wok-current view c-client/stuff/c-client-2007f-openssl-1.1.patch @ rev 25701
Fix dep for libglamoregl.so (libepoxy), and miss file for amdgpu (thanks alanyih)
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Fri Apr 19 12:48:51 2024 +0000 (2 months ago) |
| parents | |
| children |
line source
1 diff -Nru a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
2 --- a/src/osdep/unix/ssl_unix.c 2011-07-23 02:20:10.000000000 +0200
3 +++ b/src/osdep/unix/ssl_unix.c 2018-09-22 09:34:26.492765776 +0200
4 @@ -59,7 +59,7 @@
5 static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
6 static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
7 static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
8 -static char *ssl_validate_cert (X509 *cert,char *host);
9 +static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
10 static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
11 static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
12 long *contd);
13 @@ -210,6 +210,7 @@
14 BIO *bio;
15 X509 *cert;
16 unsigned long sl,tl;
17 + char cert_subj[250];
18 char *s,*t,*err,tmp[MAILTMPLEN];
19 sslcertificatequery_t scq =
20 (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
21 @@ -266,13 +267,17 @@
22 if (SSL_write (stream->con,"",0) < 0)
23 return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
24 /* need to validate host names? */
25 - if (!(flags & NET_NOVALIDATECERT) &&
26 - (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
27 - host))) {
28 - /* application callback */
29 - if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
30 - /* error message to return via mm_log() */
31 - sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
32 + if (!(flags & NET_NOVALIDATECERT)) {
33 + cert_subj[0] = '\0';
34 + cert = SSL_get_peer_certificate(stream->con);
35 + if (cert)
36 + X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
37 + err = ssl_validate_cert (cert, host, cert_subj);
38 + if (err)
39 + /* application callback */
40 + if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
41 + /* error message to return via mm_log() */
42 + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
43 return ssl_last_error = cpystr (tmp);
44 }
45 return NIL;
46 @@ -313,7 +318,7 @@
47 * Returns: NIL if validated, else string of error message
48 */
50 -static char *ssl_validate_cert (X509 *cert,char *host)
51 +static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
52 {
53 int i,n;
54 char *s,*t,*ret;
55 @@ -322,9 +327,9 @@
56 /* make sure have a certificate */
57 if (!cert) ret = "No certificate from server";
58 /* and that it has a name */
59 - else if (!cert->name) ret = "No name in certificate";
60 + else if (cert_subj[0] == '\0') ret = "No name in certificate";
61 /* locate CN */
62 - else if (s = strstr (cert->name,"/CN=")) {
63 + else if (s = strstr (cert_subj,"/CN=")) {
64 if (t = strchr (s += 4,'/')) *t = '\0';
65 /* host name matches pattern? */
66 ret = ssl_compare_hostnames (host,s) ? NIL :