Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 61852 Details for
Bug 96956
net-misc/stunnel-4.10: add purpose and keytype patch, enable DSA key support
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Purpose patch against stunnel-4.10
stunnel-4.10.purpose.patch (text/plain), 4.89 KB, created by
Sascha Silbe
on 2005-06-24 10:12:20 UTC
(
hide
)
Description:
Purpose patch against stunnel-4.10
Filename:
MIME Type:
Creator:
Sascha Silbe
Created:
2005-06-24 10:12:20 UTC
Size:
4.89 KB
patch
obsolete
># arch-tag: 95a2594a-a10b-4633-aa75-2f664feb31a9 >diff -Nur stunnel-4.10/doc/stunnel.8 stunnel-4.10.purpose/doc/stunnel.8 >--- stunnel-4.10/doc/stunnel.8 2005-01-22 17:42:09.000000000 +0100 >+++ stunnel-4.10.purpose/doc/stunnel.8 2005-06-24 18:31:26.539871136 +0200 >@@ -406,6 +406,20 @@ > \& level 3 - verify peer with locally installed certificate > \& default - no verify > .Ve >+.IP "\fBpurpose\fR = type" 4 >+.IX Item "purpose = type" >+check the peer certificate for this purpose >+.Sp >+.Vb 4 >+\& ssl_server >+\& ssl_client >+\& ns_ssl_server >+\& smime_sign >+\& smime_encrypt >+\& crl_sign >+\& any >+\& default - OpenSSL default >+.Ve > .Sh "SERVICE-LEVEL \s-1OPTIONS\s0" > .IX Subsection "SERVICE-LEVEL OPTIONS" > Each configuration section begins with service name in square brackets. >diff -Nur stunnel-4.10/doc/stunnel.html stunnel-4.10.purpose/doc/stunnel.html >--- stunnel-4.10/doc/stunnel.html 2005-01-22 17:42:09.000000000 +0100 >+++ stunnel-4.10.purpose/doc/stunnel.html 2005-06-24 18:35:12.641085856 +0200 >@@ -480,6 +480,22 @@ > level 3 - verify peer with locally installed certificate > default - no verify</pre> > </dd> >+<dt><strong><a name="item_purpose__3d_type"><strong>purpose</strong> = type</a></strong><br /> >+</dt> >+<dd> >+check the peer certificate for this purpose >+</dd> >+<dd> >+<pre> >+ ssl_server >+ ssl_client >+ ns_ssl_server >+ smime_sign >+ smime_encrypt >+ crl_sign >+ any >+ default - OpenSSL default</pre> >+</dd> > <p></p></dl> > <p> > </p> >diff -Nur stunnel-4.10/src/common.h stunnel-4.10.purpose/src/common.h >--- stunnel-4.10/src/common.h 2005-04-23 15:39:48.000000000 +0200 >+++ stunnel-4.10.purpose/src/common.h 2005-06-24 18:36:07.728667112 +0200 >@@ -249,6 +249,7 @@ > #include <openssl/err.h> > #include <openssl/crypto.h> /* for CRYPTO_* and SSLeay_version */ > #include <openssl/rand.h> >+#include <openssl/x509v3.h> /* for X509_PURPOSE_* */ > #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && defined(HAVE_OSSL_ENGINE_H) > #include <openssl/engine.h> > #endif >diff -Nur stunnel-4.10/src/options.c stunnel-4.10.purpose/src/options.c >--- stunnel-4.10/src/options.c 2005-02-15 20:08:06.000000000 +0100 >+++ stunnel-4.10.purpose/src/options.c 2005-06-24 18:31:26.543870528 +0200 >@@ -664,6 +664,42 @@ > break; > } > >+ /* certificate purpose */ >+ switch(cmd) { >+ case CMD_INIT: >+ options.verify_purpose=0; >+ break; >+ case CMD_EXEC: >+ if(strcasecmp(opt, "purpose")) >+ break; >+ options.verify_purpose=0; >+ if (strcasecmp(arg, "ssl_client") == 0) >+ options.verify_purpose=X509_PURPOSE_SSL_CLIENT; >+ else if (strcasecmp(arg, "ssl_server") == 0) >+ options.verify_purpose=X509_PURPOSE_SSL_SERVER; >+ else if (strcasecmp(arg, "ns_ssl_server") == 0) >+ options.verify_purpose=X509_PURPOSE_NS_SSL_SERVER; >+ else if (strcasecmp(arg, "smime_sign") == 0) >+ options.verify_purpose=X509_PURPOSE_SMIME_SIGN; >+ else if (strcasecmp(arg, "smime_encrypt") == 0) >+ options.verify_purpose=X509_PURPOSE_SMIME_ENCRYPT; >+ else if (strcasecmp(arg, "crl_sign") == 0) >+ options.verify_purpose=X509_PURPOSE_CRL_SIGN; >+ else if (strcasecmp(arg, "any") == 0) >+ options.verify_purpose=X509_PURPOSE_ANY; >+ else >+ return "Unknown purpose"; >+ return NULL; /* OK */ >+ case CMD_DEFAULT: >+ log_raw("%-15s = OpenSSL default", "purpose"); >+ break; >+ case CMD_HELP: >+ log_raw("%-15s = check the peer certificate for this purpose", "purpose"); >+ log_raw("%18sssl_client, ssl_server, ns_ssl_server, smime_sign,", ""); >+ log_raw("%18ssmime_encrypt, crl_sign, any", ""); >+ break; >+ } >+ > if(cmd==CMD_EXEC) > return option_not_found; > return NULL; /* OK */ >diff -Nur stunnel-4.10/src/prototypes.h stunnel-4.10.purpose/src/prototypes.h >--- stunnel-4.10/src/prototypes.h 2005-04-19 15:13:01.000000000 +0200 >+++ stunnel-4.10.purpose/src/prototypes.h 2005-06-24 18:31:26.543870528 +0200 >@@ -112,6 +112,7 @@ > long session_timeout; > int verify_level; > int verify_use_only_my; >+ int verify_purpose; > long ssl_options; > > /* some global data for stunnel.c */ >diff -Nur stunnel-4.10/src/ssl.c stunnel-4.10.purpose/src/ssl.c >--- stunnel-4.10/src/ssl.c 2005-02-15 20:07:35.000000000 +0100 >+++ stunnel-4.10.purpose/src/ssl.c 2005-06-24 18:51:07.852409856 +0200 >@@ -529,6 +529,16 @@ > } > } > >+ if(options.verify_purpose) { >+ if (!SSL_CTX_set_purpose(ctx, options.verify_purpose)) { >+ s_log(LOG_ERR, "Error setting verify purpose to %d", >+ options.verify_purpose); >+ sslerror("SSL_CTX_set_purpose"); >+ exit(1); >+ } >+ s_log(LOG_DEBUG, "Set verify purpose to %d", options.verify_purpose); >+ } >+ > SSL_CTX_set_verify(ctx, options.verify_level==SSL_VERIFY_NONE ? > SSL_VERIFY_PEER : options.verify_level, verify_callback); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=61852">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 96956
:
61851
| 61852 |
61853
