MAILTMPLEN]; + sslcertificatequery_t scq = + (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); +@@ -266,13 +267,17 @@ + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ +- if (!(flags & NET_NOVALIDATECERT) && +- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), +- host))) { +- /* application callback */ +- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : ""; +- /* error message to return via mm_log() */ +- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); ++ if (!(flags & NET_NOVALIDATECERT)) { ++ cert_subj[0] = '\0'; ++ cert = SSL_get_peer_certificate(stream->con); ++ if (cert) ++ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj)); ++ err = ssl_validate_cert (cert, host, cert_subj); ++ if (err) ++ /* application callback */ ++ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : ""; ++ /* error message to return via mm_log() */ ++ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???"); + return ssl_last_error = cpystr (tmp); + } + return NIL; +@@ -313,7 +318,7 @@ + * Returns: NIL if validated, else string of error message + */ + +-static char *ssl_validate_cert (X509 *cert,char *host) ++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj) + { + int i,n; + char *s,*t,*ret; +@@ -322,9 +327,9 @@ + /* make sure have a certificate */ + if (!cert) ret = "No certificate from server"; + /* and that it has a name */ +- else if (!cert->name) ret = "No name in certificate"; ++ else if (cert_subj[0] == '\0') ret = "No name in certificate"; + /* locate CN */ +- else if (s = strstr (cert->name,"/CN=")) { ++ else if (s = strstr (cert_subj,"/CN=")) { + if (t = strchr (s += 4,'/')) *t = '\0'; + /* host name matches pattern? */ + ret = ssl_compare_hostnames (host,s) ? NIL : |