View | Details | Raw Unified | Return to bug 226621
Collapse All | Expand All

(-)mail/cclient/Makefile (-1 / +1 lines)
Lines 3-9 Link Here
3
3
4
PORTNAME=	cclient
4
PORTNAME=	cclient
5
PORTVERSION=	2007f
5
PORTVERSION=	2007f
6
PORTREVISION=	3
6
PORTREVISION=	4
7
PORTEPOCH=	1
7
PORTEPOCH=	1
8
CATEGORIES=	mail devel ipv6
8
CATEGORIES=	mail devel ipv6
9
MASTER_SITES=	ftp://ftp.cac.washington.edu/imap/%SUBDIR%/ \
9
MASTER_SITES=	ftp://ftp.cac.washington.edu/imap/%SUBDIR%/ \
(-)mail/cclient/files/patch-src_osdep_unix_ssl__unix.c (-20 / +53 lines)
Lines 1-26 Link Here
1
--- src/osdep/unix/ssl_unix.c.orig	2011-07-23 00:20:10 UTC
1
Description: Support OpenSSL 1.1
2
 When building with OpenSSL 1.1 and newer, use the new built-in
3
 hostname verification instead of code that doesn't compile due to
4
 structs having been made opaque.
5
Bug-Debian: https://bugs.debian.org/828589
6
7
Obtained from: https://sources.debian.org/data/main/u/uw-imap/8:2007f~dfsg-5/debian/patches/1006_openssl1.1_autoverify.patch
8
--- src/osdep/unix/ssl_unix.c.orig
2
+++ src/osdep/unix/ssl_unix.c
9
+++ src/osdep/unix/ssl_unix.c
3
@@ -270,9 +270,9 @@ static char *ssl_start_work (SSLSTREAM *
10
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
11
 				/* disable certificate validation? */
12
   if (flags & NET_NOVALIDATECERT)
13
     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
14
-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
15
+  else {
16
+#if OPENSSL_VERSION_NUMBER >= 0x10100000      
17
+      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
18
+      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
19
+      X509_VERIFY_PARAM_set1_host(param, host, 0);
20
+#endif
21
+
22
+      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
23
 				/* set default paths to CAs... */
24
+  }
25
   SSL_CTX_set_default_verify_paths (stream->context);
26
 				/* ...unless a non-standard path desired */
27
   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
28
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
29
   if (SSL_write (stream->con,"",0) < 0)
30
     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
31
 				/* need to validate host names? */
32
+#if OPENSSL_VERSION_NUMBER < 0x10100000
33
   if (!(flags & NET_NOVALIDATECERT) &&
4
       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
34
       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
5
 				host))) {
35
 				host))) {
6
 				/* application callback */
36
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
7
-    if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
37
     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
8
+    if (scq) return (*scq) (err,host,cert ? X509_get_subject_name(cert) : "???") ? NIL : "";
9
 				/* error message to return via mm_log() */
10
-    sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
11
+    sprintf (tmp,"*%.128s: %.255s",err,cert ? X509_get_subject_name(cert) : "???");
12
     return ssl_last_error = cpystr (tmp);
38
     return ssl_last_error = cpystr (tmp);
13
   }
39
   }
40
+#endif
14
   return NIL;
41
   return NIL;
15
@@ -322,9 +322,9 @@ static char *ssl_validate_cert (X509 *ce
42
 }
16
 				/* make sure have a certificate */
43
 
17
   if (!cert) ret = "No certificate from server";
44
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
18
 				/* and that it has a name */
45
  * Returns: NIL if validated, else string of error message
19
-  else if (!cert->name) ret = "No name in certificate";
46
  */
20
+  else if (!X509_get_subject_name(cert)) ret = "No name in certificate";
47
 
21
 				/* locate CN */
48
+#if OPENSSL_VERSION_NUMBER < 0x10100000
22
-  else if (s = strstr (cert->name,"/CN=")) {
49
 static char *ssl_validate_cert (X509 *cert,char *host)
23
+  else if (s = strstr (X509_get_subject_name(cert),"/CN=")) {
50
 {
24
     if (t = strchr (s += 4,'/')) *t = '\0';
51
   int i,n;
25
 				/* host name matches pattern? */
52
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
26
     ret = ssl_compare_hostnames (host,s) ? NIL :
53
   else ret = "Unable to locate common name in certificate";
54
   return ret;
55
 }
56
+#endif
57
 
58
 /* Case-independent wildcard pattern match
59
  * Accepts: base string

Return to bug 226621