openwsman: Upgrade to 2.6.5

* Backport patches to fix build with OpenSSL 1.1.x Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Khem Raj <raj.khem@gmail.com> 2018-09-05 11:29:03 -0700
committer: Khem Raj <raj.khem@gmail.com> 2018-09-08 13:32:12 -0700
commit: 2647170181a3c727c43474e217fed58d0ecf243e (patch)
tree: a42f3083eb435bc2a571e569ac31c30720acbdf9 /meta-oe
parent: c829442cf94461a29467a192cbcd938a58a866f3 (diff)
download: meta-openembedded-2647170181a3c727c43474e217fed58d0ecf243e.tar.gz
3 files changed, 215 insertions, 2 deletions
diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
new file mode 100644
index 000000000..49afa56f5
--- /dev/null
+++ b/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
@@ -0,0 +1,162 @@
+From f78643d2388dd0697f83f17880403253a0596d83 Mon Sep 17 00:00:00 2001
+From: Vitezslav Crhonek <vcrhonek@redhat.com>
+Date: Wed, 5 Sep 2018 11:23:46 -0700
+Subject: [PATCH 1/2] Port to OpenSSL 1.1.0
+Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/lib/wsman-curl-client-transport.c |  6 +++-
+ src/server/shttpd/io_ssl.c            | 17 ----------
+ src/server/shttpd/shttpd.c            | 20 ++++--------
+ src/server/shttpd/ssl.h               | 46 ---------------------------
+ 4 files changed, 12 insertions(+), 77 deletions(-)
+diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
+index cd7f517a..e64ad097 100644
+--- a/src/lib/wsman-curl-client-transport.c
+++ b/src/lib/wsman-curl-client-transport.c
+@@ -241,12 +241,16 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data)
+ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
+ {
+        unsigned char *thumbprint = (unsigned char *)arg;
+-       X509 *cert = ctx->cert;
+        EVP_MD                                  *tempDigest;
+ 
+        unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
+        unsigned int      tempFingerprintLen;
+        tempDigest = (EVP_MD*)EVP_sha1( );
+
+       X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+       if(!cert)
+               return 0;
+
+        if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
+                return 0;
+        if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
+diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
+index 6de0db2a..7ac669e4 100644
+--- a/src/server/shttpd/io_ssl.c
+++ b/src/server/shttpd/io_ssl.c
+@@ -11,23 +11,6 @@
+ #include "defs.h"
+ 
+ #if !defined(NO_SSL)
+-struct ssl_func        ssl_sw[] = {
+-       {"SSL_free",                    {0}},
+-       {"SSL_accept",                  {0}},
+-       {"SSL_connect",                 {0}},
+-       {"SSL_read",                    {0}},
+-       {"SSL_write",                   {0}},
+-       {"SSL_get_error",               {0}},
+-       {"SSL_set_fd",                  {0}},
+-       {"SSL_new",                     {0}},
+-       {"SSL_CTX_new",                 {0}},
+-       {"SSLv23_server_method",        {0}},
+-       {"SSL_library_init",            {0}},
+-       {"SSL_CTX_use_PrivateKey_file", {0}},
+-       {"SSL_CTX_use_certificate_file",{0}},
+-       {NULL,                          {0}}
+-};
+-
+ void
+ _shttpd_ssl_handshake(struct stream *stream)
+ {
+diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
+index 5876392e..4c1dbf32 100644
+--- a/src/server/shttpd/shttpd.c
+++ b/src/server/shttpd/shttpd.c
+@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+        int             retval = FALSE;
+        EC_KEY*         key;
+ 
+-       /* Load SSL library dynamically */
+-       if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
+-               _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
+-               return (FALSE);
+-       }
+-
+-       for (fp = ssl_sw; fp->name != NULL; fp++)
+-               if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
+-                       _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
+-                       return (FALSE);
+-               }
+-
+        /* Initialize SSL crap */
+       debug("Initialize SSL");
+       SSL_load_error_strings();
+       #if OPENSSL_VERSION_NUMBER < 0x10100000L
+        SSL_library_init();
+       #else
+       OPENSSL_init_ssl(0, NULL);
+       #endif
+ 
+        if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
+                _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
+@@ -1532,7 +1526,7 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+                        if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
+                                //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
+                                debug("SSL: disable %s protocol", protocols[idx].name);
+-                               SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
+                               SSL_CTX_set_options(CTX, protocols[idx].opt);
+                                break;
+                        }
+                }
+diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
+index a863f2c7..8dad0109 100644
+--- a/src/server/shttpd/ssl.h
+++ b/src/server/shttpd/ssl.h
+@@ -12,50 +12,4 @@
+ 
+ #include <openssl/ssl.h>
+ 
+-#else
+-
+-/*
+- * Snatched from OpenSSL includes. I put the prototypes here to be independent
+- * from the OpenSSL source installation. Having this, shttpd + SSL can be
+- * built on any system with binary SSL libraries installed.
