summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch42
-rw-r--r--meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch162
-rw-r--r--meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch77
-rw-r--r--meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch48
-rw-r--r--meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb (renamed from meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb)12
5 files changed, 126 insertions, 215 deletions
diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch
new file mode 100644
index 0000000000..4dcd108005
--- /dev/null
+++ b/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch
@@ -0,0 +1,42 @@
1From f2c37fab5dbaffa06c1268ee1309596306c9a4df Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Tue, 20 Nov 2018 12:23:47 -0800
4Subject: [PATCH] Adjust for CURLE_SSL_CACERT deprecation in curl >= 7.62
5
6Use CURLE_PEER_FAILED_VERIFICATION instead
7
8Upstream-Status: Pending
9
10Signed-off-by: Khem Raj <raj.khem@gmail.com>
11---
12 src/lib/wsman-curl-client-transport.c | 7 +++++++
13 1 file changed, 7 insertions(+)
14
15diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
16index d0a3829b..92727f4f 100644
17--- a/src/lib/wsman-curl-client-transport.c
18+++ b/src/lib/wsman-curl-client-transport.c
19@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r)
20 return WS_LASTERR_SSL_CONNECT_ERROR;
21 case CURLE_BAD_FUNCTION_ARGUMENT:
22 return WS_LASTERR_CURL_BAD_FUNCTION_ARG;
23+#if LIBCURL_VERSION_NUM < 0x073E00
24 case CURLE_SSL_PEER_CERTIFICATE:
25 return WS_LASTERR_SSL_PEER_CERTIFICATE;
26+#endif
27 case CURLE_SSL_ENGINE_NOTFOUND:
28 return WS_LASTERR_SSL_ENGINE_NOTFOUND;
29 case CURLE_SSL_ENGINE_SETFAILED:
30 return WS_LASTERR_SSL_ENGINE_SETFAILED;
31 case CURLE_SSL_CERTPROBLEM:
32 return WS_LASTERR_SSL_CERTPROBLEM;
33+#if LIBCURL_VERSION_NUM < 0x073E00
34 case CURLE_SSL_CACERT:
35 return WS_LASTERR_SSL_CACERT;
36+#else
37+ case CURLE_PEER_FAILED_VERIFICATION:
38+ return WS_LASTERR_SSL_PEER_CERTIFICATE;
39+#endif
40 #if LIBCURL_VERSION_NUM > 0x70C01
41 case CURLE_SSL_ENGINE_INITFAILED:
42 return WS_LASTERR_SSL_ENGINE_INITFAILED;
diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
deleted file mode 100644
index 49afa56f56..0000000000
--- a/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
+++ /dev/null
@@ -1,162 +0,0 @@
1From f78643d2388dd0697f83f17880403253a0596d83 Mon Sep 17 00:00:00 2001
2From: Vitezslav Crhonek <vcrhonek@redhat.com>
3Date: Wed, 5 Sep 2018 11:23:46 -0700
4Subject: [PATCH 1/2] Port to OpenSSL 1.1.0
5
6Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
7Signed-off-by: Khem Raj <raj.khem@gmail.com>
8---
9 src/lib/wsman-curl-client-transport.c | 6 +++-
10 src/server/shttpd/io_ssl.c | 17 ----------
11 src/server/shttpd/shttpd.c | 20 ++++--------
12 src/server/shttpd/ssl.h | 46 ---------------------------
13 4 files changed, 12 insertions(+), 77 deletions(-)
14
15diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
16index cd7f517a..e64ad097 100644
17--- a/src/lib/wsman-curl-client-transport.c
18+++ b/src/lib/wsman-curl-client-transport.c
19@@ -241,12 +241,16 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data)
20 static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
21 {
22 unsigned char *thumbprint = (unsigned char *)arg;
23- X509 *cert = ctx->cert;
24 EVP_MD *tempDigest;
25
26 unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
27 unsigned int tempFingerprintLen;
28 tempDigest = (EVP_MD*)EVP_sha1( );
29+
30+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
31+ if(!cert)
32+ return 0;
33+
34 if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
35 return 0;
36 if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
37diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
