Attachment #231880 for bug #262004

View | Details | Raw Unified | Return to bug 262004
Collapse All | Expand All




--- relayd/Makefile.orig	2014-08-10 20:08:47 UTC
+++ relayd/Makefile
@@ -28,8 +28,7 @@ SRCS+=	parse.y \
 	relay_udp.c \
 	relayd.c \
 	shuffle.c \
-	ssl.c \
-	ssl_privsep.c
+	ssl.c
 
 .PATH:	${.CURDIR}/../../../libevent
 SRCS+=	buffer.c \




--- relayd/relay.c.orig	2014-08-10 20:08:47 UTC
+++ relayd/relay.c
@@ -2097,7 +2097,7 @@ relay_ssl_ctx_create(struct relay *rlay)
 	/* Verify the server certificate if we have a CA chain */
 	if ((rlay->rl_conf.flags & F_SSLCLIENT) &&
 	    (rlay->rl_ssl_ca != NULL)) {
-		if (!ssl_ctx_load_verify_memory(ctx,
+		if (!SSL_CTX_load_verify_mem(ctx,
 		    rlay->rl_ssl_ca, rlay->rl_conf.ssl_ca_len))
 			goto err;
 		SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
@@ -2107,7 +2107,7 @@ relay_ssl_ctx_create(struct relay *rlay)
 		return (ctx);
 
 	log_debug("%s: loading certificate", __func__);
-	if (!ssl_ctx_use_certificate_chain(ctx,
+	if (!SSL_CTX_use_certificate_chain_mem(ctx,
 	    rlay->rl_ssl_cert, rlay->rl_conf.ssl_cert_len))
 		goto err;
 
@@ -2716,12 +2716,12 @@ relay_load_certfiles(struct relay *rlay)
 		return (-1);
 




 
 /* Attach the control socket to the following process */
 #define PROC_CONTROL	PROC_PFE
@@ -1242,10 +1252,6 @@ int	 ssl_load_pkey(const void *, size_t, char *, off_t
 	    X509 **, EVP_PKEY **);
 int	 ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t,
 	    char *, off_t, X509 **, EVP_PKEY **);
-
-/* ssl_privsep.c */
-int	 ssl_ctx_use_certificate_chain(SSL_CTX *, char *, off_t);
-int	 ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t);
 
 /* ca.c */
 pid_t	 ca(struct privsep *, struct privsep_proc *);

Return to bug 262004

Added Link Here

(-)net/relayd/files/patch-relayd_Makefile (+12 lines)
1	--- relayd/Makefile.orig 2014-08-10 20:08:47 UTC
2	+++ relayd/Makefile
3	@@ -28,8 +28,7 @@ SRCS+= parse.y \
4	relay_udp.c \
5	relayd.c \
6	shuffle.c \
7	- ssl.c \
8	- ssl_privsep.c
9	+ ssl.c
10
11	.PATH: ${.CURDIR}/../../../libevent
12	SRCS+= buffer.c \

Lines 1-5 Link Here

(-)net/relayd/files/patch-relayd_relay.c (+18 lines)
1	--- relayd/relay.c.orig 2014-08-10 20:08:47 UTC	1	--- relayd/relay.c.orig 2014-08-10 20:08:47 UTC
2	+++ relayd/relay.c	2	+++ relayd/relay.c
		3	@@ -2097,7 +2097,7 @@ relay_ssl_ctx_create(struct relay *rlay)
		4	/* Verify the server certificate if we have a CA chain */
		5	if ((rlay->rl_conf.flags & F_SSLCLIENT) &&
		6	(rlay->rl_ssl_ca != NULL)) {
		7	- if (!ssl_ctx_load_verify_memory(ctx,
		8	+ if (!SSL_CTX_load_verify_mem(ctx,
		9	rlay->rl_ssl_ca, rlay->rl_conf.ssl_ca_len))
		10	goto err;
		11	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
		12	@@ -2107,7 +2107,7 @@ relay_ssl_ctx_create(struct relay *rlay)
		13	return (ctx);
		14
		15	log_debug("%s: loading certificate", __func__);
		16	- if (!ssl_ctx_use_certificate_chain(ctx,
		17	+ if (!SSL_CTX_use_certificate_chain_mem(ctx,
		18	rlay->rl_ssl_cert, rlay->rl_conf.ssl_cert_len))
		19	goto err;
		20
3	@@ -2716,12 +2716,12 @@ relay_load_certfiles(struct relay *rlay)	21	@@ -2716,12 +2716,12 @@ relay_load_certfiles(struct relay *rlay)
4	return (-1);	22	return (-1);
5		23

Lines 49-51 Link Here

(-)net/relayd/files/patch-relayd_relayd.h (+11 lines)
49		49
50	/* Attach the control socket to the following process */	50	/* Attach the control socket to the following process */
51	#define PROC_CONTROL PROC_PFE	51	#define PROC_CONTROL PROC_PFE
		52	@@ -1242,10 +1252,6 @@ int ssl_load_pkey(const void , size_t, char , off_t
		53	X509 , EVP_PKEY );
		54	int ssl_ctx_fake_private_key(SSL_CTX , const void , size_t,
		55	char , off_t, X509 , EVP_PKEY *);
		56	-
		57	-/* ssl_privsep.c */
		58	-int ssl_ctx_use_certificate_chain(SSL_CTX , char , off_t);
		59	-int ssl_ctx_load_verify_memory(SSL_CTX , char , off_t);
		60
		61	/* ca.c */
		62	pid_t ca(struct privsep , struct privsep_proc );