+- */
+-
+-typedef struct ssl_st SSL;
+-typedef struct ssl_method_st SSL_METHOD;
+-typedef struct ssl_ctx_st SSL_CTX;
+-
+-#define        SSL_ERROR_WANT_READ     2
+-#define        SSL_ERROR_WANT_WRITE    3
+-#define        SSL_ERROR_SYSCALL       5
+-#define        SSL_FILETYPE_PEM        1
+-
+ #endif
+-
+-/*
+- * Dynamically loaded SSL functionality
+- */
+-struct ssl_func {
+-       const char      *name;          /* SSL function name    */
+-       union variant   ptr;            /* Function pointer     */
+-};
+-
+-extern struct ssl_func ssl_sw[];
+-
+-#define        FUNC(x) ssl_sw[x].ptr.v_func
+-
+-#define        SSL_free(x)     (* (void (*)(SSL *)) FUNC(0))(x)
+-#define        SSL_accept(x)   (* (int (*)(SSL *)) FUNC(1))(x)
+-#define        SSL_connect(x)  (* (int (*)(SSL *)) FUNC(2))(x)
+-#define        SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
+-#define        SSL_write(x,y,z) \
+-       (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
+-#define        SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
+-#define        SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y))
+-#define        SSL_new(x)      (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
+-#define        SSL_CTX_new(x)  (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
+-#define        SSLv23_server_method()  (* (SSL_METHOD * (*)(void)) FUNC(9))()
+-#define        SSL_library_init() (* (int (*)(void)) FUNC(10))()
+-#define        SSL_CTX_use_PrivateKey_file(x,y,z)      (* (int (*)(SSL_CTX *, \
+-               const char *, int)) FUNC(11))((x), (y), (z))
+-#define        SSL_CTX_use_certificate_file(x,y,z)     (* (int (*)(SSL_CTX *, \
+-               const char *, int)) FUNC(12))((x), (y), (z))
+-- 
+2.18.0
diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch b/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
new file mode 100644
index 000000000..5ae2e0006
--- /dev/null
+++ b/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
@@ -0,0 +1,48 @@
+From 75669b077bd54bedbc086c60cbe137e7f4c685b5 Mon Sep 17 00:00:00 2001
+From: Vitezslav Crhonek <vcrhonek@redhat.com>
+Date: Mon, 24 Apr 2017 11:28:39 +0200
+Subject: [PATCH 2/2] Check OpenSSL version number to allow builds with older
+ version
+Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/lib/wsman-curl-client-transport.c | 4 ++++
+ src/server/shttpd/shttpd.c            | 4 ++++
+ 2 files changed, 8 insertions(+)
+diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
+index e64ad097..4fc047e8 100644
+--- a/src/lib/wsman-curl-client-transport.c
+++ b/src/lib/wsman-curl-client-transport.c
+@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void
+        unsigned int      tempFingerprintLen;
+        tempDigest = (EVP_MD*)EVP_sha1( );
+ 
+       #if OPENSSL_VERSION_NUMBER < 0x10100000L
+       X509 *cert = ctx->cert;
+       #else
+        X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+       #endif
+        if(!cert)
+                return 0;
+ 
+diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
+index 4c1dbf32..161720c8 100644
+--- a/src/server/shttpd/shttpd.c
+++ b/src/server/shttpd/shttpd.c
+@@ -1526,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+                        if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
+                                //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
+                                debug("SSL: disable %s protocol", protocols[idx].name);
+                               #if OPENSSL_VERSION_NUMBER < 0x10100000L
+                               SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
+                               #else
+                                SSL_CTX_set_options(CTX, protocols[idx].opt);