38index 6de0db2a..7ac669e4 100644
39--- a/src/server/shttpd/io_ssl.c
40+++ b/src/server/shttpd/io_ssl.c
41@@ -11,23 +11,6 @@
42 #include "defs.h"
43
44 #if !defined(NO_SSL)
45-struct ssl_func ssl_sw[] = {
46- {"SSL_free", {0}},
47- {"SSL_accept", {0}},
48- {"SSL_connect", {0}},
49- {"SSL_read", {0}},
50- {"SSL_write", {0}},
51- {"SSL_get_error", {0}},
52- {"SSL_set_fd", {0}},
53- {"SSL_new", {0}},
54- {"SSL_CTX_new", {0}},
55- {"SSLv23_server_method", {0}},
56- {"SSL_library_init", {0}},
57- {"SSL_CTX_use_PrivateKey_file", {0}},
58- {"SSL_CTX_use_certificate_file",{0}},
59- {NULL, {0}}
60-};
61-
62 void
63 _shttpd_ssl_handshake(struct stream *stream)
64 {
65diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
66index 5876392e..4c1dbf32 100644
67--- a/src/server/shttpd/shttpd.c
68+++ b/src/server/shttpd/shttpd.c
69@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
70 int retval = FALSE;
71 EC_KEY* key;
72
73- /* Load SSL library dynamically */
74- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
75- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
76- return (FALSE);
77- }
78-
79- for (fp = ssl_sw; fp->name != NULL; fp++)
80- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
81- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
82- return (FALSE);
83- }
84-
85 /* Initialize SSL crap */
86+ debug("Initialize SSL");
87+ SSL_load_error_strings();
88+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
89 SSL_library_init();
90+ #else
91+ OPENSSL_init_ssl(0, NULL);
92+ #endif
93
94 if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
95 _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
96@@ -1532,7 +1526,7 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
97 if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
98 //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
99 debug("SSL: disable %s protocol", protocols[idx].name);
100- SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
101+ SSL_CTX_set_options(CTX, protocols[idx].opt);
102 break;
103 }
104 }
105diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
106index a863f2c7..8dad0109 100644
107--- a/src/server/shttpd/ssl.h
108+++ b/src/server/shttpd/ssl.h
109@@ -12,50 +12,4 @@
110
111 #include <openssl/ssl.h>
112
113-#else
114-
115-/*
116- * Snatched from OpenSSL includes. I put the prototypes here to be independent
117- * from the OpenSSL source installation. Having this, shttpd + SSL can be
118- * built on any system with binary SSL libraries installed.
119- */
120-
121-typedef struct ssl_st SSL;
122-typedef struct ssl_method_st SSL_METHOD;
123-typedef struct ssl_ctx_st SSL_CTX;
124-
125-#define SSL_ERROR_WANT_READ 2
126-#define SSL_ERROR_WANT_WRITE 3
127-#define SSL_ERROR_SYSCALL 5
128-#define SSL_FILETYPE_PEM 1
129-
130 #endif
131-
132-/*
133- * Dynamically loaded SSL functionality
134- */
135-struct ssl_func {
136- const char *name; /* SSL function name */
137- union variant ptr; /* Function pointer */
138-};
139-
140-extern struct ssl_func ssl_sw[];
141-
142-#define FUNC(x) ssl_sw[x].ptr.v_func
143-
144-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x)
145-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x)
146-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x)
147-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
148-#define SSL_write(x,y,z) \
149- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
150-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
151-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y))
152-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
153-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
154-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
155-#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
