LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19477 Commits
1 Branch
46 MiB
Tree: 2fef01837d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fef01837d'
${ noResults }
openwrt-packages-dist/net/nut/patches/0001-Add-compatibility-with...

166 lines
4.3 KiB
Raw Normal View History

nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
nut: added compatibility with openssl-1.1 Also added a fix in a check for empty string. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
nut: update OpenSSL 1.1.0 patch Replaces OpenWrt patch with upstream patch. Also removes 0002-Fix-check-for-empty-string.patch as this is included in upstream OpenSSL 1.1.0 patch. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
5 years ago
 
  1. commit 612c05efb3c3b243da603a3a050993281888b6e3
  2. Author: Arjen de Korte <build+github@de-korte.org>
  3. Date:   Fri Mar 15 10:17:32 2019 +0100
  4. 

  5.     Add support for openssl-1.1.0 (#504)
  6.     
  7.     * Add support for openssl-1.1.0
  8.     
  9.     * Allow TLSv1 and higher (not just TLSv1)
  10.     
  11.     * Fix check for empty string
  12.     
  13.     * Report TLS handshake in debug mode
  14.     
  15.     * Update nut_check_libopenssl.m4
  16.     
  17.     * Update upsclient.c
  18.     
  19.     * Update netssl.c
  20. 

  21. --- a/clients/upsclient.c

  22. +++ b/clients/upsclient.c

  23. @@ -299,11 +299,6 @@ int upscli_init(int certverify, const ch

  24.  {
  25.  #ifdef WITH_OPENSSL
  26.  	int ret, ssl_mode = SSL_VERIFY_NONE;
  27. -#if OPENSSL_VERSION_NUMBER >= 0x10000000L

  28. -	const SSL_METHOD	*ssl_method;

  29. -#else

  30. -	SSL_METHOD	*ssl_method;

  31. -#endif

  32.  #elif defined(WITH_NSS) /* WITH_OPENSSL */
  33.  	SECStatus	status;
  34.  #endif /* WITH_OPENSSL | WITH_NSS */
  35. @@ -315,22 +310,32 @@ int upscli_init(int certverify, const ch

  36.  	}
  37.  	
  38.  #ifdef WITH_OPENSSL
  39. -	

  40. -	SSL_library_init();

  41. -	SSL_load_error_strings();

  42.  
  43. -	ssl_method = TLSv1_client_method();

  44. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  45. +	SSL_load_error_strings();

  46. +	SSL_library_init();

  47.  
  48. -	if (!ssl_method) {

  49. -		return 0;

  50. -	}

  51. +	ssl_ctx = SSL_CTX_new(SSLv23_client_method());

  52. +#else

  53. +	ssl_ctx = SSL_CTX_new(TLS_client_method());

  54. +#endif

  55.  
  56. -	ssl_ctx = SSL_CTX_new(ssl_method);

  57.  	if (!ssl_ctx) {
  58.  		upslogx(LOG_ERR, "Can not initialize SSL context");
  59.  		return -1;
  60.  	}
  61.  	
  62. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  63. +	/* set minimum protocol TLSv1 */

  64. +	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

  65. +#else

  66. +	ret = SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);

  67. +	if (ret != 1) {

  68. +		upslogx(LOG_ERR, "Can not set minimum protocol to TLSv1");

  69. +		return -1;

  70. +	}

  71. +#endif

  72. +

  73.  	if (!certpath) {
  74.  		if (certverify == 1) {
  75.  			upslogx(LOG_ERR, "Can not verify certificate if any is specified");
  76. @@ -737,7 +742,7 @@ static int upscli_sslinit(UPSCONN_t *ups

  77.  	switch(res)
  78.  	{
  79.  	case 1:
  80. -		upsdebugx(3, "SSL connected");

  81. +		upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));

  82.  		break;
  83.  	case 0:
  84.  		upslog_with_errno(1, "SSL_connect do not accept handshake.");
  85. --- a/clients/upssched.c

  86. +++ b/clients/upssched.c

  87. @@ -794,7 +794,7 @@ static void parse_at(const char *ntype,

  88.  	}
  89.  
  90.  	if (!strcmp(cmd, "EXECUTE")) {
  91. -		if (ca1 == '\0') {

  92. +		if (ca1[0] == '\0') {

  93.  			upslogx(LOG_ERR, "Empty EXECUTE command argument");
  94.  			return;
  95.  		}
  96. --- a/m4/nut_check_libopenssl.m4

  97. +++ b/m4/nut_check_libopenssl.m4

  98. @@ -58,7 +58,7 @@ if test -z "${nut_have_libopenssl_seen}"

  99.  
  100.  	dnl check if openssl is usable
  101.  	AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
  102. -	AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])

  103. +	AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])

  104.  
  105.  	if test "${nut_have_openssl}" = "yes"; then
  106.  		nut_with_ssl="yes"
  107. --- a/server/netssl.c

  108. +++ b/server/netssl.c

  109. @@ -274,7 +274,7 @@ void net_starttls(nut_ctype_t *client, i

  110.  	{
  111.  	case 1:
  112.  		client->ssl_connected = 1;
  113. -		upsdebugx(3, "SSL connected");

  114. +		upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));

  115.  		break;
  116.  		
  117.  	case 0:
  118. @@ -370,13 +370,7 @@ void ssl_init(void)

  119.  {
  120.  #ifdef WITH_NSS
  121.  	SECStatus status;
  122. -#elif defined(WITH_OPENSSL)

  123. -#if OPENSSL_VERSION_NUMBER >= 0x10000000L

  124. -	const SSL_METHOD	*ssl_method;

  125. -#else

  126. -	SSL_METHOD	*ssl_method;

  127. -#endif

  128. -#endif /* WITH_NSS|WITH_OPENSSL */

  129. +#endif /* WITH_NSS */

  130.  
  131.  	if (!certfile) {
  132.  		return;
  133. @@ -386,18 +380,29 @@ void ssl_init(void)

  134.  
  135.  #ifdef WITH_OPENSSL
  136.  
  137. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  138.  	SSL_load_error_strings();
  139.  	SSL_library_init();
  140.  
  141. -	if ((ssl_method = TLSv1_server_method()) == NULL) {

  142. +	ssl_ctx = SSL_CTX_new(SSLv23_server_method());

  143. +#else

  144. +	ssl_ctx = SSL_CTX_new(TLS_server_method());

  145. +#endif

  146. +

  147. +	if (!ssl_ctx) {

  148.  		ssl_debug();
  149. -		fatalx(EXIT_FAILURE, "TLSv1_server_method failed");

  150. +		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");

  151.  	}
  152.  
  153. -	if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) {

  154. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  155. +	/* set minimum protocol TLSv1 */

  156. +	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

  157. +#else

  158. +	if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION) != 1) {

  159.  		ssl_debug();
  160. -		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");

  161. +		fatalx(EXIT_FAILURE, "SSL_CTX_set_min_proto_version(TLS1_VERSION)");

  162.  	}
  163. +#endif

  164.  
  165.  	if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
  166.  		ssl_debug();