Date: Wed, 24 Oct 2018 11:47:28 +0000 (UTC) From: Alexey Dokuchaev <danfe@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r482902 - in head/comms/kermit: . files Message-ID: <201810241147.w9OBlS8n018383@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: danfe Date: Wed Oct 24 11:47:28 2018 New Revision: 482902 URL: https://svnweb.freebsd.org/changeset/ports/482902 Log: Unbreak the build against newer versions of OpenSSL (since 1.1.0-pre5), where many data structures were made opaque and RLE compression support was removed. Reported by: pkg-fallout Added: head/comms/kermit/files/patch-ck__ssl.c (contents, props changed) Modified: head/comms/kermit/Makefile Modified: head/comms/kermit/Makefile ============================================================================== --- head/comms/kermit/Makefile Wed Oct 24 11:31:40 2018 (r482901) +++ head/comms/kermit/Makefile Wed Oct 24 11:47:28 2018 (r482902) @@ -12,9 +12,6 @@ COMMENT= Portable scriptable network and serial commun LICENSE= BSD3CLAUSE -BROKEN_SSL= openssl-devel -BROKEN_SSL_REASON_openssl-devel= incomplete definition of type 'struct x509_store_ctx_st' - USES= ssl NO_WRKSUBDIR= yes MAKEFILE= makefile Added: head/comms/kermit/files/patch-ck__ssl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/comms/kermit/files/patch-ck__ssl.c Wed Oct 24 11:47:28 2018 (r482902) @@ -0,0 +1,379 @@ +--- ck_ssl.c.orig 2017-04-26 15:56:23 UTC ++++ ck_ssl.c +@@ -303,7 +303,7 @@ X509_STORE_CTX *ctx; + break; + default: + printf("Error %d while verifying certificate.\r\n", +- ctx->error); ++ error); + break; + } + } +@@ -935,13 +935,32 @@ static DH * + get_dh512() + { + DH *dh=NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ BIGNUM *p, *g; ++#endif + + if ((dh=DH_new()) == NULL) + return(NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); ++ g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); ++ if (p == NULL || g == NULL) { ++ BN_free(g); ++ BN_free(p); ++ DH_free(dh); ++ return(NULL); ++ } else ++ DH_set0_pqg(dh, p, NULL, g); ++#else + dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); + dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ BN_free(dh->g); ++ BN_free(dh->p); ++ DH_free(dh); + return(NULL); ++ } ++#endif + return(dh); + } + +@@ -949,13 +968,32 @@ static DH * + get_dh768() + { + DH *dh=NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ BIGNUM *p, *g; ++#endif + + if ((dh=DH_new()) == NULL) + return(NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL); ++ g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL); ++ if (p == NULL || g == NULL) { ++ BN_free(g); ++ BN_free(p); ++ DH_free(dh); ++ return(NULL); ++ } else ++ DH_set0_pqg(dh, p, NULL, g); ++#else + dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL); + dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ BN_free(dh->g); ++ BN_free(dh->p); ++ DH_free(dh); + return(NULL); ++ } ++#endif + return(dh); + } + +@@ -963,13 +1001,32 @@ static DH * + get_dh1024() + { + DH *dh=NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ BIGNUM *p, *g; ++#endif + + if ((dh=DH_new()) == NULL) + return(NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); ++ g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); ++ if (p == NULL || g == NULL) { ++ BN_free(g); ++ BN_free(p); ++ DH_free(dh); ++ return(NULL); ++ } else ++ DH_set0_pqg(dh, p, NULL, g); ++#else + dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); + dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ BN_free(dh->g); ++ BN_free(dh->p); ++ DH_free(dh); + return(NULL); ++ } ++#endif + return(dh); + } + +@@ -977,13 +1034,32 @@ static DH * + get_dh1536() + { + DH *dh=NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ BIGNUM *p, *g; ++#endif + + if ((dh=DH_new()) == NULL) + return(NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL); ++ g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL); ++ if (p == NULL || g == NULL) { ++ BN_free(g); ++ BN_free(p); ++ DH_free(dh); ++ return(NULL); ++ } else ++ DH_set0_pqg(dh, p, NULL, g); ++#else + dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL); + dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ BN_free(dh->g); ++ BN_free(dh->p); ++ DH_free(dh); + return(NULL); ++ } ++#endif + return(dh); + } + +@@ -991,13 +1067,32 @@ static DH * + get_dh2048() + { + DH *dh=NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ BIGNUM *p, *g; ++#endif + + if ((dh=DH_new()) == NULL) + return(NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ++ g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ++ if (p == NULL || g == NULL) { ++ BN_free(g); ++ BN_free(p); ++ DH_free(dh); ++ return(NULL); ++ } else ++ DH_set0_pqg(dh, p, NULL, g); ++#else + dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ BN_free(dh->g); ++ BN_free(dh->p); ++ DH_free(dh); + return(NULL); ++ } ++#endif + return(dh); + } + #endif /* NO_DH */ +@@ -1057,13 +1152,13 @@ ssl_display_comp(SSL * ssl) + return; + + #ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */ +- if (ssl->expand == NULL || ssl->expand->meth == NULL) ++ if (SSL_get_current_expansion(ssl) == NULL) + #endif /* OPENSSL_NO_COMP */ + printf("Compression: None\r\n"); + + #ifndef OPENSSL_NO_COMP /* ifdefs Bernard Spil 12/2015 */ + else { +- printf("Compression: %s\r\n",ssl->expand->meth->name); ++ printf("Compression: %s\r\n", SSL_COMP_get_name(SSL_get_current_expansion(ssl))); + } + #endif /* OPENSSL_NO_COMP */ + } +@@ -1489,13 +1584,23 @@ the build.