156-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
157- const char *, int)) FUNC(11))((x), (y), (z))
158-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \
159- const char *, int)) FUNC(12))((x), (y), (z))
160--
1612.18.0
162
diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch b/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch
new file mode 100644
index 0000000000..8d230ba6d9
--- /dev/null
+++ b/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch
@@ -0,0 +1,77 @@
1From 634b95157e1823672a2c95fac0cecf079b5967e7 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
3Date: Mon, 19 Nov 2018 15:31:27 +0100
4Subject: [PATCH] openSSL 1.1.0 API fixes
5
6---
7 src/server/shttpd/io_ssl.c | 5 +++++
8 src/server/shttpd/shttpd.c | 11 ++++++++++-
9 src/server/shttpd/ssl.h | 3 +++
10 3 files changed, 18 insertions(+), 1 deletion(-)
11
12diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
13index 6de0db2a..ece610ef 100644
14--- a/src/server/shttpd/io_ssl.c
15+++ b/src/server/shttpd/io_ssl.c
16@@ -21,8 +21,13 @@ struct ssl_func ssl_sw[] = {
17 {"SSL_set_fd", {0}},
18 {"SSL_new", {0}},
19 {"SSL_CTX_new", {0}},
20+#if OPENSSL_VERSION_NUMBER < 0x10100000L
21 {"SSLv23_server_method", {0}},
22 {"SSL_library_init", {0}},
23+#else
24+ {"TLS_server_method", {0}},
25+ {"OPENSSL_init_ssl", {0}},
26+#endif
27 {"SSL_CTX_use_PrivateKey_file", {0}},
28 {"SSL_CTX_use_certificate_file",{0}},
29 {NULL, {0}}
30diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
31index f0f3fbd8..652aea17 100644
32--- a/src/server/shttpd/shttpd.c
33+++ b/src/server/shttpd/shttpd.c
34@@ -1489,9 +1489,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
35 }
36
37 /* Initialize SSL crap */
38- SSL_library_init();
39
40+#if OPENSSL_VERSION_NUMBER < 0x10100000L
41+ SSL_library_init();
42 if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
43+#else
44+ OPENSSL_init_ssl();
45+ if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL)
46+#endif
47 _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
48 else if (SSL_CTX_use_certificate_file(CTX, wsmand_options_get_ssl_cert_file(), SSL_FILETYPE_PEM) != 1)
49 _shttpd_elog(E_LOG, NULL, "cannot open certificate file %s", pem);
50@@ -1552,6 +1557,10 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
51 if (rc != 1) {
52 _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
53 }
54+ else if ((*ssl_cipher_list == 0) || (*ssl_cipher_list == ' ')) {
55+ _shttpd_elog(E_LOG, NULL, "Empty 'ssl_cipher_list' defaults to 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'.");
56+ _shttpd_elog(E_LOG, NULL, "Check openSSL documentation.");
57+ }
58 }
59 ctx->ssl_ctx = CTX;
60
61diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
62index 2304b70a..89a73c49 100644
63--- a/src/server/shttpd/ssl.h
64+++ b/src/server/shttpd/ssl.h
65@@ -56,6 +56,9 @@ extern struct ssl_func ssl_sw[];
66 #if OPENSSL_VERSION_NUMBER < 0x10100000L
67 #define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
68 #define SSL_library_init() (* (int (*)(void)) FUNC(10))()
69+#else
70+#define TLS_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
71+#define OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))()
72 #endif
73 #define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
74 const char *, int)) FUNC(11))((x), (y), (z))
75--
762.19.1
77
diff --git a/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch b/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
deleted file mode 100644
index 5ae2e0006e..0000000000
--- a/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From 75669b077bd54bedbc086c60cbe137e7f4c685b5 Mon Sep 17 00:00:00 2001
2From: Vitezslav Crhonek <vcrhonek@redhat.com>
3Date: Mon, 24 Apr 2017 11:28:39 +0200
4Subject: [PATCH 2/2] Check OpenSSL version number to allow builds with older
