pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/cone Adjust for OpenSSL 1.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/e0cc8b1ac87d
branches: trunk
changeset: 427464:e0cc8b1ac87d
user: joerg <joerg%pkgsrc.org@localhost>
date: Fri Apr 17 00:21:17 2020 +0000
description:
Adjust for OpenSSL 1.1
diffstat:
mail/cone/distinfo | 4 +-
mail/cone/patches/patch-tcpd_configure | 54 ++++++++++++++++
mail/cone/patches/patch-tcpd_libcouriertls.c | 90 ++++++++++++++++++++++++++++
3 files changed, 147 insertions(+), 1 deletions(-)
diffs (167 lines):
diff -r c636113cdc9e -r e0cc8b1ac87d mail/cone/distinfo
--- a/mail/cone/distinfo Fri Apr 17 00:20:45 2020 +0000
+++ b/mail/cone/distinfo Fri Apr 17 00:21:17 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2020/03/22 21:24:56 joerg Exp $
+$NetBSD: distinfo,v 1.12 2020/04/17 00:21:17 joerg Exp $
SHA1 (cone-0.90.tar.bz2) = 51614269ed0b8c091de4573bacefe5f394a08311
RMD160 (cone-0.90.tar.bz2) = 2b2a924d8726535654c74c9d98d7e444aff9fd5e
@@ -18,3 +18,5 @@
SHA1 (patch-libmail-mboxread.C) = 940eab3b9040d9362f816d9af4d9bcc305701ae6
SHA1 (patch-libmail-tmpaccount.C) = dbd3d7bde51e9c94b3258fcb2fca6b9077f9ad12
SHA1 (patch-libmail_addmessage.H) = 27a07ef263bd351938e658c7f8c7faed44376479
+SHA1 (patch-tcpd_configure) = eba2223ad6a62e273c8da6cfe0ba2cf141680470
+SHA1 (patch-tcpd_libcouriertls.c) = ffe6d71d7c1092c88f5ac496ee12e41d2db5e3bb
diff -r c636113cdc9e -r e0cc8b1ac87d mail/cone/patches/patch-tcpd_configure
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/cone/patches/patch-tcpd_configure Fri Apr 17 00:21:17 2020 +0000
@@ -0,0 +1,54 @@
+$NetBSD: patch-tcpd_configure,v 1.1 2020/04/17 00:21:17 joerg Exp $
+
+SSL_load_error_strings is no long a symbol in OpenSSL 1.1.
+
+--- tcpd/configure.orig 2020-04-13 20:46:43.239442081 +0000
++++ tcpd/configure
+@@ -12863,9 +12863,9 @@ else
+ fi
+
+
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_load_error_strings in -lssl" >&5
+-$as_echo_n "checking for SSL_load_error_strings in -lssl... " >&6; }
+-if ${ac_cv_lib_ssl_SSL_load_error_strings+:} false; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5
++$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; }
++if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then :
+ $as_echo_n "(cached) " >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+@@ -12879,27 +12879,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+-char SSL_load_error_strings ();
++char OPENSSL_init_ssl ();
+ int
+ main ()
+ {
+-return SSL_load_error_strings ();
++return OPENSSL_init_ssl ();
+ ;
+ return 0;
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+- ac_cv_lib_ssl_SSL_load_error_strings=yes
++ ac_cv_lib_ssl_OPENSSL_init_ssl=yes
+ else
+- ac_cv_lib_ssl_SSL_load_error_strings=no
++ ac_cv_lib_ssl_OPENSSL_init_ssl=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_load_error_strings" >&5
+-$as_echo "$ac_cv_lib_ssl_SSL_load_error_strings" >&6; }
+-if test "x$ac_cv_lib_ssl_SSL_load_error_strings" = xyes; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5
++$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; }
++if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then :
+ have_ssl=yes
+ else
+ have_ssl=no
diff -r c636113cdc9e -r e0cc8b1ac87d mail/cone/patches/patch-tcpd_libcouriertls.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/cone/patches/patch-tcpd_libcouriertls.c Fri Apr 17 00:21:17 2020 +0000
@@ -0,0 +1,90 @@
+$NetBSD: patch-tcpd_libcouriertls.c,v 1.1 2020/04/17 00:21:17 joerg Exp $
+
+Update for OpenSSL 1.1 interface.
+
+--- tcpd/libcouriertls.c.orig 2020-04-13 20:52:41.051633714 +0000
++++ tcpd/libcouriertls.c
+@@ -138,9 +138,9 @@ static int verifypeer(const struct tls_i
+ {
+ STACK_OF(X509) *peer_cert_chain=SSL_get_peer_cert_chain(ssl);
+
+- if (peer_cert_chain && peer_cert_chain->stack.num > 0)
++ if (peer_cert_chain && sk_X509_num(peer_cert_chain) > 0)
+ {
+- X509 *xx=(X509 *)peer_cert_chain->stack.data[0];
++ X509 *xx=sk_X509_value(peer_cert_chain, 0);
+
+ if (xx)
+ subj=X509_get_subject_name(xx);
+@@ -415,16 +415,15 @@ static int client_cert_cb(ssl_handle ssl
+ continue;
+ }
+
+- for (i=0; client_cas && i<client_cas->stack.num; i++)
++ for (i=0; client_cas && i<sk_X509_NAME_num(client_cas); i++)
+ {
+- X509_NAME *cert=(X509_NAME *)client_cas->stack.data[i];
++ X509_NAME *cert=sk_X509_NAME_value(client_cas, i);
+
+- if (X509_NAME_cmp(cert,
+- x->cert_info->issuer) == 0)
++ if (X509_NAME_cmp(cert, X509_get_issuer_name(x)) == 0)
+ break;
+ }
+
+- if (!client_cas || i >= client_cas->stack.num)
++ if (!client_cas || i >= sk_X509_NAME_num(client_cas))
+ {
+ BIO_free(certbio);
+ continue;
+@@ -552,7 +551,7 @@ SSL_CTX *tls_create(int isserver, const
+ protocol="SSL23";
+
+ ctx=SSL_CTX_new(protocol && strcmp(protocol, "SSL3") == 0
+- ? SSLv3_method():
++ ? SSLv23_method():
+ protocol && strcmp(protocol, "SSL23") == 0
+ ? SSLv23_method():
+ TLSv1_method());
+@@ -740,8 +739,8 @@ static int cache_add(SSL *ssl, SSL_SESSI
+ unsigned char *ucp;
+ time_t timeout= (time_t)SSL_SESSION_get_time(sess)
+ + SSL_SESSION_get_timeout(sess);
+- void *session_id=(void *)sess->session_id;
+- size_t session_id_len=sess->session_id_length;
++ unsigned int session_id_len;
++ void *session_id = SSL_SESSION_get_id(sess, &session_id_len);
+ size_t sess_len=i2d_SSL_SESSION(sess, NULL);
+
+ if (sizeof(timeout) + sizeof(session_id_len) + session_id_len +
+@@ -851,9 +850,7 @@ static void cache_del(SSL_CTX *ctx, SSL_
+ struct walk_info wi;
+
+ wi.now=0;
+-
+- wi.id=(unsigned char *)sess->session_id;
+- wi.id_len=sess->session_id_length;
++ wi.id = SSL_SESSION_get_id(sess, &wi.id_len);
+ if (tls_cache_walk(info->tlscache, del_func, &wi) < 0)
+ perror("ALERT: tls_cache_walk: ");
+ }
+@@ -1360,8 +1357,8 @@ void tls_dump_connection_info(ssl_handle
+ }
+ }
+
+- for (i=0; peer_cert_chain && i<peer_cert_chain->stack.num; i++)
+- dump_x509((X509 *)peer_cert_chain->stack.data[i],
++ for (i=0; peer_cert_chain && i<sk_X509_num(peer_cert_chain); i++)
++ dump_x509(sk_X509_value(peer_cert_chain, i),
+ dump_func, dump_arg);
+ }
+
+@@ -1539,7 +1536,7 @@ char *tls_cert_name(const char *buf, siz
+
+ if (x)
+ {
+- p=X509_NAME_oneline(x->cert_info->subject, NULL, 0);
++ p=X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+ X509_free(x);
+ }
+ ERR_clear_error();
Home |
Main Index |
Thread Index |
Old Index