FreeBSD Bugzilla – Attachment 184700 Details for
Bug 217035
net-mgmt/zabbix32-server: Fix build with LibreSSL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff for net-mgmt/zabbix32-server
patch-net-mgmt_zabbix32-server-NO_PSK (text/plain), 25.47 KB, created by
Bernard Spil
on 2017-07-25 12:45:30 UTC
(
hide
)
Description:
svn diff for net-mgmt/zabbix32-server
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2017-07-25 12:45:30 UTC
Size:
25.47 KB
patch
obsolete
>Index: net-mgmt/zabbix32-server/Makefile >=================================================================== >--- net-mgmt/zabbix32-server/Makefile (revision 446578) >+++ net-mgmt/zabbix32-server/Makefile (working copy) >@@ -137,8 +137,6 @@ > > OPENSSL_CONFIGURE_WITH= openssl > OPENSSL_USES= ssl >-OPENSSL_VARS= BROKEN_SSL="libressl libressl-devel" \ >- BROKEN_SSL_REASON="PSK is not provided by LibreSSL" > > GNUTLS_CONFIGURE_WITH= gnutls > GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls >@@ -148,6 +146,14 @@ > > .include <bsd.port.pre.mk> > >+.if ${SSL_DEFAULT:Mlibressl*} >+WARNING= Building with LibreSSL will disable PSK functionality\ >+ necessitating the use of certificates for authentication. >+SUB_LIST= LIBRESSL_MSG="${PORTNAME} was built with LibreSSL which\ >+ lacks PSK functionality. You must use certificates for\ >+ authentication." >+.endif >+ > post-patch: > @${GREP} -rl "/etc/zabbix" ${WRKSRC} \ > | ${XARGS} ${REINPLACE_CMD} -e 's#/etc/zabbix#${ETCDIR}#g' >Index: net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.c >=================================================================== >--- net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.c (nonexistent) >+++ net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.c (working copy) >@@ -0,0 +1,273 @@ >+--- src/libs/zbxcrypto/tls.c.orig 2016-12-21 08:08:40 UTC >++++ src/libs/zbxcrypto/tls.c >+@@ -54,7 +54,8 @@ >+ # define ZBX_TLS_CIPHERSUITE_ALL 2 /* select ciphersuites with certificate and PSK */ >+ #endif >+ >+-#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x1010000fL /* for OpenSSL 1.0.1/1.0.2 (before 1.1.0) */ >++#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x1010000fL \ >++ || defined(LIBRESSL_VERSION_NUMBER) /* for OpenSSL 1.0.1/1.0.2 (before 1.1.0) */ >+ >+ /* mutexes for multi-threaded OpenSSL (see "man 3ssl threads" and example in crypto/threads/mttest.c) */ >+ >+@@ -178,8 +179,10 @@ extern char *CONFIG_TLS_SERVER_CERT_I >+ extern char *CONFIG_TLS_SERVER_CERT_SUBJECT; >+ extern char *CONFIG_TLS_CERT_FILE; >+ extern char *CONFIG_TLS_KEY_FILE; >++#ifndef OPENSSL_NO_PSK >+ extern char *CONFIG_TLS_PSK_IDENTITY; >+ extern char *CONFIG_TLS_PSK_FILE; >++#endif >+ >+ ZBX_THREAD_LOCAL static char *my_psk_identity = NULL; >+ ZBX_THREAD_LOCAL static size_t my_psk_identity_len = 0; >+@@ -216,11 +219,13 @@ ZBX_THREAD_LOCAL static const SSL_METHOD >+ ZBX_THREAD_LOCAL static SSL_CTX *ctx_cert = NULL; >+ ZBX_THREAD_LOCAL static SSL_CTX *ctx_psk = NULL; >+ ZBX_THREAD_LOCAL static SSL_CTX *ctx_all = NULL; >++#ifndef OPENSSL_NO_PSK >+ /* variables for passing required PSK identity and PSK info to client callback function */ >+ ZBX_THREAD_LOCAL static char *psk_identity_for_cb = NULL; >+ ZBX_THREAD_LOCAL static size_t psk_identity_len_for_cb = 0; >+ ZBX_THREAD_LOCAL static char *psk_for_cb = NULL; >+ ZBX_THREAD_LOCAL static size_t psk_len_for_cb = 0; >++#endif >+ static int init_done = 0; >+ /* buffer for messages produced by zbx_openssl_info_cb() */ >+ ZBX_THREAD_LOCAL char info_buf[256]; >+@@ -532,11 +537,13 @@ static const char *zbx_tls_parameter_nam >+ if (&CONFIG_TLS_KEY_FILE == param) >+ return ZBX_TLS_PARAMETER_CONFIG_FILE == type ? "TLSKeyFile" : "--tls-key-file"; >+ >++#ifndef OPENSSL_NO_PSK >+ if (&CONFIG_TLS_PSK_IDENTITY == param) >+ return ZBX_TLS_PARAMETER_CONFIG_FILE == type ? "TLSPSKIdentity" : "--tls-psk-identity"; >+ >+ if (&CONFIG_TLS_PSK_FILE == param) >+ return ZBX_TLS_PARAMETER_CONFIG_FILE == type ? "TLSPSKFile" : "--tls-psk-file"; >++#endif >+ >+ THIS_SHOULD_NEVER_HAPPEN; >+ >+@@ -742,8 +749,10 @@ void zbx_tls_validate_config(void) >+ zbx_tls_parameter_not_empty(&CONFIG_TLS_SERVER_CERT_SUBJECT); >+ zbx_tls_parameter_not_empty(&CONFIG_TLS_CERT_FILE); >+ zbx_tls_parameter_not_empty(&CONFIG_TLS_KEY_FILE); >++#ifndef OPENSSL_NO_PSK >+ zbx_tls_parameter_not_empty(&CONFIG_TLS_PSK_IDENTITY); >+ zbx_tls_parameter_not_empty(&CONFIG_TLS_PSK_FILE); >++#endif >+ >+ /* parse and validate 'TLSConnect' parameter (in zabbix_proxy.conf, zabbix_agentd.conf) and '--tls-connect' */ >+ /* parameter (in zabbix_get and zabbix_sender) */ >+@@ -756,8 +765,10 @@ void zbx_tls_validate_config(void) >+ configured_tls_connect_mode = ZBX_TCP_SEC_UNENCRYPTED; >+ else if (0 == strcmp(CONFIG_TLS_CONNECT, ZBX_TCP_SEC_TLS_CERT_TXT)) >+ configured_tls_connect_mode = ZBX_TCP_SEC_TLS_CERT; >++#ifndef OPENSSL_NO_PSK >+ else if (0 == strcmp(CONFIG_TLS_CONNECT, ZBX_TCP_SEC_TLS_PSK_TXT)) >+ configured_tls_connect_mode = ZBX_TCP_SEC_TLS_PSK; >++#endif >+ else >+ zbx_tls_validation_error(ZBX_TLS_VALIDATION_INVALID, &CONFIG_TLS_CONNECT, NULL); >+ } >+@@ -785,8 +796,10 @@ void zbx_tls_validate_config(void) >+ accept_modes_tmp |= ZBX_TCP_SEC_UNENCRYPTED; >+ else if (0 == strcmp(p, ZBX_TCP_SEC_TLS_CERT_TXT)) >+ accept_modes_tmp |= ZBX_TCP_SEC_TLS_CERT; >++#ifndef OPENSSL_NO_PSK >+ else if (0 == strcmp(p, ZBX_TCP_SEC_TLS_PSK_TXT)) >+ accept_modes_tmp |= ZBX_TCP_SEC_TLS_PSK; >++#endif >+ else >+ { >+ zbx_free(s); >+@@ -841,6 +854,7 @@ void zbx_tls_validate_config(void) >+ &CONFIG_TLS_CERT_FILE); >+ } >+ >++#ifndef OPENSSL_NO_PSK >+ /* either both a PSK and a PSK identity must be defined or none of them */ >+ >+ if (NULL != CONFIG_TLS_PSK_FILE && NULL == CONFIG_TLS_PSK_IDENTITY) >+@@ -852,6 +866,7 @@ void zbx_tls_validate_config(void) >+ /* PSK identity must be a valid UTF-8 string (RFC 4279 says Unicode) */ >+ if (NULL != CONFIG_TLS_PSK_IDENTITY && SUCCEED != zbx_is_utf8(CONFIG_TLS_PSK_IDENTITY)) >+ zbx_tls_validation_error(ZBX_TLS_VALIDATION_UTF8, &CONFIG_TLS_PSK_IDENTITY, NULL); >++#endif >+ >+ /* active agentd, active proxy, zabbix_get, and zabbix_sender specific validation */ >+ >+@@ -867,11 +882,13 @@ void zbx_tls_validate_config(void) >+ &CONFIG_TLS_CONNECT); >+ } >+ >++#ifndef OPENSSL_NO_PSK >+ if (NULL != CONFIG_TLS_PSK_FILE && NULL == CONFIG_TLS_CONNECT) >+ { >+ zbx_tls_validation_error(ZBX_TLS_VALIDATION_DEPENDENCY, &CONFIG_TLS_PSK_FILE, >+ &CONFIG_TLS_CONNECT); >+ } >++#endif >+ >+ if (0 != (configured_tls_connect_mode & ZBX_TCP_SEC_TLS_CERT) && NULL == CONFIG_TLS_CERT_FILE) >+ { >+@@ -879,11 +896,13 @@ void zbx_tls_validate_config(void) >+ &CONFIG_TLS_CERT_FILE); >+ } >+ >++#ifndef OPENSSL_NO_PSK >+ if (0 != (configured_tls_connect_mode & ZBX_TCP_SEC_TLS_PSK) && NULL == CONFIG_TLS_PSK_FILE) >+ { >+ zbx_tls_validation_error(ZBX_TLS_VALIDATION_REQUIREMENT, &CONFIG_TLS_CONNECT, >+ &CONFIG_TLS_PSK_FILE); >+ } >++#endif >+ } >+ >+ /* passive agentd and passive proxy specific validation */ >+@@ -899,11 +918,13 @@ void zbx_tls_validate_config(void) >+ &CONFIG_TLS_ACCEPT); >+ } >+ >++#ifndef OPENSSL_NO_PSK >+ if (NULL != CONFIG_TLS_PSK_FILE && NULL == CONFIG_TLS_ACCEPT) >+ { >+ zbx_tls_validation_error(ZBX_TLS_VALIDATION_DEPENDENCY, &CONFIG_TLS_PSK_FILE, >+ &CONFIG_TLS_ACCEPT); >+ } >++#endif >+ >+ if (0 != (configured_tls_accept_modes & ZBX_TCP_SEC_TLS_CERT) && NULL == CONFIG_TLS_CERT_FILE) >+ { >+@@ -911,11 +932,13 @@ void zbx_tls_validate_config(void) >+ &CONFIG_TLS_CERT_FILE); >+ } >+ >++#ifndef OPENSSL_NO_PSK >+ if (0 != (configured_tls_accept_modes & ZBX_TCP_SEC_TLS_PSK) && NULL == CONFIG_TLS_PSK_FILE) >+ { >+ zbx_tls_validation_error(ZBX_TLS_VALIDATION_REQUIREMENT, &CONFIG_TLS_ACCEPT, >+ &CONFIG_TLS_PSK_FILE); >+ } >++#endif >+ } >+ } >+ #endif /* defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) */ >+@@ -1363,6 +1386,7 @@ static int zbx_psk_cb(gnutls_session_t s >+ * by this callback function. We use global variables to pass this info. * >+ * * >+ ******************************************************************************/ >++#ifndef OPENSSL_NO_PSK >+ static unsigned int zbx_psk_client_cb(SSL *ssl, const char *hint, char *identity, >+ unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) >+ { >+@@ -1396,6 +1420,7 @@ static unsigned int zbx_psk_client_cb(SS >+ >+ return (unsigned int)psk_len_for_cb; >+ } >++#endif >+ >+ /****************************************************************************** >+ * * >+@@ -1529,6 +1554,7 @@ static void zbx_check_psk_identity_len(s >+ * at runtime. * >+ * * >+ ******************************************************************************/ >++#ifndef OPENSSL_NO_PSK >+ static void zbx_read_psk_file(void) >+ { >+ FILE *f; >+@@ -1593,6 +1619,7 @@ out: >+ zbx_tls_free(); >+ exit(EXIT_FAILURE); >+ } >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ >+ #if defined(HAVE_POLARSSL) >+@@ -3152,6 +3179,7 @@ void zbx_tls_init_child(void) >+ >+ /* Create context for PSK-only authentication. PSK can come from configuration file (in proxy, agentd) */ >+ /* and later from database (in server, proxy). */ >++#ifndef OPENSSL_NO_PSK >+ if (NULL != CONFIG_TLS_PSK_FILE || 0 != (program_type & (ZBX_PROGRAM_TYPE_SERVER | ZBX_PROGRAM_TYPE_PROXY))) >+ { >+ if (NULL == (ctx_psk = SSL_CTX_new(method))) >+@@ -3160,6 +3188,7 @@ void zbx_tls_init_child(void) >+ if (1 != SSL_CTX_set_min_proto_version(ctx_psk, TLS1_2_VERSION)) >+ goto out_method; >+ } >++#endif >+ >+ /* Sometimes we need to be ready for both certificate and PSK whichever comes in. Set up a universal context */ >+ /* for certificate and PSK authentication to prepare for both. */ >+@@ -3314,6 +3343,7 @@ void zbx_tls_init_child(void) >+ >+ /* 'TLSPSKIdentity' and 'TLSPSKFile' parameters (in zabbix_proxy.conf, zabbix_agentd.conf). */ >+ /* Load pre-shared key and identity to be used with the pre-shared key. */ >++#ifndef OPENSSL_NO_PSK >+ if (NULL != CONFIG_TLS_PSK_FILE) >+ { >+ my_psk_identity = CONFIG_TLS_PSK_IDENTITY; >+@@ -3339,6 +3369,7 @@ void zbx_tls_init_child(void) >+ psk_for_cb = my_psk; >+ psk_len_for_cb = my_psk_len; >+ } >++#endif >+ >+ if (NULL != ctx_cert) >+ { >+@@ -3375,6 +3406,7 @@ void zbx_tls_init_child(void) >+ zbx_log_ciphersuites(__function_name, "certificate", ctx_cert); >+ } >+ >++#ifndef OPENSSL_NO_PSK >+ if (NULL != ctx_psk) >+ { >+ const char *ciphers; >+@@ -3408,6 +3440,7 @@ void zbx_tls_init_child(void) >+ >+ zbx_log_ciphersuites(__function_name, "PSK", ctx_psk); >+ } >++#endif >+ >+ if (NULL != ctx_all) >+ { >+@@ -3415,8 +3448,10 @@ void zbx_tls_init_child(void) >+ >+ SSL_CTX_set_info_callback(ctx_all, zbx_openssl_info_cb); >+ >++#ifndef OPENSSL_NO_PSK >+ if (0 != (program_type & (ZBX_PROGRAM_TYPE_SERVER | ZBX_PROGRAM_TYPE_PROXY | ZBX_PROGRAM_TYPE_AGENTD))) >+ SSL_CTX_set_psk_server_callback(ctx_all, zbx_psk_server_cb); >++#endif >+ >+ SSL_CTX_set_mode(ctx_all, SSL_MODE_AUTO_RETRY); >+ SSL_CTX_set_options(ctx_all, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_TICKET); >+@@ -4188,6 +4223,7 @@ int zbx_tls_connect(zbx_socket_t *s, uns >+ goto out; >+ } >+ } >++#ifndef OPENSSL_NO_PSK >+ else if (ZBX_TCP_SEC_TLS_PSK == tls_connect) >+ { >+ zabbix_log(LOG_LEVEL_DEBUG, "In %s(): psk_identity:\"%s\"", __function_name, >+@@ -4242,6 +4278,7 @@ int zbx_tls_connect(zbx_socket_t *s, uns >+ psk_len_for_cb = (size_t)psk_len; >+ } >+ } >++#endif >+ else >+ { >+ *error = zbx_strdup(*error, "invalid connection parameters"); >+@@ -5675,7 +5712,8 @@ int zbx_tls_get_attr_cert(const zbx_sock >+ } >+ #endif >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) \ >++ || (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ /****************************************************************************** >+ * * >+ * Function: zbx_tls_get_attr_psk * > >Property changes on: net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.h >=================================================================== >--- net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.h (nonexistent) >+++ net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.h (working copy) >@@ -0,0 +1,16 @@ >+--- src/libs/zbxcrypto/tls.h.orig 2016-12-21 08:08:40 UTC >++++ src/libs/zbxcrypto/tls.h >+@@ -60,11 +60,13 @@ typedef struct >+ gnutls_priority_t ciphersuites_psk; >+ #elif defined(HAVE_OPENSSL) >+ SSL_CTX *ctx_cert; >++#ifndef OPENSSL_NO_PSK >+ SSL_CTX *ctx_psk; >+ char *psk_identity_for_cb; >+ size_t psk_identity_len_for_cb; >+ char *psk_for_cb; >+ size_t psk_len_for_cb; >++#endif /* OPENSSL_NO_PSKOPENSSL_NO_PSK */ >+ #endif >+ } >+ ZBX_THREAD_SENDVAL_TLS_ARGS; > >Property changes on: net-mgmt/zabbix32-server/files/patch-src_libs_zbxcrypto_tls.h >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbcache_dbconfig.c >=================================================================== >--- net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbcache_dbconfig.c (nonexistent) >+++ net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbcache_dbconfig.c (working copy) >@@ -0,0 +1,184 @@ >+--- src/libs/zbxdbcache/dbconfig.c.orig 2016-12-21 08:08:40 UTC >++++ src/libs/zbxdbcache/dbconfig.c >+@@ -33,6 +33,7 @@ >+ #include "zbxregexp.h" >+ #include "cfg.h" >+ #include "../zbxcrypto/tls_tcp_active.h" >++#include <openssl/opensslconf.h> >+ >+ static int sync_in_progress = 0; >+ >+@@ -273,7 +274,8 @@ ZBX_DC_CALCITEM; >+ >+ typedef zbx_item_history_value_t ZBX_DC_DELTAITEM; >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ typedef struct >+ { >+ const char *tls_psk_identity; /* pre-shared key identity */ >+@@ -321,7 +323,9 @@ typedef struct >+ #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >+ const char *tls_issuer; >+ const char *tls_subject; >++#ifndef OPENSSL_NO_PSK >+ ZBX_DC_PSK *tls_dc_psk; >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ const char *error; >+ const char *snmp_error; >+@@ -1370,7 +1374,8 @@ static void DCsync_hosts(DB_RESULT resul >+ time_t now; >+ signed char ipmi_authtype; >+ unsigned char ipmi_privilege; >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ ZBX_DC_PSK *psk_i, psk_i_local; >+ zbx_ptr_pair_t *psk_owner, psk_owner_local; >+ zbx_hashset_t psk_owners; >+@@ -1380,7 +1385,8 @@ static void DCsync_hosts(DB_RESULT resul >+ zbx_vector_uint64_create(&ids); >+ zbx_vector_uint64_reserve(&ids, config->hosts.num_data + 32); >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ zbx_hashset_create(&psk_owners, 0, ZBX_DEFAULT_PTR_HASH_FUNC, ZBX_DEFAULT_PTR_COMPARE_FUNC); >+ #endif >+ now = time(NULL); >+@@ -1523,7 +1529,7 @@ static void DCsync_hosts(DB_RESULT resul >+ /* done */ >+ /* */ >+ /*****************************************************************************/ >+- >++#ifndef OPENSSL_NO_PSK >+ psk_owner = NULL; >+ >+ if ('\0' == *row[33] || '\0' == *row[34]) /* new PSKid or value empty */ >+@@ -1645,6 +1651,7 @@ done: >+ zbx_hashset_insert(&psk_owners, &psk_owner_local, sizeof(psk_owner_local)); >+ } >+ } >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ ZBX_STR2UCHAR(host->tls_connect, row[29]); >+ ZBX_STR2UCHAR(host->tls_accept, row[30]); >+@@ -1841,6 +1848,7 @@ done: >+ zbx_strpool_release(host->tls_issuer); >+ zbx_strpool_release(host->tls_subject); >+ >++#ifndef OPENSSL_NO_PSK >+ /* Maintain 'psks' index. Unlink and delete the PSK identity. */ >+ if (NULL != host->tls_dc_psk) >+ { >+@@ -1854,13 +1862,15 @@ done: >+ zbx_hashset_remove_direct(&config->psks, psk_i); >+ } >+ } >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ zbx_hashset_iter_remove(&iter); >+ } >+ >+ zbx_vector_uint64_destroy(&ids); >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ zbx_hashset_destroy(&psk_owners); >+ #endif >+ zabbix_log(LOG_LEVEL_DEBUG, "End of %s()", __function_name); >+@@ -5169,7 +5179,8 @@ static int __config_regexp_compare(const >+ return r1->name == r2->name ? 0 : strcmp(r1->name, r2->name); >+ } >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ static zbx_hash_t __config_psk_hash(const void *data) >+ { >+ const ZBX_DC_PSK *psk_i = (const ZBX_DC_PSK *)data; >+@@ -5284,7 +5295,8 @@ void init_configuration_cache(void) >+ CREATE_HASHSET_EXT(config->interface_snmpaddrs, 0, __config_interface_addr_hash, __config_interface_addr_compare); >+ CREATE_HASHSET_EXT(config->regexps, 0, __config_regexp_hash, __config_regexp_compare); >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ CREATE_HASHSET_EXT(config->psks, 0, __config_psk_hash, __config_psk_compare); >+ #endif >+ for (i = 0; i < CONFIG_TIMER_FORKS; i++) >+@@ -5473,6 +5485,7 @@ static void DCget_host(DC_HOST *dst_host >+ strscpy(dst_host->tls_issuer, src_host->tls_issuer); >+ strscpy(dst_host->tls_subject, src_host->tls_subject); >+ >++#ifndef OPENSSL_NO_PSK >+ if (NULL == src_host->tls_dc_psk) >+ { >+ *dst_host->tls_psk_identity = '\0'; >+@@ -5483,6 +5496,7 @@ static void DCget_host(DC_HOST *dst_host >+ strscpy(dst_host->tls_psk_identity, src_host->tls_dc_psk->tls_psk_identity); >+ strscpy(dst_host->tls_psk, src_host->tls_dc_psk->tls_psk); >+ } >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ if (NULL != (ipmihost = zbx_hashset_search(&config->ipmihosts, &src_host->hostid))) >+ { >+@@ -5573,6 +5587,7 @@ int DCcheck_proxy_permissions(const char >+ return FAIL; >+ } >+ } >++#ifndef OPENSSL_NO_PSK >+ else if (ZBX_TCP_SEC_TLS_PSK == sock->connection_type) >+ { >+ if (SUCCEED != zbx_tls_get_attr_psk(sock, &attr)) >+@@ -5582,6 +5597,7 @@ int DCcheck_proxy_permissions(const char >+ return FAIL; >+ } >+ } >++#endif >+ else if (ZBX_TCP_SEC_UNENCRYPTED != sock->connection_type) >+ { >+ *error = zbx_strdup(*error, "internal error: invalid connection type"); >+@@ -5632,6 +5648,7 @@ int DCcheck_proxy_permissions(const char >+ return FAIL; >+ } >+ } >++#ifndef OPENSSL_NO_PSK >+ else if (ZBX_TCP_SEC_TLS_PSK == sock->connection_type) >+ { >+ if (NULL != dc_host->tls_dc_psk) >+@@ -5653,6 +5670,7 @@ int DCcheck_proxy_permissions(const char >+ return FAIL; >+ } >+ } >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ *hostid = dc_host->hostid; >+ >+@@ -5661,7 +5679,8 @@ int DCcheck_proxy_permissions(const char >+ return SUCCEED; >+ } >+ >+-#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >++#if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || \ >++ (defined(HAVE_OPENSSL) && !defined(OPENSSL_NO_PSK)) >+ /****************************************************************************** >+ * * >+ * Function: DCget_psk_by_identity * >+@@ -7987,11 +8006,13 @@ static void DCget_proxy(DC_PROXY *dst_pr >+ strscpy(dst_proxy->tls_arg1, host->tls_issuer); >+ strscpy(dst_proxy->tls_arg2, host->tls_subject); >+ } >++#ifndef OPENSSL_NO_PSK >+ else if (ZBX_TCP_SEC_TLS_PSK == host->tls_connect && NULL != host->tls_dc_psk) >+ { >+ strscpy(dst_proxy->tls_arg1, host->tls_dc_psk->tls_psk_identity); >+ strscpy(dst_proxy->tls_arg2, host->tls_dc_psk->tls_psk); >+ } >++#endif /* OPENSSL_NO_PSK */ >+ else /* ZBX_TCP_SEC_UNENCRYPTED */ >+ #endif >+ { > >Property changes on: net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbcache_dbconfig.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbhigh_proxy.c >=================================================================== >--- net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbhigh_proxy.c (nonexistent) >+++ net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbhigh_proxy.c (working copy) >@@ -0,0 +1,27 @@ >+--- src/libs/zbxdbhigh/proxy.c.orig 2016-12-21 08:08:41 UTC >++++ src/libs/zbxdbhigh/proxy.c >+@@ -28,6 +28,7 @@ >+ #include "discovery.h" >+ #include "zbxalgo.h" >+ #include "../zbxcrypto/tls_tcp_active.h" >++#include <openssl/opensslconf.h> >+ >+ extern unsigned int configured_tls_accept_modes; >+ >+@@ -2054,9 +2055,13 @@ void process_mass_data(zbx_socket_t *soc >+ #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >+ if (0 == proxy_hostid && >+ ((ZBX_TCP_SEC_TLS_CERT == sock->connection_type && >+- SUCCEED != zbx_tls_get_attr_cert(sock, &attr)) || >+- (ZBX_TCP_SEC_TLS_PSK == sock->connection_type && >+- SUCCEED != zbx_tls_get_attr_psk(sock, &attr)))) >++ SUCCEED != zbx_tls_get_attr_cert(sock, &attr)) >++#ifndef OPENSSL_NO_PSK >++ || (ZBX_TCP_SEC_TLS_PSK == sock->connection_type && >++ SUCCEED != zbx_tls_get_attr_psk(sock, &attr)) >++#endif >++ ) >++ ) >+ { >+ THIS_SHOULD_NEVER_HAPPEN; >+ return; > >Property changes on: net-mgmt/zabbix32-server/files/patch-src_libs_zbxdbhigh_proxy.