5 version
6
7Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
8Signed-off-by: Khem Raj <raj.khem@gmail.com>
9---
10 src/lib/wsman-curl-client-transport.c | 4 ++++
11 src/server/shttpd/shttpd.c | 4 ++++
12 2 files changed, 8 insertions(+)
13
14diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
15index e64ad097..4fc047e8 100644
16--- a/src/lib/wsman-curl-client-transport.c
17+++ b/src/lib/wsman-curl-client-transport.c
18@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void
19 unsigned int tempFingerprintLen;
20 tempDigest = (EVP_MD*)EVP_sha1( );
21
22+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
23+ X509 *cert = ctx->cert;
24+ #else
25 X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
26+ #endif
27 if(!cert)
28 return 0;
29
30diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
31index 4c1dbf32..161720c8 100644
32--- a/src/server/shttpd/shttpd.c
33+++ b/src/server/shttpd/shttpd.c
34@@ -1526,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
35 if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
36 //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
37 debug("SSL: disable %s protocol", protocols[idx].name);
38+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
39+ SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
40+ #else
41 SSL_CTX_set_options(CTX, protocols[idx].opt);
42+ #endif
43 break;
44 }
45 }
46--
472.18.0
48
diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb
index 5fba3855c0..f04ff01d96 100644
--- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb
+++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb
@@ -15,15 +15,15 @@ DEPENDS = "curl libxml2 openssl libpam"
15inherit distro_features_check 15inherit distro_features_check
16REQUIRED_DISTRO_FEATURES = "pam" 16REQUIRED_DISTRO_FEATURES = "pam"
17 17
18SRCREV = "e90e5c96e3006c372bf45e0185e33c9250e67df6" 18# v2.6.8
19PV = "2.6.5" 19SRCREV = "b9cd0b72534854abb6dd834c8c11e02111b4c8d7"
20 20
21SRC_URI = "git://github.com/Openwsman/openwsman.git \ 21SRC_URI = "git://github.com/Openwsman/openwsman.git \
22 file://libssl-is-required-if-eventint-supported.patch \ 22 file://libssl-is-required-if-eventint-supported.patch \
23 file://openwsmand.service \ 23 file://openwsmand.service \
24 file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ 24 file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
25 file://0001-Port-to-OpenSSL-1.1.0.patch \ 25 file://0001-openSSL-1.1.0-API-fixes.patch \
26 file://0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch \ 26 file://0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch \
27 " 27 "
28 28
29S = "${WORKDIR}/git" 29S = "${WORKDIR}/git"
@@ -31,7 +31,7 @@ S = "${WORKDIR}/git"
31LICENSE = "BSD" 31LICENSE = "BSD"
32LIC_FILES_CHKSUM = "file://COPYING;md5=d4f53d4c6cf73b9d43186ce3be6dd0ba" 32LIC_FILES_CHKSUM = "file://COPYING;md5=d4f53d4c6cf73b9d43186ce3be6dd0ba"
33 33
34inherit systemd cmake pkgconfig pythonnative perlnative 34inherit systemd cmake pkgconfig python3native perlnative
35 35
36SYSTEMD_SERVICE_${PN} = "openwsmand.service" 36SYSTEMD_SERVICE_${PN} = "openwsmand.service"
37SYSTEMD_AUTO_ENABLE = "disable" 37SYSTEMD_AUTO_ENABLE = "disable"
@@ -41,6 +41,8 @@ LDFLAGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', " -fuse-
41EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \ 41EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \
42 -DBUILD_LIBCIM=NO \ 42 -DBUILD_LIBCIM=NO \
43 -DBUILD_PERL=YES \ 43 -DBUILD_PERL=YES \
44 -DBUILD_PYTHON3=YES \
45 -DBUILD_PYTHON=NO \
44 -DCMAKE_INSTALL_PREFIX=${prefix} \ 46 -DCMAKE_INSTALL_PREFIX=${prefix} \
45 -DLIB=${baselib} \ 47 -DLIB=${baselib} \
46 " 48 "
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-17 11:49:03 +0000