diff --git a/stunnel-5.22-code11-openssl-compat.diff b/stunnel-5.22-code11-openssl-compat.diff deleted file mode 100644 index 3108edb..0000000 --- a/stunnel-5.22-code11-openssl-compat.diff +++ /dev/null @@ -1,15 +0,0 @@ ---- src/verify.c -+++ src/verify.c -@@ -722,12 +722,6 @@ - sslerror("OCSP: OCSP_sendreq_new"); - goto cleanup; - } -- if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) { -- sslerror("OCSP: OCSP_REQ_CTX_add1_header"); -- goto cleanup; -- } -- if(!OCSP_REQ_CTX_set1_req(req_ctx, req)) -- goto cleanup; - while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) { - s_poll_init(c->fds); - s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); diff --git a/stunnel-ocsp-host.patch b/stunnel-ocsp-host.patch new file mode 100644 index 0000000..3dc22f4 --- /dev/null +++ b/stunnel-ocsp-host.patch @@ -0,0 +1,26 @@ +diff -ru stunnel-5.22-orig/src/verify.c stunnel-5.22/src/verify.c +--- stunnel-5.22-orig/src/verify.c 2015-07-30 12:08:46.000000000 +0200 ++++ stunnel-5.22/src/verify.c 2015-08-06 09:26:59.129991000 +0200 +@@ -717,6 +717,7 @@ + s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port); + + /* OCSP protocol communication loop */ ++#if OPENSSL_VERSION_NUMBER>=0x10000000L + req_ctx=OCSP_sendreq_new(bio, path, NULL, -1); + if(!req_ctx) { + sslerror("OCSP: OCSP_sendreq_new"); +@@ -728,6 +729,14 @@ + } + if(!OCSP_REQ_CTX_set1_req(req_ctx, req)) + goto cleanup; ++#else ++ /* there is no way to send the Host header with older OpenSSL versions */ ++ req_ctx=OCSP_sendreq_new(bio, path, req, -1); ++ if(!req_ctx) { ++ sslerror("OCSP: OCSP_sendreq_new"); ++ goto cleanup; ++ } ++#endif + while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) { + s_poll_init(c->fds); + s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); diff --git a/stunnel.changes b/stunnel.changes index 3d5aea2..5645be2 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Aug 6 08:16:48 UTC 2015 - drahn@suse.com + +- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL + versions. Replaces stunnel-5.22-code11-openssl-compat.diff. + ------------------------------------------------------------------- Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com diff --git a/stunnel.spec b/stunnel.spec index 930fa5d..65bc30c 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -30,7 +30,7 @@ Source3: sysconfig.syslog-stunnel Source4: stunnel.rc Source5: stunnel.service Patch0: stunnel-listenqueue-option.patch -Patch1: stunnel-5.22-code11-openssl-compat.diff +Patch1: stunnel-ocsp-host.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define VENDOR openSUSE BuildRequires: tcpd-devel zlib-devel @@ -64,7 +64,7 @@ stunnel. %setup -q -n stunnel-%{version} %patch0 -p0 %if 0%{?suse_version} <= 1130 -%patch1 -p0 +%patch1 -p1 %endif chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.* chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.*