LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24838 Commits
1 Branch
46 MiB
Tree: ed818a9fdb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ed818a9fdb'
${ noResults }
openwrt-packages-dist/libs/uw-imap/patches/010-imap-2007f-openssl-1.1....

81 lines
3.4 KiB
Raw Normal View History

uw-imap: add openssl 1.1 compatibility Patch to compile with openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
3 years ago
uw-imap: add openssl 1.1 compatibility Patch to compile with openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
3 years ago
uw-imap: add openssl 1.1 compatibility Patch to compile with openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
3 years ago
uw-imap: add openssl 1.1 compatibility Patch to compile with openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
3 years ago
uw-imap: add openssl 1.1 compatibility Patch to compile with openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
 
  1. From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
  2. From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
  3. Date: Fri, 2 Sep 2016 21:33:33 +0000
  4. Subject: [PATCH] uw-imap: compile against openssl 1.1.0
  5. 

  6. I *think* I replaced access to cert->name with certificate's subject name. I
  7. assume that the re-aranged C-code is doing the same thing. A double check
  8. wouldn't hurt :)
  9. 

  10. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
  11. ---

  12.  src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
  13.  1 file changed, 17 insertions(+), 11 deletions(-)
  14. 

  15. --- a/src/osdep/unix/ssl_unix.c

  16. +++ b/src/osdep/unix/ssl_unix.c

  17. @@ -59,7 +59,7 @@ typedef struct ssl_stream {

  18.  static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
  19.  static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
  20.  static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
  21. -static char *ssl_validate_cert (X509 *cert,char *host);

  22. +static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);

  23.  static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
  24.  static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
  25.  			       long *contd);
  26. @@ -210,6 +210,7 @@ static char *ssl_start_work (SSLSTREAM *

  27.    BIO *bio;
  28.    X509 *cert;
  29.    unsigned long sl,tl;
  30. +  char cert_subj[250];

  31.    char *s,*t,*err,tmp[MAILTMPLEN];
  32.    sslcertificatequery_t scq =
  33.      (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
  34. @@ -266,14 +267,19 @@ static char *ssl_start_work (SSLSTREAM *

  35.    if (SSL_write (stream->con,"",0) < 0)
  36.      return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
  37.  				/* need to validate host names? */
  38. -  if (!(flags & NET_NOVALIDATECERT) &&

  39. -      (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),

  40. -				host))) {

  41. -				/* application callback */

  42. -    if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";

  43. +  if (!(flags & NET_NOVALIDATECERT)) {

  44. +

  45. +	cert_subj[0] = '\0';

  46. +	cert = SSL_get_peer_certificate(stream->con);

  47. +	if (cert)

  48. +		X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));

  49. +	err = ssl_validate_cert (cert, host, cert_subj);

  50. +	if (err)

  51. +		/* application callback */

  52. +		if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";

  53.  				/* error message to return via mm_log() */
  54. -    sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");

  55. -    return ssl_last_error = cpystr (tmp);

  56. +	sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");

  57. +	return ssl_last_error = cpystr (tmp);

  58.    }
  59.    return NIL;
  60.  }
  61. @@ -313,7 +319,7 @@ static int ssl_open_verify (int ok,X509_

  62.   * Returns: NIL if validated, else string of error message
  63.   */
  64.  
  65. -static char *ssl_validate_cert (X509 *cert,char *host)

  66. +static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)

  67.  {
  68.    int i,n;
  69.    char *s,*t,*ret;
  70. @@ -322,9 +328,9 @@ static char *ssl_validate_cert (X509 *ce

  71.  				/* make sure have a certificate */
  72.    if (!cert) ret = "No certificate from server";
  73.  				/* and that it has a name */
  74. -  else if (!cert->name) ret = "No name in certificate";

  75. +  else if (cert_subj[0] == '\0') ret = "No name in certificate";

  76.  				/* locate CN */
  77. -  else if (s = strstr (cert->name,"/CN=")) {

  78. +  else if (s = strstr (cert_subj,"/CN=")) {

  79.      if (t = strchr (s += 4,'/')) *t = '\0';
  80.  				/* host name matches pattern? */
  81.      ret = ssl_compare_hostnames (host,s) ? NIL :