LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14885 Commits
1 Branch
46 MiB
Tree: 0afbe88bba
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0afbe88bba'
${ noResults }
openwrt-packages-dist/net/mosquitto/patches/902-fix-engine-guards.patch

215 lines
7.7 KiB
Raw Normal View History

mosquitto: major upgrade to 1.6.x Major new release of mosquitto. This release rolls up the initial 1.6.0 release, plus the subsequent build/bug fixes of 1.6.1 and 1.6.2. Original upstream changelogs: https://mosquitto.org/blog/2019/04/version-1-6-released/ https://mosquitto.org/blog/2019/04/version-1-6-1-released/ https://mosquitto.org/blog/2019/04/version-1-6-2-released/ Major features of interest: * MQTTv5 support * performance improvements * ALPN support * OCSP staping support * OpenSSL Engine support * TLSv1.0 support dropped Currently adds two patches to continue supporting OpenSSL engine support being disabled, and a missing header include. These are both tracked upstream and are expected to be dropped in a subsequent release. Signed-off-by: Karl Palsson <karlp@etactica.com>
6 years ago
 
  1. diff --git a/lib/net_mosq.c b/lib/net_mosq.c

  2. index bdcaa19..f207e32 100644

  3. --- a/lib/net_mosq.c

  4. +++ b/lib/net_mosq.c

  5. @@ -141,7 +141,9 @@ int net__init(void)

  6.  			| OPENSSL_INIT_ADD_ALL_DIGESTS \
  7.  			| OPENSSL_INIT_LOAD_CONFIG, NULL);
  8.  #  endif
  9. +#if !defined(OPENSSL_NO_ENGINE)

  10.  	ENGINE_load_builtin_engines();
  11. +#endif

  12.  	setup_ui_method();
  13.  	if(tls_ex_index_mosq == -1){
  14.  		tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
  15. @@ -599,6 +601,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  16.  			SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
  17.  #endif
  18.  
  19. +#if !defined(OPENSSL_NO_ENGINE)

  20.  		if(mosq->tls_engine){
  21.  			engine = ENGINE_by_id(mosq->tls_engine);
  22.  			if(!engine){
  23. @@ -615,12 +618,15 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  24.  			ENGINE_set_default(engine, ENGINE_METHOD_ALL);
  25.  			ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
  26.  		}
  27. +#endif

  28.  
  29.  		if(mosq->tls_ciphers){
  30.  			ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers);
  31.  			if(ret == 0){
  32.  				log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers);
  33. +#if !defined(OPENSSL_NO_ENGINE)

  34.  				ENGINE_FINISH(engine);
  35. +#endif

  36.  				COMPAT_CLOSE(mosq->sock);
  37.  				mosq->sock = INVALID_SOCKET;
  38.  				net__print_ssl_error(mosq);
  39. @@ -647,7 +653,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  40.  					log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load CA certificates, check capath \"%s\".", mosq->tls_capath);
  41.  				}
  42.  #endif
  43. +#if !defined(OPENSSL_NO_ENGINE)

  44.  				ENGINE_FINISH(engine);
  45. +#endif

  46.  				COMPAT_CLOSE(mosq->sock);
  47.  				mosq->sock = INVALID_SOCKET;
  48.  				net__print_ssl_error(mosq);
  49. @@ -672,7 +680,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  50.  #else
  51.  					log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile);
  52.  #endif
  53. +#if !defined(OPENSSL_NO_ENGINE)

  54.  					ENGINE_FINISH(engine);
  55. +#endif

  56.  					COMPAT_CLOSE(mosq->sock);
  57.  					mosq->sock = INVALID_SOCKET;
  58.  					net__print_ssl_error(mosq);
  59. @@ -681,6 +691,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  60.  			}
  61.  			if(mosq->tls_keyfile){
  62.  				if(mosq->tls_keyform == mosq_k_engine){
  63. +#if !defined(OPENSSL_NO_ENGINE)

  64.  					UI_METHOD *ui_method = net__get_ui_method();
  65.  					if(mosq->tls_engine_kpass_sha1){
  66.  						if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
  67. @@ -714,6 +725,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  68.  						net__print_ssl_error(mosq);
  69.  						return MOSQ_ERR_TLS;
  70.  					}
  71. +#endif

  72.  				}else{
  73.  					ret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM);
  74.  					if(ret != 1){
  75. @@ -722,7 +734,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  76.  #else
  77.  						log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile);
  78.  #endif
  79. +#if !defined(OPENSSL_NO_ENGINE)

  80.  						ENGINE_FINISH(engine);
  81. +#endif

  82.  						COMPAT_CLOSE(mosq->sock);
  83.  						mosq->sock = INVALID_SOCKET;
  84.  						net__print_ssl_error(mosq);
  85. @@ -732,7 +746,9 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)

  86.  				ret = SSL_CTX_check_private_key(mosq->ssl_ctx);
  87.  				if(ret != 1){
  88.  					log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent.");
  89. +#if !defined(OPENSSL_NO_ENGINE)

  90.  					ENGINE_FINISH(engine);
  91. +#endif

  92.  					COMPAT_CLOSE(mosq->sock);
  93.  					mosq->sock = INVALID_SOCKET;
  94.  					net__print_ssl_error(mosq);
  95. diff --git a/lib/options.c b/lib/options.c

  96. index 005b781..6dc4262 100644

  97. --- a/lib/options.c

  98. +++ b/lib/options.c

  99. @@ -255,6 +255,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons

  100.  	switch(option){
  101.  		case MOSQ_OPT_TLS_ENGINE:
  102.  #ifdef WITH_TLS
  103. +#    if !defined(OPENSSL_NO_ENGINE)