+                               #endif
+                                break;
+                        }
+                }
+-- 
+2.18.0
diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.4.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb
index f46a3bd25..5fba3855c 100644
--- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.4.bb
+++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb
@@ -15,13 +15,15 @@ DEPENDS = "curl libxml2 openssl libpam"
 inherit distro_features_check
 REQUIRED_DISTRO_FEATURES = "pam"
-SRCREV = "4aff7eaf5df948b6ed74cf4f8dd721a397bfb759"
+SRCREV = "e90e5c96e3006c372bf45e0185e33c9250e67df6"
-PV = "2.6.4"
+PV = "2.6.5"
 SRC_URI = "git://github.com/Openwsman/openwsman.git \
           file://libssl-is-required-if-eventint-supported.patch \
           file://openwsmand.service \
           file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
+           file://0001-Port-to-OpenSSL-1.1.0.patch \
+           file://0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch \
           "
 S = "${WORKDIR}/git"
@@ -68,3 +70,4 @@ FILES_${PN}-dbg += "${libdir}/openwsman/plugins/.debug/ \
                   "
 INSANE_SKIP_${PN} = "dev-so"
+RDEPENDS_${PN} = "ruby"
author	Khem Raj <raj.khem@gmail.com>	2018-09-05 11:29:03 -0700
committer	Khem Raj <raj.khem@gmail.com>	2018-09-08 13:32:12 -0700
commit	2647170181a3c727c43474e217fed58d0ecf243e (patch)
tree	a42f3083eb435bc2a571e569ac31c30720acbdf9 /meta-oe
parent	c829442cf94461a29467a192cbcd938a58a866f3 (diff)
download	meta-openembedded-2647170181a3c727c43474e217fed58d0ecf243e.tar.gz

diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch new file mode 100644 index 000000000..49afa56f5 --- /dev/null +++ b/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
@@ -0,0 +1,162 @@
		1	From f78643d2388dd0697f83f17880403253a0596d83 Mon Sep 17 00:00:00 2001
		2	From: Vitezslav Crhonek <vcrhonek@redhat.com>
		3	Date: Wed, 5 Sep 2018 11:23:46 -0700
		4	Subject: [PATCH 1/2] Port to OpenSSL 1.1.0
		5
		6	Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
		7	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		8	---
		9	src/lib/wsman-curl-client-transport.c \| 6 +++-
		10	src/server/shttpd/io_ssl.c \| 17 ----------
		11	src/server/shttpd/shttpd.c \| 20 ++++--------
		12	src/server/shttpd/ssl.h \| 46 ---------------------------
		13	4 files changed, 12 insertions(+), 77 deletions(-)
		14
		15	diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
		16	index cd7f517a..e64ad097 100644
		17	--- a/src/lib/wsman-curl-client-transport.c
		18	+++ b/src/lib/wsman-curl-client-transport.c
		19	@@ -241,12 +241,16 @@ write_handler( void ptr, size_t size, size_t nmemb, void data)
		20	static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX ctx, void arg)
		21	{
		22	unsigned char thumbprint = (unsigned char )arg;
		23	- X509 *cert = ctx->cert;
		24	EVP_MD *tempDigest;
		25
		26	unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
		27	unsigned int tempFingerprintLen;
		28	tempDigest = (EVP_MD*)EVP_sha1( );
		29	+
		30	+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
		31	+ if(!cert)
		32	+ return 0;
		33	+
		34	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
		35	return 0;
		36	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
		37	diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
		38	index 6de0db2a..7ac669e4 100644
		39	--- a/src/server/shttpd/io_ssl.c
		40	+++ b/src/server/shttpd/io_ssl.c
		41	@@ -11,23 +11,6 @@
		42	#include "defs.h"
		43
		44	#if !defined(NO_SSL)
		45	-struct ssl_func ssl_sw[] = {
		46	- {"SSL_free", {0}},
		47	- {"SSL_accept", {0}},
		48	- {"SSL_connect", {0}},
		49	- {"SSL_read", {0}},
		50	- {"SSL_write", {0}},
		51	- {"SSL_get_error", {0}},
