Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 39664 Details for
Bug 64185
net-misc/stunnel-4.05: add purpose and keytype patch, enable DSA key support
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
purpose patch for stunnel-4.05
bug64185-stunnel-4.05.purpose.patch (text/plain), 4.92 KB, created by
Sascha Silbe
on 2004-09-15 15:25:07 UTC
(
hide
)
Description:
purpose patch for stunnel-4.05
Filename:
MIME Type:
Creator:
Sascha Silbe
Created:
2004-09-15 15:25:07 UTC
Size:
4.92 KB
patch
obsolete
>diff -Nur stunnel-4.05/doc/stunnel.8 stunnel-4.05.purpose/doc/stunnel.8 >--- stunnel-4.05/doc/stunnel.8 2004-01-25 18:33:21.000000000 +0100 >+++ stunnel-4.05.purpose/doc/stunnel.8 2004-09-16 00:13:02.118372416 +0200 >@@ -382,6 +382,20 @@ > \& level 3 - verify peer with locally installed certificate > \& default - no verify > .Ve >+.IP "\fBpurpose\fR = type" 4 >+.IX Item "purpose = type" >+check the peer certificate for this purpose >+.Sp >+.Vb 4 >+\& ssl_server >+\& ssl_client >+\& ns_ssl_server >+\& smime_sign >+\& smime_encrypt >+\& crl_sign >+\& any >+\& default - OpenSSL default >+.Ve > .Sh "SERVICE-LEVEL \s-1OPTIONS\s0" > .IX Subsection "SERVICE-LEVEL OPTIONS" > Each configuration section begins with service name in square brackets. >diff -Nur stunnel-4.05/doc/stunnel.html stunnel-4.05.purpose/doc/stunnel.html >--- stunnel-4.05/doc/stunnel.html 2004-01-25 18:33:22.000000000 +0100 >+++ stunnel-4.05.purpose/doc/stunnel.html 2004-09-16 00:13:02.121371960 +0200 >@@ -296,6 +296,19 @@ > level 3 - verify peer with locally installed certificate > default - no verify</PRE> > <P></P></DL> >+<DT><STRONG><A NAME="item_purpose_%3D_type"><STRONG>purpose</STRONG> = type</A></STRONG><BR> >+<DD> >+check the peer certificate for this purpose >+<PRE> >+ ssl_server >+ ssl_client >+ ns_ssl_server >+ smime_sign >+ smime_encrypt >+ crl_sign >+ any >+ default - OpenSSL default</PRE> >+<P></P></DL> > <P> > <H2><A NAME="servicelevel options">SERVICE-LEVEL OPTIONS</A></H2> > <P>Each configuration section begins with service name in square brackets. >diff -Nur stunnel-4.05/src/common.h stunnel-4.05.purpose/src/common.h >--- stunnel-4.05/src/common.h 2004-02-14 13:19:46.000000000 +0100 >+++ stunnel-4.05.purpose/src/common.h 2004-09-16 00:13:02.124371504 +0200 >@@ -234,6 +234,7 @@ > #include <openssl/err.h> > #include <openssl/crypto.h> /* for CRYPTO_* and SSLeay_version */ > #include <openssl/rand.h> >+#include <openssl/x509v3.h> /* for X509_PURPOSE_* */ > #if SSLEAY_VERSION_NUMBER >= 0x00907000L > #include <openssl/engine.h> > #endif >diff -Nur stunnel-4.05/src/options.c stunnel-4.05.purpose/src/options.c >--- stunnel-4.05/src/options.c 2004-01-25 18:25:30.000000000 +0100 >+++ stunnel-4.05.purpose/src/options.c 2004-09-16 00:13:02.127371048 +0200 >@@ -620,6 +620,42 @@ > break; > } > >+ /* certificate purpose */ >+ switch(cmd) { >+ case CMD_INIT: >+ options.verify_purpose=0; >+ break; >+ case CMD_EXEC: >+ if(strcasecmp(opt, "purpose")) >+ break; >+ options.verify_purpose=0; >+ if (strcasecmp(arg, "ssl_client") == 0) >+ options.verify_purpose=X509_PURPOSE_SSL_CLIENT; >+ else if (strcasecmp(arg, "ssl_server") == 0) >+ options.verify_purpose=X509_PURPOSE_SSL_SERVER; >+ else if (strcasecmp(arg, "ns_ssl_server") == 0) >+ options.verify_purpose=X509_PURPOSE_NS_SSL_SERVER; >+ else if (strcasecmp(arg, "smime_sign") == 0) >+ options.verify_purpose=X509_PURPOSE_SMIME_SIGN; >+ else if (strcasecmp(arg, "smime_encrypt") == 0) >+ options.verify_purpose=X509_PURPOSE_SMIME_ENCRYPT; >+ else if (strcasecmp(arg, "crl_sign") == 0) >+ options.verify_purpose=X509_PURPOSE_CRL_SIGN; >+ else if (strcasecmp(arg, "any") == 0) >+ options.verify_purpose=X509_PURPOSE_ANY; >+ else >+ return "Unknown purpose"; >+ return NULL; /* OK */ >+ case CMD_DEFAULT: >+ log_raw("%-15s = OpenSSL default", "purpose"); >+ break; >+ case CMD_HELP: >+ log_raw("%-15s = check the peer certificate for this purpose", "purpose"); >+ log_raw("%18sssl_client, ssl_server, ns_ssl_server, smime_sign,", ""); >+ log_raw("%18ssmime_encrypt, crl_sign, any", ""); >+ break; >+ } >+ > if(cmd==CMD_EXEC) > return option_not_found; > return NULL; /* OK */ >diff -Nur stunnel-4.05/src/prototypes.h stunnel-4.05.purpose/src/prototypes.h >--- stunnel-4.05/src/prototypes.h 2004-02-10 20:14:43.000000000 +0100 >+++ stunnel-4.05.purpose/src/prototypes.h 2004-09-16 00:13:02.132370288 +0200 >@@ -107,6 +107,7 @@ > long session_timeout; > int verify_level; > int verify_use_only_my; >+ int verify_purpose; > long ssl_options; > > /* some global data for stunnel.c */ >diff -Nur stunnel-4.05/src/ssl.c stunnel-4.05.purpose/src/ssl.c >--- stunnel-4.05/src/ssl.c 2004-01-25 20:25:41.000000000 +0100 >+++ stunnel-4.05.purpose/src/ssl.c 2004-09-16 00:13:02.135369832 +0200 >@@ -457,6 +457,16 @@ > } > } > >+ if(options.verify_purpose) { >+ if (!SSL_CTX_set_purpose(ctx, options.verify_purpose)) { >+ log(LOG_ERR, "Error setting verify purpose to %d", >+ options.verify_purpose); >+ sslerror("SSL_CTX_set_purpose"); >+ exit(1); >+ } >+ log(LOG_DEBUG, "Set verify purpose to %d", options.verify_purpose); >+ } >+ > SSL_CTX_set_verify(ctx, options.verify_level==SSL_VERIFY_NONE ? > SSL_VERIFY_PEER : options.verify_level, verify_callback); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=39664">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 64185
:
39662
|
39663
| 39664