  104.  			eng = ENGINE_by_id(value);
  105.  			if(!eng){
  106.  				return MOSQ_ERR_INVAL;
  107. @@ -265,6 +266,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons

  108.  				return MOSQ_ERR_NOMEM;
  109.  			}
  110.  			return MOSQ_ERR_SUCCESS;
  111. +#endif

  112.  #else
  113.  			return MOSQ_ERR_NOT_SUPPORTED;
  114.  #endif
  115. diff --git a/src/net.c b/src/net.c

  116. index 74b4ee8..495f8b2 100644

  117. --- a/src/net.c

  118. +++ b/src/net.c

  119. @@ -534,6 +534,7 @@ int net__socket_listen(struct mosquitto__listener *listener)

  120.  				return 1;
  121.  			}
  122.  			if(listener->tls_engine){
  123. +#if !defined(OPENSSL_NO_ENGINE)

  124.  				engine = ENGINE_by_id(listener->tls_engine);
  125.  				if(!engine){
  126.  					log__printf(NULL, MOSQ_LOG_ERR, "Error loading %s engine\n", listener->tls_engine);
  127. @@ -548,6 +549,7 @@ int net__socket_listen(struct mosquitto__listener *listener)

  128.  				}
  129.  				ENGINE_set_default(engine, ENGINE_METHOD_ALL);
  130.  				ENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */
  131. +#endif

  132.  			}
  133.  			/* FIXME user data? */
  134.  			if(listener->require_certificate){
  135. @@ -560,10 +562,13 @@ int net__socket_listen(struct mosquitto__listener *listener)

  136.  				log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server certificate \"%s\". Check certfile.", listener->certfile);
  137.  				net__print_error(MOSQ_LOG_ERR, "Error: %s");
  138.  				COMPAT_CLOSE(sock);
  139. +#if !defined(OPENSSL_NO_ENGINE)

  140.  				ENGINE_FINISH(engine);
  141. +#endif

  142.  				return 1;
  143.  			}
  144.  			if(listener->tls_keyform == mosq_k_engine){
  145. +#if !defined(OPENSSL_NO_ENGINE)

  146.  				UI_METHOD *ui_method = net__get_ui_method();
  147.  				if(listener->tls_engine_kpass_sha1){
  148.  					if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
  149. @@ -593,13 +598,16 @@ int net__socket_listen(struct mosquitto__listener *listener)

  150.  					ENGINE_FINISH(engine);
  151.  					return 1;
  152.  				}
  153. +#endif

  154.  			}else{
  155.  				rc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM);
  156.  				if(rc != 1){
  157.  					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load server key file \"%s\". Check keyfile.", listener->keyfile);
  158.  					net__print_error(MOSQ_LOG_ERR, "Error: %s");
  159.  					COMPAT_CLOSE(sock);
  160. +#if !defined(OPENSSL_NO_ENGINE)

  161.  					ENGINE_FINISH(engine);
  162. +#endif

  163.  					return 1;
  164.  				}
  165.  			}
  166. @@ -608,7 +616,9 @@ int net__socket_listen(struct mosquitto__listener *listener)

  167.  				log__printf(NULL, MOSQ_LOG_ERR, "Error: Server certificate/key are inconsistent.");
  168.  				net__print_error(MOSQ_LOG_ERR, "Error: %s");
  169.  				COMPAT_CLOSE(sock);
  170. +#if !defined(OPENSSL_NO_ENGINE)

  171.  				ENGINE_FINISH(engine);
  172. +#endif

  173.  				return 1;
  174.  			}
  175.  			/* Load CRLs if they exist. */
  176. @@ -618,7 +628,9 @@ int net__socket_listen(struct mosquitto__listener *listener)

  177.  					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to obtain TLS store.");
  178.  					net__print_error(MOSQ_LOG_ERR, "Error: %s");
  179.  					COMPAT_CLOSE(sock);
  180. +#if !defined(OPENSSL_NO_ENGINE)

  181.  					ENGINE_FINISH(engine);
  182. +#endif

  183.  					return 1;
  184.  				}
  185.  				lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
  186. @@ -627,7 +639,9 @@ int net__socket_listen(struct mosquitto__listener *listener)

  187.  					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to load certificate revocation file \"%s\". Check crlfile.", listener->crlfile);
  188.  					net__print_error(MOSQ_LOG_ERR, "Error: %s");
  189.  					COMPAT_CLOSE(sock);
  190. +#if !defined(OPENSSL_NO_ENGINE)

  191.  					ENGINE_FINISH(engine);
  192. +#endif

  193.  					return 1;
  194.  				}
  195.  				X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
  196. @@ -644,7 +658,9 @@ int net__socket_listen(struct mosquitto__listener *listener)

  197.  
  198.  			if(mosquitto__tls_server_ctx(listener)){
  199.  				COMPAT_CLOSE(sock);
  200. +#if !defined(OPENSSL_NO_ENGINE)

  201.  				ENGINE_FINISH(engine);
  202. +#endif

  203.  				return 1;
  204.  			}
  205.  			SSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback);
  206. @@ -654,7 +670,9 @@ int net__socket_listen(struct mosquitto__listener *listener)

  207.  					log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS PSK hint.");
  208.  					net__print_error(MOSQ_LOG_ERR, "Error: %s");
  209.  					COMPAT_CLOSE(sock);
  210. +#if !defined(OPENSSL_NO_ENGINE)

  211.  					ENGINE_FINISH(engine);
  212. +#endif

  213.  					return 1;
  214.  				}
  215.  			}