Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Lukas Niegsch
slapos
Commits
98b4edf5
Commit
98b4edf5
authored
Jul 01, 2019
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
component/cclient: build with OpenSSL 1.1.
parent
7a9ee669
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
90 additions
and
11 deletions
+90
-11
component/cclient/buildout.cfg
component/cclient/buildout.cfg
+4
-11
component/cclient/imap-2007f-openssl-1.1.patch
component/cclient/imap-2007f-openssl-1.1.patch
+86
-0
No files found.
component/cclient/buildout.cfg
View file @
98b4edf5
...
@@ -6,17 +6,8 @@ extends =
...
@@ -6,17 +6,8 @@ extends =
../openssl/buildout.cfg
../openssl/buildout.cfg
parts =
parts =
cclient-patch
cclient
cclient
[cclient-patch]
recipe = hexagonit.recipe.download
ignore-existing = true
download-only = true
url = ${:_profile_base_location_}/imap-2007f.patch
md5sum = 42c77fdd5d7a976fc302b93aadb3da98
filename = imap-2007f.patch
[cclient]
[cclient]
recipe = slapos.recipe.cmmi
recipe = slapos.recipe.cmmi
url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
url = ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
...
@@ -31,10 +22,12 @@ make-options =
...
@@ -31,10 +22,12 @@ make-options =
IP=6
IP=6
SSLLIB=${openssl:location}/lib
SSLLIB=${openssl:location}/lib
EXTRACFLAGS=-fPIC
EXTRACFLAGS=-fPIC
EXTRALDFLAGS="-Wl,-rpath -Wl,${openssl:location}/lib"
CCLIENT=${buildout:parts-directory}
CCLIENT=${buildout:parts-directory}
-j1
-j1
patches =
patches =
${cclient-patch:location}/${cclient-patch:filename}
${:_profile_base_location_}/imap-2007f.patch#42c77fdd5d7a976fc302b93aadb3da98
${:_profile_base_location_}/imap-2007f-openssl-1.1.patch#c726354e888f2f3b3954e334903cef80
patch-options = -p1
patch-options = -p1
component/cclient/imap-2007f-openssl-1.1.patch
0 → 100644
View file @
98b4edf5
From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 2 Sep 2016 21:33:33 +0000
Subject: [PATCH] uw-imap: compile against openssl 1.1.0
I *think* I replaced access to cert->name with certificate's subject name. I
assume that the re-aranged C-code is doing the same thing. A double check
wouldn't hurt :)
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
index 3bfdff3..836e9fa 100644
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -59,7 +59,7 @@
typedef struct ssl_stream {
static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
-static char *ssl_validate_cert (X509 *cert,char *host);
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
long *contd);
@@ -210,6 +210,7 @@
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
BIO *bio;
X509 *cert;
unsigned long sl,tl;
+ char cert_subj[250];
char *s,*t,*err,tmp[MAILTMPLEN];
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
@@ -266,14 +267,19 @@
static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
- if (!(flags & NET_NOVALIDATECERT) &&
- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
- host))) {
- /* application callback */
- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
+ if (!(flags & NET_NOVALIDATECERT)) {
+
+ cert_subj[0] = '\0';
+ cert = SSL_get_peer_certificate(stream->con);
+ if (cert)
+ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
+ err = ssl_validate_cert (cert, host, cert_subj);
+ if (err)
+ /* application callback */
+ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
/* error message to return via mm_log() */
- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
- return ssl_last_error = cpystr (tmp);
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
+ return ssl_last_error = cpystr (tmp);
}
return NIL;
}
@@ -313,7 +319,7 @@
static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
* Returns: NIL if validated, else string of error message
*/
-static char *ssl_validate_cert (X509 *cert,char *host)
+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
{
int i,n;
char *s,*t,*ret;
@@ -322,9 +328,9 @@
static char *ssl_validate_cert (X509 *cert,char *host)
/* make sure have a certificate */
if (!cert) ret = "No certificate from server";
/* and that it has a name */
- else if (!cert->name) ret = "No name in certificate";
+ else if (cert_subj[0] == '\0') ret = "No name in certificate";
/* locate CN */
- else if (s = strstr (cert->name,"/CN=")) {
+ else if (s = strstr (cert_subj,"/CN=")) {
if (t = strchr (s += 4,'/')) *t = '\0';
/* host name matches pattern? */
ret = ssl_compare_hostnames (host,s) ? NIL :
--
2.9.3
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment