summaryrefslogtreecommitdiff
path: root/package/stunnel/patches
diff options
context:
space:
mode:
Diffstat (limited to 'package/stunnel/patches')
-rw-r--r--package/stunnel/patches/patch-configure_ac6
-rw-r--r--package/stunnel/patches/patch-src_verify_c75
2 files changed, 78 insertions, 3 deletions
diff --git a/package/stunnel/patches/patch-configure_ac b/package/stunnel/patches/patch-configure_ac
index 62f92963c..b9ccb30ab 100644
--- a/package/stunnel/patches/patch-configure_ac
+++ b/package/stunnel/patches/patch-configure_ac
@@ -1,6 +1,6 @@
---- stunnel-5.16.orig/configure.ac 2015-04-16 16:03:28.000000000 +0200
-+++ stunnel-5.16/configure.ac 2015-04-25 04:32:12.000000000 +0200
-@@ -71,13 +71,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
+--- stunnel-5.24.orig/configure.ac 2015-09-02 23:21:07.000000000 +0200
++++ stunnel-5.24/configure.ac 2015-10-21 10:48:27.000000000 +0200
+@@ -72,13 +72,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
AX_APPEND_COMPILE_FLAGS([-Wconversion])
AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
diff --git a/package/stunnel/patches/patch-src_verify_c b/package/stunnel/patches/patch-src_verify_c
new file mode 100644
index 000000000..f326adf0b
--- /dev/null
+++ b/package/stunnel/patches/patch-src_verify_c
@@ -0,0 +1,75 @@
+--- stunnel-5.24.orig/src/verify.c 2015-09-23 12:00:08.000000000 +0200
++++ stunnel-5.24/src/verify.c 2015-10-21 11:17:41.000000000 +0200
+@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE *
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+ NOEXPORT int compare_pubkeys(X509 *, X509 *);
+ #ifndef OPENSSL_NO_OCSP
+@@ -280,10 +277,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
+ }
+
+ if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+- if(!cert_check_subject(c, callback_ctx))
+- return 0; /* reject */
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx))
+ return 0; /* reject */
+ }
+@@ -291,51 +284,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
+ return 1; /* accept */
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+- X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+- NAME_LIST *ptr;
+- char *peername=NULL;
+-
+- if(c->opt->check_host) {
+- for(ptr=c->opt->check_host; ptr; ptr=ptr->next)
+- if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0)
+- break;
+- if(!ptr) {
+- s_log(LOG_WARNING, "CERT: No matching host name found");
+- return 0; /* reject */
+- }
+- s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"",
+- ptr->name, peername);
+- OPENSSL_free(peername);
+- }
+-
+- if(c->opt->check_email) {
+- for(ptr=c->opt->check_email; ptr; ptr=ptr->next)
+- if(X509_check_email(cert, ptr->name, 0, 0)>0)
+- break;
+- if(!ptr) {
+- s_log(LOG_WARNING, "CERT: No matching email address found");
+- return 0; /* reject */
+- }
+- s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name);
+- }
+-
+- if(c->opt->check_ip) {
+- for(ptr=c->opt->check_ip; ptr; ptr=ptr->next)
+- if(X509_check_ip_asc(cert, ptr->name, 0)>0)
+- break;
+- if(!ptr) {
+- s_log(LOG_WARNING, "CERT: No matching IP address found");
+- return 0; /* reject */
+- }
+- s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name);
+- }
+-
+- return 1; /* accept */
+-}
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+-
+ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ X509 *cert;
+ X509_NAME *subject;