Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 547768 Details for
Bug 647616
net-libs/c-client: fails to compile with openssl 1.1
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
imap-2007f-openssl-1.1.patch
imap-2007f-openssl-1.1.patch (text/plain), 2.79 KB, created by
Johannes Hirte
on 2018-09-24 13:02:27 UTC
(
hide
)
Description:
imap-2007f-openssl-1.1.patch
Filename:
MIME Type:
Creator:
Johannes Hirte
Created:
2018-09-24 13:02:27 UTC
Size:
2.79 KB
patch
obsolete
>diff -Nru a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c >--- a/src/osdep/unix/ssl_unix.c 2011-07-23 02:20:10.000000000 +0200 >+++ b/src/osdep/unix/ssl_unix.c 2018-09-22 09:34:26.492765776 +0200 >@@ -59,7 +59,7 @@ > static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags); > static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags); > static int ssl_open_verify (int ok,X509_STORE_CTX *ctx); >-static char *ssl_validate_cert (X509 *cert,char *host); >+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj); > static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat); > static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size, > long *contd); >@@ -210,6 +210,7 @@ > BIO *bio; > X509 *cert; > unsigned long sl,tl; >+ char cert_subj[250]; > char *s,*t,*err,tmp[MAILTMPLEN]; > sslcertificatequery_t scq = > (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL); >@@ -266,13 +267,17 @@ > if (SSL_write (stream->con,"",0) < 0) > return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; > /* need to validate host names? */ >- if (!(flags & NET_NOVALIDATECERT) && >- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), >- host))) { >- /* application callback */ >- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : ""; >- /* error message to return via mm_log() */ >- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); >+ if (!(flags & NET_NOVALIDATECERT)) { >+ cert_subj[0] = '\0'; >+ cert = SSL_get_peer_certificate(stream->con); >+ if (cert) >+ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj)); >+ err = ssl_validate_cert (cert, host, cert_subj); >+ if (err) >+ /* application callback */ >+ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : ""; >+ /* error message to return via mm_log() */ >+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???"); > return ssl_last_error = cpystr (tmp); > } > return NIL; >@@ -313,7 +318,7 @@ > * Returns: NIL if validated, else string of error message > */ > >-static char *ssl_validate_cert (X509 *cert,char *host) >+static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj) > { > int i,n; > char *s,*t,*ret; >@@ -322,9 +327,9 @@ > /* make sure have a certificate */ > if (!cert) ret = "No certificate from server"; > /* and that it has a name */ >- else if (!cert->name) ret = "No name in certificate"; >+ else if (cert_subj[0] == '\0') ret = "No name in certificate"; > /* locate CN */ >- else if (s = strstr (cert->name,"/CN=")) { >+ else if (s = strstr (cert_subj,"/CN=")) { > if (t = strchr (s += 4,'/')) *t = '\0'; > /* host name matches pattern? */ > ret = ssl_compare_hostnames (host,s) ? NIL :
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=547768">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 647616
:
519414
| 547768
