- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL

versions. Replaces stunnel-5.22-code11-openssl-compat.diff. OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=73
2015-08-06 08:19:37 +00:00 · 2015-08-06 08:19:37 +00:00 · 2b40af0db6
commit 2b40af0db6
parent 314067655a
4 changed files with 34 additions and 17 deletions
--- a/stunnel-5.22-code11-openssl-compat.diff
+++ b/stunnel-5.22-code11-openssl-compat.diff
@ -1,15 +0,0 @@
--- src/verify.c
-+++ src/verify.c
-@@ -722,12 +722,6 @@
-         sslerror("OCSP: OCSP_sendreq_new");
-         goto cleanup;
-     }
-    if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) {
-        sslerror("OCSP: OCSP_REQ_CTX_add1_header");
-        goto cleanup;
-    }
-    if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
-        goto cleanup;
-     while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) {
-         s_poll_init(c->fds);
-         s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio));
--- a/stunnel-ocsp-host.patch
+++ b/stunnel-ocsp-host.patch
@ -0,0 +1,26 @@
+diff -ru stunnel-5.22-orig/src/verify.c stunnel-5.22/src/verify.c
+--- stunnel-5.22-orig/src/verify.c	2015-07-30 12:08:46.000000000 +0200
+++ stunnel-5.22/src/verify.c	2015-08-06 09:26:59.129991000 +0200
+@@ -717,6 +717,7 @@
+     s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port);
+ 
+     /* OCSP protocol communication loop */
+#if OPENSSL_VERSION_NUMBER>=0x10000000L
+     req_ctx=OCSP_sendreq_new(bio, path, NULL, -1);
+     if(!req_ctx) {
+         sslerror("OCSP: OCSP_sendreq_new");
+@@ -728,6 +729,14 @@
+     }
+     if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
+         goto cleanup;
+#else
+    /* there is no way to send the Host header with older OpenSSL versions */
+    req_ctx=OCSP_sendreq_new(bio, path, req, -1);
+    if(!req_ctx) {
+        sslerror("OCSP: OCSP_sendreq_new");
+        goto cleanup;
+    }
+#endif
+     while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) {
+         s_poll_init(c->fds);
+         s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio));
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug  6 08:16:48 UTC 2015 - drahn@suse.com
+
+- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL
+  versions. Replaces stunnel-5.22-code11-openssl-compat.diff.
+
 -------------------------------------------------------------------
 Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com

--- a/stunnel.spec
+++ b/stunnel.spec
@ -30,7 +30,7 @@ Source3:        sysconfig.syslog-stunnel
 Source4:        stunnel.rc
 Source5:        stunnel.service
 Patch0:         stunnel-listenqueue-option.patch
-Patch1:         stunnel-5.22-code11-openssl-compat.diff
+Patch1:         stunnel-ocsp-host.patch 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define VENDOR openSUSE
 BuildRequires:  tcpd-devel zlib-devel
@ -64,7 +64,7 @@ stunnel.
 %setup -q -n stunnel-%{version}
 %patch0 -p0 
 %if 0%{?suse_version} <= 1130
-%patch1 -p0
+%patch1 -p1
 %endif
 chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.*
 chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.*