		52	- {"SSL_set_fd", {0}},
		53	- {"SSL_new", {0}},
		54	- {"SSL_CTX_new", {0}},
		55	- {"SSLv23_server_method", {0}},
		56	- {"SSL_library_init", {0}},
		57	- {"SSL_CTX_use_PrivateKey_file", {0}},
		58	- {"SSL_CTX_use_certificate_file",{0}},
		59	- {NULL, {0}}
		60	-};
		61	-
		62	void
		63	_shttpd_ssl_handshake(struct stream *stream)
		64	{
		65	diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
		66	index 5876392e..4c1dbf32 100644
		67	--- a/src/server/shttpd/shttpd.c
		68	+++ b/src/server/shttpd/shttpd.c
		69	@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx ctx, const char pem)
		70	int retval = FALSE;
		71	EC_KEY* key;
		72
		73	- /* Load SSL library dynamically */
		74	- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
		75	- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
		76	- return (FALSE);
		77	- }
		78	-
		79	- for (fp = ssl_sw; fp->name != NULL; fp++)
		80	- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
		81	- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
		82	- return (FALSE);
		83	- }
		84	-
		85	/* Initialize SSL crap */
		86	+ debug("Initialize SSL");
		87	+ SSL_load_error_strings();
		88	+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
		89	SSL_library_init();
		90	+ #else
		91	+ OPENSSL_init_ssl(0, NULL);
		92	+ #endif
		93
		94	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
		95	_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
		96	@@ -1532,7 +1526,7 @@ set_ssl(struct shttpd_ctx ctx, const char pem)
		97	if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
		98	//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
		99	debug("SSL: disable %s protocol", protocols[idx].name);
		100	- SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
		101	+ SSL_CTX_set_options(CTX, protocols[idx].opt);
		102	break;
		103	}
		104	}
		105	diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
		106	index a863f2c7..8dad0109 100644
		107	--- a/src/server/shttpd/ssl.h
		108	+++ b/src/server/shttpd/ssl.h
		109	@@ -12,50 +12,4 @@
		110
		111	#include <openssl/ssl.h>
		112
		113	-#else
		114	-
		115	-/*
		116	- * Snatched from OpenSSL includes. I put the prototypes here to be independent
		117	- * from the OpenSSL source installation. Having this, shttpd + SSL can be
		118	- * built on any system with binary SSL libraries installed.
		119	- */
		120	-
		121	-typedef struct ssl_st SSL;
		122	-typedef struct ssl_method_st SSL_METHOD;
		123	-typedef struct ssl_ctx_st SSL_CTX;
		124	-
		125	-#define SSL_ERROR_WANT_READ 2
		126	-#define SSL_ERROR_WANT_WRITE 3
		127	-#define SSL_ERROR_SYSCALL 5
		128	-#define SSL_FILETYPE_PEM 1
		129	-
		130	#endif
		131	-
		132	-/*
		133	- * Dynamically loaded SSL functionality
		134	- */
		135	-struct ssl_func {
		136	- const char name; / SSL function name */
		137	- union variant ptr; /* Function pointer */
		138	-};
		139	-
		140	-extern struct ssl_func ssl_sw[];
		141	-
		142	-#define FUNC(x) ssl_sw[x].ptr.v_func
		143	-
		144	-#define SSL_free(x) (* (void ()(SSL )) FUNC(0))(x)
		145	-#define SSL_accept(x) (* (int ()(SSL )) FUNC(1))(x)
		146	-#define SSL_connect(x) (* (int ()(SSL )) FUNC(2))(x)
		147	-#define SSL_read(x,y,z) (* (int ()(SSL , void *, int)) FUNC(3))((x),(y),(z))
		148	-#define SSL_write(x,y,z) \
		149	- (* (int ()(SSL , const void *,int)) FUNC(4))((x), (y), (z))
		150	-#define SSL_get_error(x,y)(* (int ()(SSL , int)) FUNC(5))((x), (y))
		151	-#define SSL_set_fd(x,y) (* (int ()(SSL , int)) FUNC(6))((x), (y))
		152	-#define SSL_new(x) (* (SSL * ()(SSL_CTX )) FUNC(7))(x)
		153	-#define SSL_CTX_new(x) (* (SSL_CTX * ()(SSL_METHOD )) FUNC(8))(x)
		154	-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
		155	-#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
