diff options
Diffstat (limited to 'package/stunnel')
-rw-r--r-- | package/stunnel/Makefile | 4 | ||||
-rw-r--r-- | package/stunnel/patches/patch-configure_ac | 6 | ||||
-rw-r--r-- | package/stunnel/patches/patch-src_verify_c | 75 |
3 files changed, 80 insertions, 5 deletions
diff --git a/package/stunnel/Makefile b/package/stunnel/Makefile index 9169cfc64..e43c99d7e 100644 --- a/package/stunnel/Makefile +++ b/package/stunnel/Makefile @@ -4,9 +4,9 @@ include $(ADK_TOPDIR)/rules.mk PKG_NAME:= stunnel -PKG_VERSION:= 5.18 +PKG_VERSION:= 5.24 PKG_RELEASE:= 1 -PKG_HASH:= 0532c0a2f8de3da1ab625e384146501ce5936fac63d01561c3a9bf652b692317 +PKG_HASH:= ab2e5a1034d422951ddad21b572eb7fa8efb4c4ce04bc86536c6845f3d02b07e PKG_DESCR:= encryption wrapper PKG_SECTION:= net/security PKG_URL:= https://www.stunnel.org diff --git a/package/stunnel/patches/patch-configure_ac b/package/stunnel/patches/patch-configure_ac index 62f92963c..b9ccb30ab 100644 --- a/package/stunnel/patches/patch-configure_ac +++ b/package/stunnel/patches/patch-configure_ac @@ -1,6 +1,6 @@ ---- stunnel-5.16.orig/configure.ac 2015-04-16 16:03:28.000000000 +0200 -+++ stunnel-5.16/configure.ac 2015-04-25 04:32:12.000000000 +0200 -@@ -71,13 +71,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2]) +--- stunnel-5.24.orig/configure.ac 2015-09-02 23:21:07.000000000 +0200 ++++ stunnel-5.24/configure.ac 2015-10-21 10:48:27.000000000 +0200 +@@ -72,13 +72,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2]) AX_APPEND_COMPILE_FLAGS([-Wconversion]) AX_APPEND_COMPILE_FLAGS([-Wno-long-long]) AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations]) diff --git a/package/stunnel/patches/patch-src_verify_c b/package/stunnel/patches/patch-src_verify_c new file mode 100644 index 000000000..f326adf0b --- /dev/null +++ b/package/stunnel/patches/patch-src_verify_c @@ -0,0 +1,75 @@ +--- stunnel-5.24.orig/src/verify.c 2015-09-23 12:00:08.000000000 +0200 ++++ stunnel-5.24/src/verify.c 2015-10-21 11:17:41.000000000 +0200 +@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE * + NOEXPORT int verify_callback(int, X509_STORE_CTX *); + NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); + NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +-#if OPENSSL_VERSION_NUMBER>=0x10002000L +-NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); +-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + NOEXPORT int cert_check_local(X509_STORE_CTX *); + NOEXPORT int compare_pubkeys(X509 *, X509 *); + #ifndef OPENSSL_NO_OCSP +@@ -280,10 +277,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO + } + + if(depth==0) { /* additional peer certificate checks */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L +- if(!cert_check_subject(c, callback_ctx)) +- return 0; /* reject */ +-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx)) + return 0; /* reject */ + } +@@ -291,51 +284,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO + return 1; /* accept */ + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L +-NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { +- X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); +- NAME_LIST *ptr; +- char *peername=NULL; +- +- if(c->opt->check_host) { +- for(ptr=c->opt->check_host; ptr; ptr=ptr->next) +- if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0) +- break; +- if(!ptr) { +- s_log(LOG_WARNING, "CERT: No matching host name found"); +- return 0; /* reject */ +- } +- s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"", +- ptr->name, peername); +- OPENSSL_free(peername); +- } +- +- if(c->opt->check_email) { +- for(ptr=c->opt->check_email; ptr; ptr=ptr->next) +- if(X509_check_email(cert, ptr->name, 0, 0)>0) +- break; +- if(!ptr) { +- s_log(LOG_WARNING, "CERT: No matching email address found"); +- return 0; /* reject */ +- } +- s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name); +- } +- +- if(c->opt->check_ip) { +- for(ptr=c->opt->check_ip; ptr; ptr=ptr->next) +- if(X509_check_ip_asc(cert, ptr->name, 0)>0) +- break; +- if(!ptr) { +- s_log(LOG_WARNING, "CERT: No matching IP address found"); +- return 0; /* reject */ +- } +- s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name); +- } +- +- return 1; /* accept */ +-} +-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +- + NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + X509 *cert; + X509_NAME *subject; |