Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-ports-gnome
 Path: blob/main/mail/cclient/files/patch-src_osdep_unix_ssl__unix.c
16131 views
1
Description: Support OpenSSL 1.1

2
 When building with OpenSSL 1.1 and newer, use the new built-in

3
 hostname verification instead of code that doesn't compile due to

4
 structs having been made opaque.

5
Bug-Debian: https://bugs.debian.org/828589

6


7
Obtained from: https://sources.debian.org/data/main/u/uw-imap/8:2007f~dfsg-5/debian/patches/1006_openssl1.1_autoverify.patch

8
--- src/osdep/unix/ssl_unix.c.orig

9
+++ src/osdep/unix/ssl_unix.c

10
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *

11
 				/* disable certificate validation? */

12
   if (flags & NET_NOVALIDATECERT)

13
     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);

14
-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);

15
+  else {

16
+#if OPENSSL_VERSION_NUMBER >= 0x10100000      

17
+      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);

18
+      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

19
+      X509_VERIFY_PARAM_set1_host(param, host, 0);

20
+#endif

21
+

22
+      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);

23
 				/* set default paths to CAs... */

24
+  }

25
   SSL_CTX_set_default_verify_paths (stream->context);

26
 				/* ...unless a non-standard path desired */

27
   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))

28
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *

29
   if (SSL_write (stream->con,"",0) < 0)

30
     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";

31
 				/* need to validate host names? */

32
+#if OPENSSL_VERSION_NUMBER < 0x10100000

33
   if (!(flags & NET_NOVALIDATECERT) &&

34
       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),

35
 				host))) {

36
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *

37
     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");

38
     return ssl_last_error = cpystr (tmp);

39
   }

40
+#endif

41
   return NIL;

42
 }

43
 

44
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_

45
  * Returns: NIL if validated, else string of error message

46
  */

47
 

48
+#if OPENSSL_VERSION_NUMBER < 0x10100000

49
 static char *ssl_validate_cert (X509 *cert,char *host)

50
 {

51
   int i,n;

52
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce

53
   else ret = "Unable to locate common name in certificate";

54
   return ret;

55
 }

56
+#endif

57
 

58
 /* Case-independent wildcard pattern match

59
  * Accepts: base string

60


61