diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-devtools/uw-imap')
-rw-r--r-- | meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch | 71 | ||||
-rw-r--r-- | meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb | 3 |
2 files changed, 73 insertions, 1 deletions
diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch new file mode 100644 index 000000000..d5610bbcd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap/0001-Support-OpenSSL-1.1.patch @@ -0,0 +1,71 @@ +From 4c684542816a08b95444b8e2515f24d084e6e3c3 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 4 Sep 2018 22:05:17 -0700 +Subject: [PATCH] Support OpenSSL 1.1 + +When building with OpenSSL 1.1 and newer, use the new built-in + hostname verification instead of code that doesn't compile due to + structs having been made opaque. +Bug-Debian: https://bugs.debian.org/828589 + +Upstream-Status: Unknown + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + src/osdep/unix/ssl_unix.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c +index 3bfdff3..dec9467 100644 +--- a/src/osdep/unix/ssl_unix.c ++++ b/src/osdep/unix/ssl_unix.c +@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) + /* disable certificate validation? */ + if (flags & NET_NOVALIDATECERT) + SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); +- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); ++ else { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, host, 0); ++#endif ++ ++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ ++ } + SSL_CTX_set_default_verify_paths (stream->context); + /* ...unless a non-standard path desired */ + if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) +@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (!(flags & NET_NOVALIDATECERT) && + (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), + host))) { +@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); + return ssl_last_error = cpystr (tmp); + } ++#endif + return NIL; + } + +@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx) + * Returns: NIL if validated, else string of error message + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static char *ssl_validate_cert (X509 *cert,char *host) + { + int i,n; +@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *cert,char *host) + else ret = "Unable to locate common name in certificate"; + return ret; + } ++#endif + + /* Case-independent wildcard pattern match + * Accepts: base string diff --git a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index 91003f6e9..0000f05ae 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -4,12 +4,13 @@ SECTION = "devel" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a6a4ddbb7cd2999f6827ee143f6fcd97" -DEPENDS = "openssl" +DEPENDS = "openssl virtual/crypt" SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ file://quote_cctype.patch \ file://imap-2007e-shared.patch \ file://imap-2007f-format-security.patch \ + file://0001-Support-OpenSSL-1.1.patch \ " SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" |