From 78366e32c4ddd212bc24e7502eeb381a08c8d492 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Thu, 22 Oct 2015 09:15:05 +0200 Subject: stunnel: update and fix compile with libressl --- package/stunnel/patches/patch-configure_ac | 6 +-- package/stunnel/patches/patch-src_verify_c | 75 ++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 3 deletions(-) create mode 100644 package/stunnel/patches/patch-src_verify_c (limited to 'package/stunnel/patches') diff --git a/package/stunnel/patches/patch-configure_ac b/package/stunnel/patches/patch-configure_ac index 62f92963c..b9ccb30ab 100644 --- a/package/stunnel/patches/patch-configure_ac +++ b/package/stunnel/patches/patch-configure_ac @@ -1,6 +1,6 @@ ---- stunnel-5.16.orig/configure.ac 2015-04-16 16:03:28.000000000 +0200 -+++ stunnel-5.16/configure.ac 2015-04-25 04:32:12.000000000 +0200 -@@ -71,13 +71,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2]) +--- stunnel-5.24.orig/configure.ac 2015-09-02 23:21:07.000000000 +0200 ++++ stunnel-5.24/configure.ac 2015-10-21 10:48:27.000000000 +0200 +@@ -72,13 +72,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2]) AX_APPEND_COMPILE_FLAGS([-Wconversion]) AX_APPEND_COMPILE_FLAGS([-Wno-long-long]) AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations]) diff --git a/package/stunnel/patches/patch-src_verify_c b/package/stunnel/patches/patch-src_verify_c new file mode 100644 index 000000000..f326adf0b --- /dev/null +++ b/package/stunnel/patches/patch-src_verify_c @@ -0,0 +1,75 @@ +--- stunnel-5.24.orig/src/verify.c 2015-09-23 12:00:08.000000000 +0200 ++++ stunnel-5.24/src/verify.c 2015-10-21 11:17:41.000000000 +0200 +@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE * + NOEXPORT int verify_callback(int, X509_STORE_CTX *); + NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); + NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +-#if OPENSSL_VERSION_NUMBER>=0x10002000L +-NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); +-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + NOEXPORT int cert_check_local(X509_STORE_CTX *); + NOEXPORT int compare_pubkeys(X509 *, X509 *); + #ifndef OPENSSL_NO_OCSP +@@ -280,10 +277,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO + } + + if(depth==0) { /* additional peer certificate checks */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L +- if(!cert_check_subject(c, callback_ctx)) +- return 0; /* reject */ +-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx)) + return 0; /* reject */ + } +@@ -291,51 +284,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO + return 1; /* accept */ + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L +-NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { +- X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); +- NAME_LIST *ptr; +- char *peername=NULL; +- +- if(c->opt->check_host) { +- for(ptr=c->opt->check_host; ptr; ptr=ptr->next) +- if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0) +- break; +- if(!ptr) { +- s_log(LOG_WARNING, "CERT: No matching host name found"); +- return 0; /* reject */ +- } +- s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"", +- ptr->name, peername); +- OPENSSL_free(peername); +- } +- +- if(c->opt->check_email) { +- for(ptr=c->opt->check_email; ptr; ptr=ptr->next) +- if(X509_check_email(cert, ptr->name, 0, 0)>0) +- break; +- if(!ptr) { +- s_log(LOG_WARNING, "CERT: No matching email address found"); +- return 0; /* reject */ +- } +- s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name); +- } +- +- if(c->opt->check_ip) { +- for(ptr=c->opt->check_ip; ptr; ptr=ptr->next) +- if(X509_check_ip_asc(cert, ptr->name, 0)>0) +- break; +- if(!ptr) { +- s_log(LOG_WARNING, "CERT: No matching IP address found"); +- return 0; /* reject */ +- } +- s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name); +- } +- +- return 1; /* accept */ +-} +-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +- + NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + X509 *cert; + X509_NAME *subject; -- cgit v1.2.3