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_active.c >=================================================================== >--- net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_active.c (nonexistent) >+++ net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_active.c (working copy) >@@ -0,0 +1,26 @@ >+--- src/zabbix_server/trapper/active.c.orig 2016-12-21 08:08:40 UTC >++++ src/zabbix_server/trapper/active.c >+@@ -26,6 +26,7 @@ >+ >+ #include "active.h" >+ #include "../../libs/zbxcrypto/tls_tcp_active.h" >++#include <openssl/opensslconf.h> >+ >+ extern unsigned char program_type; >+ >+@@ -131,6 +132,7 @@ static int get_hostid_by_host(const zbx_ >+ goto done; >+ } >+ } >++#ifndef OPENSSL_NO_PSK >+ else if (ZBX_TCP_SEC_TLS_PSK == sock->connection_type) >+ { >+ zbx_tls_conn_attr_t attr; >+@@ -151,6 +153,7 @@ static int get_hostid_by_host(const zbx_ >+ goto done; >+ } >+ } >++#endif /* OPENSSL_NO_PSK */ >+ #endif >+ ZBX_STR2UINT64(*hostid, row[0]); >+ > >Property changes on: net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_active.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_trapper.c >=================================================================== >--- net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_trapper.c (nonexistent) >+++ net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_trapper.c (working copy) >@@ -0,0 +1,21 @@ >+--- src/zabbix_server/trapper/trapper.c.orig 2016-12-21 08:08:40 UTC >++++ src/zabbix_server/trapper/trapper.c >+@@ -37,6 +37,7 @@ >+ >+ #include "daemon.h" >+ #include "../../libs/zbxcrypto/tls.h" >++#include <openssl/opensslconf.h> >+ >+ extern unsigned char process_type, program_type; >+ extern int server_num, process_num; >+@@ -677,8 +678,10 @@ ZBX_THREAD_ENTRY(trapper_thread, args) >+ >+ #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) >+ zbx_tls_init_child(); >++#ifndef OPENSSL_NO_PSK >+ find_psk_in_cache = DCget_psk_by_identity; >+ #endif >++#endif >+ zbx_setproctitle("%s #%d [connecting to the database]", get_process_type_string(process_type), process_num); >+ >+ DBconnect(ZBX_DB_CONNECT_NORMAL); > >Property changes on: net-mgmt/zabbix32-server/files/patch-src_zabbix__server_trapper_trapper.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: net-mgmt/zabbix32-server/files/pkg-message.in >=================================================================== >--- net-mgmt/zabbix32-server/files/pkg-message.in (revision 446578) >+++ net-mgmt/zabbix32-server/files/pkg-message.in (working copy) >@@ -44,4 +44,6 @@ > For Zabbix frontend âWelcomeâ screen. Enter the user name Admin with password zabbix to log in as a Zabbix superuser. > > For use NMAP please edit sudoers >+ >+%%LIBRESSL_MSG%% > ======================================================================
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=184700">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 217035
:
179904
|
181216
| 184700