CVS commit: pkgsrc/mail/cone

["Joerg Sonnenberger" <joerg%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   joerg
Date:           Fri Apr 17 00:21:17 UTC 2020

Modified Files:
        pkgsrc/mail/cone: distinfo
Added Files:
        pkgsrc/mail/cone/patches: patch-tcpd_configure
            patch-tcpd_libcouriertls.c

Log Message:
Adjust for OpenSSL 1.1


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/cone/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/cone/patches/patch-tcpd_configure \
    pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/cone/distinfo
diff -u pkgsrc/mail/cone/distinfo:1.11 pkgsrc/mail/cone/distinfo:1.12
--- pkgsrc/mail/cone/distinfo:1.11      Sun Mar 22 21:24:56 2020
+++ pkgsrc/mail/cone/distinfo   Fri Apr 17 00:21:17 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2020/03/22 21:24:56 joerg Exp $
+$NetBSD: distinfo,v 1.12 2020/04/17 00:21:17 joerg Exp $
 
 SHA1 (cone-0.90.tar.bz2) = 51614269ed0b8c091de4573bacefe5f394a08311
 RMD160 (cone-0.90.tar.bz2) = 2b2a924d8726535654c74c9d98d7e444aff9fd5e
@@ -18,3 +18,5 @@ SHA1 (patch-libmail-mboxgetmessage.C) = 
 SHA1 (patch-libmail-mboxread.C) = 940eab3b9040d9362f816d9af4d9bcc305701ae6
 SHA1 (patch-libmail-tmpaccount.C) = dbd3d7bde51e9c94b3258fcb2fca6b9077f9ad12
 SHA1 (patch-libmail_addmessage.H) = 27a07ef263bd351938e658c7f8c7faed44376479
+SHA1 (patch-tcpd_configure) = eba2223ad6a62e273c8da6cfe0ba2cf141680470
+SHA1 (patch-tcpd_libcouriertls.c) = ffe6d71d7c1092c88f5ac496ee12e41d2db5e3bb

Added files:

Index: pkgsrc/mail/cone/patches/patch-tcpd_configure
diff -u /dev/null pkgsrc/mail/cone/patches/patch-tcpd_configure:1.1
--- /dev/null   Fri Apr 17 00:21:18 2020
+++ pkgsrc/mail/cone/patches/patch-tcpd_configure       Fri Apr 17 00:21:17 2020
@@ -0,0 +1,54 @@
+$NetBSD: patch-tcpd_configure,v 1.1 2020/04/17 00:21:17 joerg Exp $
+
+SSL_load_error_strings is no long a symbol in OpenSSL 1.1.
+
+--- tcpd/configure.orig        2020-04-13 20:46:43.239442081 +0000
++++ tcpd/configure
+@@ -12863,9 +12863,9 @@ else
+ fi
+ 
+ 
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_load_error_strings in -lssl" >&5
+-$as_echo_n "checking for SSL_load_error_strings in -lssl... " >&6; }
+-if ${ac_cv_lib_ssl_SSL_load_error_strings+:} false; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5
++$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; }
++if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then :
+   $as_echo_n "(cached) " >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+@@ -12879,27 +12879,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+-char SSL_load_error_strings ();
++char OPENSSL_init_ssl ();
+ int
+ main ()
+ {
+-return SSL_load_error_strings ();
++return OPENSSL_init_ssl ();
+   ;
+   return 0;
+ }
+ _ACEOF
+ if ac_fn_c_try_link "$LINENO"; then :
+-  ac_cv_lib_ssl_SSL_load_error_strings=yes
++  ac_cv_lib_ssl_OPENSSL_init_ssl=yes
+ else
+-  ac_cv_lib_ssl_SSL_load_error_strings=no
++  ac_cv_lib_ssl_OPENSSL_init_ssl=no
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+     conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_load_error_strings" >&5
+-$as_echo "$ac_cv_lib_ssl_SSL_load_error_strings" >&6; }
+-if test "x$ac_cv_lib_ssl_SSL_load_error_strings" = xyes; then :
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5
++$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; }
++if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then :
+   have_ssl=yes
+ else
+   have_ssl=no
Index: pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c
diff -u /dev/null pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c:1.1
--- /dev/null   Fri Apr 17 00:21:18 2020
+++ pkgsrc/mail/cone/patches/patch-tcpd_libcouriertls.c Fri Apr 17 00:21:17 2020
@@ -0,0 +1,90 @@
+$NetBSD: patch-tcpd_libcouriertls.c,v 1.1 2020/04/17 00:21:17 joerg Exp $
+
+Update for OpenSSL 1.1 interface.
+
+--- tcpd/libcouriertls.c.orig  2020-04-13 20:52:41.051633714 +0000
++++ tcpd/libcouriertls.c
+@@ -138,9 +138,9 @@ static int verifypeer(const struct tls_i
+       {
+               STACK_OF(X509) *peer_cert_chain=SSL_get_peer_cert_chain(ssl);
+ 
+-              if (peer_cert_chain && peer_cert_chain->stack.num > 0)
++              if (peer_cert_chain && sk_X509_num(peer_cert_chain) > 0)
+               {
+-                      X509 *xx=(X509 *)peer_cert_chain->stack.data[0];
++                      X509 *xx=sk_X509_value(peer_cert_chain, 0);
+ 
+                       if (xx)
+                               subj=X509_get_subject_name(xx);
+@@ -415,16 +415,15 @@ static int client_cert_cb(ssl_handle ssl
+                       continue;
+               }
+ 
+-              for (i=0; client_cas && i<client_cas->stack.num; i++)
++              for (i=0; client_cas && i<sk_X509_NAME_num(client_cas); i++)
+               {
+-                      X509_NAME *cert=(X509_NAME *)client_cas->stack.data[i];
++                      X509_NAME *cert=sk_X509_NAME_value(client_cas, i);
+ 
+-                      if (X509_NAME_cmp(cert,
+-                                        x->cert_info->issuer) == 0)
++                      if (X509_NAME_cmp(cert, X509_get_issuer_name(x)) == 0)
+                               break;
+               }
+ 
+-              if (!client_cas || i >= client_cas->stack.num)
++              if (!client_cas || i >= sk_X509_NAME_num(client_cas))
+               {
+                       BIO_free(certbio);
+                       continue;
+@@ -552,7 +551,7 @@ SSL_CTX *tls_create(int isserver, const 
+               protocol="SSL23";
+ 
+       ctx=SSL_CTX_new(protocol && strcmp(protocol, "SSL3") == 0
+-                      ? SSLv3_method():
++                      ? SSLv23_method():
+                       protocol && strcmp(protocol, "SSL23") == 0
+                       ? SSLv23_method():
+                       TLSv1_method());
+@@ -740,8 +739,8 @@ static int cache_add(SSL *ssl, SSL_SESSI
+       unsigned char *ucp;
+       time_t timeout= (time_t)SSL_SESSION_get_time(sess)
+               + SSL_SESSION_get_timeout(sess);
+-      void *session_id=(void *)sess->session_id;
+-      size_t session_id_len=sess->session_id_length;
++      unsigned int session_id_len;
++      void *session_id = SSL_SESSION_get_id(sess, &session_id_len);
+       size_t sess_len=i2d_SSL_SESSION(sess, NULL);
+ 
+       if (sizeof(timeout) + sizeof(session_id_len) + session_id_len +
+@@ -851,9 +850,7 @@ static void cache_del(SSL_CTX *ctx, SSL_
+       struct walk_info wi;
+ 
+       wi.now=0;
+-
+-      wi.id=(unsigned char *)sess->session_id;
+-      wi.id_len=sess->session_id_length;
++      wi.id = SSL_SESSION_get_id(sess, &wi.id_len);
+       if (tls_cache_walk(info->tlscache, del_func, &wi) < 0)
+               perror("ALERT: tls_cache_walk: ");
+ }
+@@ -1360,8 +1357,8 @@ void tls_dump_connection_info(ssl_handle
+                       }
+               }
+ 
+-              for (i=0; peer_cert_chain && i<peer_cert_chain->stack.num; i++)
+-                      dump_x509((X509 *)peer_cert_chain->stack.data[i],
++              for (i=0; peer_cert_chain && i<sk_X509_num(peer_cert_chain); i++)
++                      dump_x509(sk_X509_value(peer_cert_chain, i),
+                                 dump_func, dump_arg);
+       }
+ 
+@@ -1539,7 +1536,7 @@ char *tls_cert_name(const char *buf, siz
+ 
+       if (x)
+       {
+-              p=X509_NAME_oneline(x->cert_info->subject, NULL, 0);
++              p=X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+               X509_free(x);
+       }
+       ERR_clear_error();