\r\n\r\n"); + + #ifdef ZLIB + cm = COMP_zlib(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (cm != NULL && COMP_get_type(cm) != NID_undef) { ++#else + if (cm != NULL && cm->type != NID_undef) { ++#endif + SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */ + } + #endif /* ZLIB */ ++#ifdef NID_rle_compression + cm = COMP_rle(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (cm != NULL && COMP_get_type(cm) != NID_undef) ++#else + if (cm != NULL && cm->type != NID_undef) ++#endif + SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */ ++#endif /* NID_rle_compression */ + + /* Ensure the Random number generator has enough entropy */ + if ( !RAND_status() ) { +@@ -2623,7 +2728,11 @@ ssl_anonymous_cipher(ssl) SSL * ssl; + int + ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + { ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT *obj; ++#else + X509_OBJECT obj; ++#endif + X509_NAME *subject = NULL; + X509_NAME *issuer = NULL; + X509 *xs = NULL; +@@ -2643,6 +2752,12 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + if (!crl_store) + return ok; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ obj = X509_OBJECT_new(); ++ if (!obj) ++ return(ok); ++#endif ++ + store_ctx = X509_STORE_CTX_new(); + if ( !store_ctx ) + return(ok); +@@ -2689,11 +2804,19 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + * Try to retrieve a CRL corresponding to the _subject_ of + * the current certificate in order to verify it's integrity. + */ ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + memset((char *)&obj, 0, sizeof(obj)); ++#endif + X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); ++ X509_STORE_CTX_cleanup(store_ctx); ++ crl = X509_OBJECT_get0_X509_CRL(obj); ++#else + rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj); + X509_STORE_CTX_cleanup(store_ctx); + crl = obj.data.crl; ++#endif + if (rc > 0 && crl != NULL) { + /* + * Verify the signature on this CRL +@@ -2701,7 +2824,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) { + fprintf(stderr, "Invalid signature on CRL!\n"); + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT_free(obj); ++#else + X509_OBJECT_free_contents(&obj); ++#endif + X509_STORE_CTX_free(store_ctx); + return 0; + } +@@ -2714,7 +2841,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + fprintf(stderr, "Found CRL has invalid nextUpdate field.\n"); + X509_STORE_CTX_set_error(ctx, + X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT_free(obj); ++#else + X509_OBJECT_free_contents(&obj); ++#endif + X509_STORE_CTX_free(store_ctx); + return 0; + } +@@ -2723,22 +2854,38 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + "Found CRL is expired - revoking all certificates until you get updated CRL.\n" + ); + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT_free(obj); ++#else + X509_OBJECT_free_contents(&obj); ++#endif + X509_STORE_CTX_free(store_ctx); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT_free(obj); ++#else + X509_OBJECT_free_contents(&obj); ++#endif + } + + /* + * Try to retrieve a CRL corresponding to the _issuer_ of + * the current certificate in order to check for revocation. + */ ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + memset((char *)&obj, 0, sizeof(obj)); ++#endif + X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); ++ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */ ++ crl = X509_OBJECT_get0_X509_CRL(obj); ++#else + rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj); + X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */ + crl = obj.data.crl; ++#endif + if (rc > 0 && crl != NULL) { + /* + * Check if the current certificate is revoked by this CRL +@@ -2746,19 +2893,34 @@ ssl_verify_crl(int ok, X509_STORE_CTX *ctx) + n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); + for (i = 0; i < n; i++) { + revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked), ++ X509_get_serialNumber(xs)) == 0) { ++ ++ serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked)); ++#else + if (ASN1_INTEGER_cmp(revoked->serialNumber, + X509_get_serialNumber(xs)) == 0) { + + serial = ASN1_INTEGER_get(revoked->serialNumber); ++#endif + cp = X509_NAME_oneline(issuer, NULL, 0); + free(cp); + + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT_free(obj); ++#else + X509_OBJECT_free_contents(&obj); ++#endif + return 0; + } + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ X509_OBJECT_free(obj); ++#else + X509_OBJECT_free_contents(&obj); ++#endif + } + return ok; + } +@@ -4399,7 +4561,14 @@ X509_userok(X509 * peer_cert, const char * userid) + if (!(fp = fopen(buf, "r"))) + return 0; + while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ ASN1_BIT_STRING *peer_cert_sig, *file_cert_sig; ++ X509_get0_signature(&peer_cert_sig, NULL, peer_cert); ++ X509_get0_signature(&file_cert_sig, NULL, file_cert); ++ if (!ASN1_STRING_cmp(peer_cert_sig, file_cert_sig)) ++#else + if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature)) ++#endif + r = 1; + X509_free(file_cert); + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810241147.w9OBlS8n018383>