rpm/stunnel
SHA256
1
0
Fork 0
forked from pool/stunnel
Code Pull Requests Activity

- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL

Browse Source 
versions. Replaces stunnel-5.22-code11-openssl-compat.diff.

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=73
This commit is contained in:
Daniel Rahn
2015-08-06 08:19:37 +00:00
committed by Git OBS Bridge
parent 314067655a
commit 2b40af0db6
4 changed files with 34 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
stunnel-5.22-code11-openssl-compat.diff
View File

@@ -1,15 +0,0 @@
--- src/verify.c
+++ src/verify.c
@@ -722,12 +722,6 @@
sslerror("OCSP: OCSP_sendreq_new");
goto cleanup;
}
- if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) {
- sslerror("OCSP: OCSP_REQ_CTX_add1_header");
- goto cleanup;
- }
- if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
- goto cleanup;
while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) {
s_poll_init(c->fds);
s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio));

26
stunnel-ocsp-host.patch Normal file
View File

@@ -0,0 +1,26 @@
diff -ru stunnel-5.22-orig/src/verify.c stunnel-5.22/src/verify.c
--- stunnel-5.22-orig/src/verify.c 2015-07-30 12:08:46.000000000 +0200
+++ stunnel-5.22/src/verify.c 2015-08-06 09:26:59.129991000 +0200
@@ -717,6 +717,7 @@
s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port);
/* OCSP protocol communication loop */
+#if OPENSSL_VERSION_NUMBER>=0x10000000L
req_ctx=OCSP_sendreq_new(bio, path, NULL, -1);
if(!req_ctx) {
sslerror("OCSP: OCSP_sendreq_new");
@@ -728,6 +729,14 @@
}
if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
goto cleanup;
+#else
+ /* there is no way to send the Host header with older OpenSSL versions */
+ req_ctx=OCSP_sendreq_new(bio, path, req, -1);
+ if(!req_ctx) {
+ sslerror("OCSP: OCSP_sendreq_new");
+ goto cleanup;
+ }
+#endif
while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) {
s_poll_init(c->fds);
s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio));

6
stunnel.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Aug 6 08:16:48 UTC 2015 - drahn@suse.com
- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL
versions. Replaces stunnel-5.22-code11-openssl-compat.diff.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com

4
stunnel.spec
View File

@@ -30,7 +30,7 @@ Source3: sysconfig.syslog-stunnel
Source4: stunnel.rc Source4: stunnel.rc
Source5: stunnel.service Source5: stunnel.service
Patch0: stunnel-listenqueue-option.patch Patch0: stunnel-listenqueue-option.patch
Patch1: stunnel-5.22-code11-openssl-compat.diff Patch1: stunnel-ocsp-host.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define VENDOR openSUSE %define VENDOR openSUSE
BuildRequires: tcpd-devel zlib-devel BuildRequires: tcpd-devel zlib-devel
@@ -64,7 +64,7 @@ stunnel.
%setup -q -n stunnel-%{version} %setup -q -n stunnel-%{version}
%patch0 -p0 %patch0 -p0
%if 0%{?suse_version} <= 1130 %if 0%{?suse_version} <= 1130
%patch1 -p0 %patch1 -p1
%endif %endif
chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.* chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.*
chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.* chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.*