[packages/openwsman] - rel 3; openssl build fix from https://github.com/Openwsman/openwsman/pull/99
arekm
arekm at pld-linux.org
Mon Sep 17 10:30:07 CEST 2018
commit 9ad9a69a2b818c089aa49ed2946c2f851163f063
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Mon Sep 17 10:29:57 2018 +0200
- rel 3; openssl build fix from https://github.com/Openwsman/openwsman/pull/99
openssl.patch | 200 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
openwsman.spec | 4 +-
2 files changed, 203 insertions(+), 1 deletion(-)
---
diff --git a/openwsman.spec b/openwsman.spec
index 79a0dac..a715993 100644
--- a/openwsman.spec
+++ b/openwsman.spec
@@ -14,7 +14,7 @@ Summary: Implementation of the Web Services Management specification (WS-Managem
Summary(pl.UTF-8): Implementacja specyfikacji Web Services Management (WS-Management)
Name: openwsman
Version: 2.6.5
-Release: 2
+Release: 3
License: BSD
Group: Libraries
Source0: https://github.com/Openwsman/openwsman/archive/v%{version}/%{name}-%{version}.tar.gz
@@ -22,6 +22,7 @@ Source0: https://github.com/Openwsman/openwsman/archive/v%{version}/%{name}-%{ve
Patch0: %{name}-link.patch
Patch1: rdoc-rubygems.patch
Patch2: %{name}-python.patch
+Patch3: openssl.patch
URL: https://github.com/Openwsman
BuildRequires: cmake >= 2.4
BuildRequires: curl-devel >= 7.12.0
@@ -152,6 +153,7 @@ Wiązania języka Ruby do bibliotek openwsman.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
%build
install -d build
diff --git a/openssl.patch b/openssl.patch
new file mode 100644
index 0000000..b80f0df
--- /dev/null
+++ b/openssl.patch
@@ -0,0 +1,200 @@
+From 18d2b26e6e9ce10482de6a5aa41d1d6ea83fdbf4 Mon Sep 17 00:00:00 2001
+From: Vitezslav Crhonek <vcrhonek at redhat.com>
+Date: Tue, 10 Jan 2017 14:25:43 +0100
+Subject: [PATCH] Port to OpenSSL 1.1.0
+
+---
+ src/lib/wsman-curl-client-transport.c | 6 +++-
+ src/server/shttpd/io_ssl.c | 17 ----------
+ src/server/shttpd/shttpd.c | 20 ++++--------
+ src/server/shttpd/ssl.h | 46 ---------------------------
+ 4 files changed, 12 insertions(+), 77 deletions(-)
+
+diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
+index cd7f517a..e64ad097 100644
+--- a/src/lib/wsman-curl-client-transport.c
++++ b/src/lib/wsman-curl-client-transport.c
+@@ -241,12 +241,16 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data)
+ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
+ {
+ unsigned char *thumbprint = (unsigned char *)arg;
+- X509 *cert = ctx->cert;
+ EVP_MD *tempDigest;
+
+ unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
+ unsigned int tempFingerprintLen;
+ tempDigest = (EVP_MD*)EVP_sha1( );
++
++ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
++ if(!cert)
++ return 0;
++
+ if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
+ return 0;
+ if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
+diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
+index 6de0db2a..7ac669e4 100644
+--- a/src/server/shttpd/io_ssl.c
++++ b/src/server/shttpd/io_ssl.c
+@@ -11,23 +11,6 @@
+ #include "defs.h"
+
+ #if !defined(NO_SSL)
+-struct ssl_func ssl_sw[] = {
+- {"SSL_free", {0}},
+- {"SSL_accept", {0}},
+- {"SSL_connect", {0}},
+- {"SSL_read", {0}},
+- {"SSL_write", {0}},
+- {"SSL_get_error", {0}},
+- {"SSL_set_fd", {0}},
+- {"SSL_new", {0}},
+- {"SSL_CTX_new", {0}},
+- {"SSLv23_server_method", {0}},
+- {"SSL_library_init", {0}},
+- {"SSL_CTX_use_PrivateKey_file", {0}},
+- {"SSL_CTX_use_certificate_file",{0}},
+- {NULL, {0}}
+-};
+-
+ void
+ _shttpd_ssl_handshake(struct stream *stream)
+ {
+diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
+index 6d8e5180..50588152 100644
+--- a/src/server/shttpd/shttpd.c
++++ b/src/server/shttpd/shttpd.c
+@@ -1474,20 +1474,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+ char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols();
+ int retval = FALSE;
+
+- /* Load SSL library dynamically */
+- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
+- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
+- return (FALSE);
+- }
+-
+- for (fp = ssl_sw; fp->name != NULL; fp++)
+- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
+- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
+- return (FALSE);
+- }
+-
+ /* Initialize SSL crap */
++ debug("Initialize SSL");
++ SSL_load_error_strings();
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
++ #else
++ OPENSSL_init_ssl(0, NULL);
++ #endif
+
+ if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
+ _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
+@@ -1523,7 +1517,7 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+ if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
+ //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
+ debug("SSL: disable %s protocol", protocols[idx].name);
+- SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
++ SSL_CTX_set_options(CTX, protocols[idx].opt);
+ break;
+ }
+ }
+diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
+index a863f2c7..8dad0109 100644
+--- a/src/server/shttpd/ssl.h
++++ b/src/server/shttpd/ssl.h
+@@ -12,50 +12,4 @@
+
+ #include <openssl/ssl.h>
+
+-#else
+-
+-/*
+- * Snatched from OpenSSL includes. I put the prototypes here to be independent
+- * from the OpenSSL source installation. Having this, shttpd + SSL can be
+- * built on any system with binary SSL libraries installed.
+- */
+-
+-typedef struct ssl_st SSL;
+-typedef struct ssl_method_st SSL_METHOD;
+-typedef struct ssl_ctx_st SSL_CTX;
+-
+-#define SSL_ERROR_WANT_READ 2
+-#define SSL_ERROR_WANT_WRITE 3
+-#define SSL_ERROR_SYSCALL 5
+-#define SSL_FILETYPE_PEM 1
+-
+ #endif
+-
+-/*
+- * Dynamically loaded SSL functionality
+- */
+-struct ssl_func {
+- const char *name; /* SSL function name */
+- union variant ptr; /* Function pointer */
+-};
+-
+-extern struct ssl_func ssl_sw[];
+-
+-#define FUNC(x) ssl_sw[x].ptr.v_func
+-
+-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x)
+-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x)
+-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x)
+-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
+-#define SSL_write(x,y,z) \
+- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
+-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
+-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y))
+-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
+-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
+-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
+-#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
+-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
+- const char *, int)) FUNC(11))((x), (y), (z))
+-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \
+- const char *, int)) FUNC(12))((x), (y), (z))
+From 2d804eb7d3ae44d2c0f935d775e491be39f7b598 Mon Sep 17 00:00:00 2001
+From: Vitezslav Crhonek <vcrhonek at redhat.com>
+Date: Mon, 24 Apr 2017 11:28:39 +0200
+Subject: [PATCH] Check OpenSSL version number to allow builds with older
+ version
+
+---
+ src/lib/wsman-curl-client-transport.c | 4 ++++
+ src/server/shttpd/shttpd.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
+index e64ad097..4fc047e8 100644
+--- a/src/lib/wsman-curl-client-transport.c
++++ b/src/lib/wsman-curl-client-transport.c
+@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void
+ unsigned int tempFingerprintLen;
+ tempDigest = (EVP_MD*)EVP_sha1( );
+
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ X509 *cert = ctx->cert;
++ #else
+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
++ #endif
+ if(!cert)
+ return 0;
+
+diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
+index 50588152..8d85c97f 100644
+--- a/src/server/shttpd/shttpd.c
++++ b/src/server/shttpd/shttpd.c
+@@ -1517,7 +1517,11 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+ if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
+ //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
+ debug("SSL: disable %s protocol", protocols[idx].name);
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
++ #else
+ SSL_CTX_set_options(CTX, protocols[idx].opt);
++ #endif
+ break;
+ }
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openwsman.git/commitdiff/9ad9a69a2b818c089aa49ed2946c2f851163f063
More information about the pld-cvs-commit
mailing list