		156	-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int ()(SSL_CTX , \
		157	- const char *, int)) FUNC(11))((x), (y), (z))
		158	-#define SSL_CTX_use_certificate_file(x,y,z) (* (int ()(SSL_CTX , \
		159	- const char *, int)) FUNC(12))((x), (y), (z))
		160	--
		161	2.18.0
		162


diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch b/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch new file mode 100644 index 000000000..5ae2e0006 --- /dev/null +++ b/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
@@ -0,0 +1,48 @@
		1	From 75669b077bd54bedbc086c60cbe137e7f4c685b5 Mon Sep 17 00:00:00 2001
		2	From: Vitezslav Crhonek <vcrhonek@redhat.com>
		3	Date: Mon, 24 Apr 2017 11:28:39 +0200
		4	Subject: [PATCH 2/2] Check OpenSSL version number to allow builds with older
		5	version
		6
		7	Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
		8	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		9	---
		10	src/lib/wsman-curl-client-transport.c \| 4 ++++
		11	src/server/shttpd/shttpd.c \| 4 ++++
		12	2 files changed, 8 insertions(+)
		13
		14	diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
		15	index e64ad097..4fc047e8 100644
		16	--- a/src/lib/wsman-curl-client-transport.c
		17	+++ b/src/lib/wsman-curl-client-transport.c
		18	@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void
		19	unsigned int tempFingerprintLen;
		20	tempDigest = (EVP_MD*)EVP_sha1( );
		21
		22	+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
		23	+ X509 *cert = ctx->cert;
		24	+ #else
		25	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
		26	+ #endif
		27	if(!cert)
		28	return 0;
		29
		30	diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
		31	index 4c1dbf32..161720c8 100644
		32	--- a/src/server/shttpd/shttpd.c
		33	+++ b/src/server/shttpd/shttpd.c
		34	@@ -1526,7 +1526,11 @@ set_ssl(struct shttpd_ctx ctx, const char pem)
		35	if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
		36	//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
		37	debug("SSL: disable %s protocol", protocols[idx].name);
		38	+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
		39	+ SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
		40	+ #else
		41	SSL_CTX_set_options(CTX, protocols[idx].opt);
		42	+ #endif
		43	break;
		44	}
		45	}
		46	--
		47	2.18.0
		48


diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.4.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb index f46a3bd25..5fba3855c 100644 --- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.4.bb +++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb
@@ -15,13 +15,15 @@ DEPENDS = "curl libxml2 openssl libpam"
15	inherit distro_features_check	15	inherit distro_features_check
16	REQUIRED_DISTRO_FEATURES = "pam"	16	REQUIRED_DISTRO_FEATURES = "pam"
17		17
18	SRCREV = "4aff7eaf5df948b6ed74cf4f8dd721a397bfb759"	18	SRCREV = "e90e5c96e3006c372bf45e0185e33c9250e67df6"
19	PV = "2.6.4"	19	PV = "2.6.5"
20		20
21	SRC_URI = "git://github.com/Openwsman/openwsman.git \	21	SRC_URI = "git://github.com/Openwsman/openwsman.git \
22	file://libssl-is-required-if-eventint-supported.patch \	22	file://libssl-is-required-if-eventint-supported.patch \
23	file://openwsmand.service \	23	file://openwsmand.service \
24	file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \	24	file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
		25	file://0001-Port-to-OpenSSL-1.1.0.patch \
		26	file://0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch \
25	"	27	"
26		28
27	S = "${WORKDIR}/git"	29	S = "${WORKDIR}/git"
@@ -68,3 +70,4 @@ FILES_${PN}-dbg += "${libdir}/openwsman/plugins/.debug/ \
68	"	70	"
69		71
70	INSANE_SKIP_${PN} = "dev-so"	72	INSANE_SKIP_${PN} = "dev-so"
		73	RDEPENDS_${PN} = "ruby"