forked from pool/scamper
d5513388c9
OBS-URL: https://build.opensuse.org/package/show/network:utilities/scamper?expand=0&rev=8
62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
Index: scamper/scamper_control.c
|
|
===================================================================
|
|
RCS file: /home/mjl/cvsroot/scamper/scamper/scamper_control.c,v
|
|
retrieving revision 1.194
|
|
diff -u -p -r1.194 scamper_control.c
|
|
--- scamper/scamper_control.c 12 Jul 2017 07:23:15 -0000 1.194
|
|
+++ scamper/scamper_control.c 30 Nov 2017 21:01:56 -0000
|
|
@@ -2495,6 +2495,7 @@ static int remote_sock_ssl_init(control_
|
|
* it is based on post_connection_check in "Network Security with
|
|
* OpenSSL" by John Viega, Matt Messier, and Pravir Chandra.
|
|
*/
|
|
+#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
static int remote_sock_is_valid_cert(control_remote_t *rm)
|
|
{
|
|
X509 *cert = NULL;
|
|
@@ -2562,6 +2563,7 @@ static int remote_sock_is_valid_cert(con
|
|
if(cert != NULL) X509_free(cert);
|
|
return rc;
|
|
}
|
|
+#endif /* OpenSSL version < 1.1.0 */
|
|
#endif
|
|
|
|
/*
|
|
@@ -2963,8 +2965,10 @@ static int remote_read_sock(control_remo
|
|
if(SSL_is_init_finished(rm->ssl) != 0 ||
|
|
(rc = SSL_do_handshake(rm->ssl)) > 0)
|
|
{
|
|
+#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
if(remote_sock_is_valid_cert(rm) == 0)
|
|
return -1;
|
|
+#endif
|
|
rm->mode = SSL_MODE_ESTABLISHED;
|
|
}
|
|
if(remote_sock_ssl_want_read(rm) < 0)
|
|
@@ -3296,6 +3300,11 @@ int scamper_control_add_remote(const cha
|
|
{
|
|
uint32_t u32;
|
|
|
|
+#if defined(HAVE_OPENSSL) && \
|
|
+ defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+ X509_VERIFY_PARAM *param = NULL;
|
|
+#endif
|
|
+
|
|
if((ctrl_rem = malloc_zero(sizeof(control_remote_t))) == NULL ||
|
|
(ctrl_rem->list = dlist_alloc()) == NULL ||
|
|
(ctrl_rem->sq = scamper_queue_alloc(NULL)) == NULL)
|
|
@@ -3316,6 +3325,14 @@ int scamper_control_add_remote(const cha
|
|
}
|
|
SSL_CTX_set_options(tls_ctx,
|
|
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
|
|
+
|
|
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
+ param = SSL_CTX_get0_param(tls_ctx);
|
|
+ X509_VERIFY_PARAM_set_hostflags(param,
|
|
+ X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
|
+ X509_VERIFY_PARAM_set1_host(param, name, 0);
|
|
+#endif
|
|
+
|
|
SSL_CTX_set_verify(tls_ctx, SSL_VERIFY_PEER, NULL);
|
|
|
|
/* load the default set of certs into the SSL context */
|