diff options
author | Khem Raj <raj.khem@gmail.com> | 2018-09-04 10:59:31 -0700 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2018-09-08 13:32:12 -0700 |
commit | 988a858f5e4a09fde34d42d6a3054c13770e4ede (patch) | |
tree | 0a9c867c3ee12c4189d2a8d230ba0283305b27f1 /meta-oe | |
parent | 358ad2b9cf55f8c4d6de88b7ef74674740543fdc (diff) | |
download | meta-openembedded-988a858f5e4a09fde34d42d6a3054c13770e4ede.tar.gz |
uw-imap: Fix build with openSSL 1.1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch | 71 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 |
2 files changed, 72 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch new file mode 100644 index 000000000..d5610bbcd --- /dev/null +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 4c684542816a08b95444b8e2515f24d084e6e3c3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Khem Raj <raj.khem@gmail.com> | ||
3 | Date: Tue, 4 Sep 2018 22:05:17 -0700 | ||
4 | Subject: [PATCH] Support OpenSSL 1.1 | ||
5 | |||
6 | When building with OpenSSL 1.1 and newer, use the new built-in | ||
7 | hostname verification instead of code that doesn't compile due to | ||
8 | structs having been made opaque. | ||
9 | Bug-Debian: https://bugs.debian.org/828589 | ||
10 | |||
11 | Upstream-Status: Unknown | ||
12 | |||
13 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
14 | --- | ||
15 | src/osdep/unix/ssl_unix.c | 14 +++++++++++++- | ||
16 | 1 file changed, 13 insertions(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c | ||
19 | index 3bfdff3..dec9467 100644 | ||
20 | --- a/src/osdep/unix/ssl_unix.c | ||
21 | +++ b/src/osdep/unix/ssl_unix.c | ||
22 | @@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) | ||
23 | /* disable certificate validation? */ | ||
24 | if (flags & NET_NOVALIDATECERT) | ||
25 | SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); | ||
26 | - else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); | ||
27 | + else { | ||
28 | +#if OPENSSL_VERSION_NUMBER >= 0x10100000 | ||
29 | + X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); | ||
30 | + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); | ||
31 | + X509_VERIFY_PARAM_set1_host(param, host, 0); | ||
32 | +#endif | ||
33 | + | ||
34 | + SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); | ||
35 | /* set default paths to CAs... */ | ||
36 | + } | ||
37 | SSL_CTX_set_default_verify_paths (stream->context); | ||
38 | /* ...unless a non-standard path desired */ | ||
39 | if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) | ||
40 | @@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) | ||
41 | if (SSL_write (stream->con,"",0) < 0) | ||
42 | return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; | ||
43 | /* need to validate host names? */ | ||
44 | +#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
45 | if (!(flags & NET_NOVALIDATECERT) && | ||
46 | (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), | ||
47 | host))) { | ||
48 | @@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) | ||
49 | sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); | ||
50 | return ssl_last_error = cpystr (tmp); | ||
51 | } | ||
52 | +#endif | ||
53 | return NIL; | ||
54 | } | ||
55 | |||
56 | @@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx) | ||
57 | * Returns: NIL if validated, else string of error message | ||
58 | */ | ||
59 | |||
60 | +#if OPENSSL_VERSION_NUMBER < 0x10100000 | ||
61 | static char *ssl_validate_cert (X509 *cert,char *host) | ||
62 | { | ||
63 | int i,n; | ||
64 | @@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *cert,char *host) | ||
65 | else ret = "Unable to locate common name in certificate"; | ||
66 | return ret; | ||
67 | } | ||
68 | +#endif | ||
69 | |||
70 | /* Case-independent wildcard pattern match | ||
71 | * Accepts: base string | ||
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index 4c055e54c..0000f05ae 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb | |||
@@ -10,6 +10,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ | |||
10 | file://quote_cctype.patch \ | 10 | file://quote_cctype.patch \ |
11 | file://imap-2007e-shared.patch \ | 11 | file://imap-2007e-shared.patch \ |
12 | file://imap-2007f-format-security.patch \ | 12 | file://imap-2007f-format-security.patch \ |
13 | file://0001-Support-OpenSSL-1.1.patch \ | ||
13 | " | 14 | " |
14 | 15 | ||
15 | SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" | 16 | SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" |