Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 584298 | Differences between
and this patch

Collapse All | Expand All

(-)stunnel-5.30.orig/src/ctx.c (-1 / +1 lines)
Lines 359-365 Link Here
359
/**************************************** initialize OpenSSL CONF */
359
/**************************************** initialize OpenSSL CONF */
360
360
361
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
361
NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
362
#if OPENSSL_VERSION_NUMBER>=0x10002000L
362
#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
363
    SSL_CONF_CTX *cctx;
363
    SSL_CONF_CTX *cctx;
364
    NAME_LIST *curr;
364
    NAME_LIST *curr;
365
    char *cmd, *param;
365
    char *cmd, *param;
(-)stunnel-5.30.orig/src/verify.c (-3 / +3 lines)
Lines 51-57 Link Here
51
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
51
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
52
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
52
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
53
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
53
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
54
#if OPENSSL_VERSION_NUMBER>=0x10002000L
54
#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
55
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
55
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
56
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
56
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
57
NOEXPORT int cert_check_local(X509_STORE_CTX *);
57
NOEXPORT int cert_check_local(X509_STORE_CTX *);
Lines 280-286 Link Here
280
    }
280
    }
281
281
282
    if(depth==0) { /* additional peer certificate checks */
282
    if(depth==0) { /* additional peer certificate checks */
283
#if OPENSSL_VERSION_NUMBER>=0x10002000L
283
#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
284
        if(!cert_check_subject(c, callback_ctx))
284
        if(!cert_check_subject(c, callback_ctx))
285
            return 0; /* reject */
285
            return 0; /* reject */
286
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
286
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
Lines 291-297 Link Here
291
    return 1; /* accept */
291
    return 1; /* accept */
292
}
292
}
293
293
294
#if OPENSSL_VERSION_NUMBER>=0x10002000L
294
#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
295
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
295
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
296
    X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
296
    X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
297
    NAME_LIST *ptr;
297
    NAME_LIST *ptr;
(-)a/src/common.h (-2 / +2 lines)
Lines 448-454 extern char *sys_errlist[]; Link Here
448
#define OPENSSL_NO_TLS1_2
448
#define OPENSSL_NO_TLS1_2
449
#endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
449
#endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
450
450
451
#if OPENSSL_VERSION_NUMBER>=0x10100000L
451
#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
452
#ifndef OPENSSL_NO_SSL2
452
#ifndef OPENSSL_NO_SSL2
453
#define OPENSSL_NO_SSL2
453
#define OPENSSL_NO_SSL2
454
#endif /* !defined(OPENSSL_NO_SSL2) */
454
#endif /* !defined(OPENSSL_NO_SSL2) */
Lines 474-480 extern char *sys_errlist[]; Link Here
474
#include <openssl/des.h>
474
#include <openssl/des.h>
475
#ifndef OPENSSL_NO_DH
475
#ifndef OPENSSL_NO_DH
476
#include <openssl/dh.h>
476
#include <openssl/dh.h>
477
#if OPENSSL_VERSION_NUMBER<0x10100000L
477
#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
478
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
478
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
479
#endif /* OpenSSL older than 1.1.0 */
479
#endif /* OpenSSL older than 1.1.0 */
480
#endif /* !defined(OPENSSL_NO_DH) */
480
#endif /* !defined(OPENSSL_NO_DH) */
(-)a/src/prototypes.h (-2 / +2 lines)
Lines 664-676 typedef enum { Link Here
664
#endif /* OPENSSL_NO_DH */
664
#endif /* OPENSSL_NO_DH */
665
    STUNNEL_LOCKS                           /* number of locks */
665
    STUNNEL_LOCKS                           /* number of locks */
666
} LOCK_TYPE;
666
} LOCK_TYPE;
667
#if OPENSSL_VERSION_NUMBER < 0x10100004L
667
#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
668
typedef int STUNNEL_RWLOCK;
668
typedef int STUNNEL_RWLOCK;
669
#else
669
#else
670
typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
670
typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
671
#endif
671
#endif
672
extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
672
extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
673
#if OPENSSL_VERSION_NUMBER>=0x10100004L
673
#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
674
#define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
674
#define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
675
#define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
675
#define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
676
#else
676
#else
(-)a/src/ssl.c (-2 / +2 lines)
Lines 50-56 NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *); Link Here
50
int index_cli, index_opt, index_redirect, index_addr;
50
int index_cli, index_opt, index_redirect, index_addr;
51
51
52
int ssl_init(void) { /* init TLS before parsing configuration file */
52
int ssl_init(void) { /* init TLS before parsing configuration file */
53
#if OPENSSL_VERSION_NUMBER>=0x10100000L
53
#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
54
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
54
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
55
        OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
55
        OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
56
#else
56
#else
Lines 83-89 int ssl_init(void) { /* init TLS before parsing configuration file */ Link Here
83
}
83
}
84
84
85
#ifndef OPENSSL_NO_DH
85
#ifndef OPENSSL_NO_DH
86
#if OPENSSL_VERSION_NUMBER<0x10100000L
86
#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
87
/* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
87
/* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
88
 * to be linked against the older versions */
88
 * to be linked against the older versions */
89
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
89
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
(-)a/src/sthreads.c (-1 / +1 lines)
Lines 47-53 Link Here
47
STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
47
STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
48
#endif
48
#endif
49
49
50
#if OPENSSL_VERSION_NUMBER<0x10100004L
50
#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
51
#define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
51
#define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
52
#endif
52
#endif
53
53
(-)a/src/verify.c (-1 / +1 lines)
Lines 348-354 NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { Link Here
348
    cert=X509_STORE_CTX_get_current_cert(callback_ctx);
348
    cert=X509_STORE_CTX_get_current_cert(callback_ctx);
349
    subject=X509_get_subject_name(cert);
349
    subject=X509_get_subject_name(cert);
350
350
351
#if OPENSSL_VERSION_NUMBER>=0x10000000L
351
#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
352
#if OPENSSL_VERSION_NUMBER<0x10100006L
352
#if OPENSSL_VERSION_NUMBER<0x10100006L
353
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
353
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
354
#endif
354
#endif

Return to bug 584298