[packages/libeXosip2] - rel 4; openssl fix from archlinux
arekm
arekm at pld-linux.org
Wed Sep 26 13:22:44 CEST 2018
commit 567b69c33e95c6717f2410c0abb4d2d9b1dd6ead
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Sep 26 13:22:37 2018 +0200
- rel 4; openssl fix from archlinux
libeXosip2.spec | 4 ++-
openssl.patch | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 98 insertions(+), 1 deletion(-)
---
diff --git a/libeXosip2.spec b/libeXosip2.spec
index 183a793..864d34b 100644
--- a/libeXosip2.spec
+++ b/libeXosip2.spec
@@ -2,12 +2,13 @@ Summary: The eXtended osip library
Summary(pl.UTF-8): Rozszerzona biblioteka osip
Name: libeXosip2
Version: 5.0.0
-Release: 3
+Release: 4
License: GPL v2+
Group: Libraries
Source0: http://download.savannah.gnu.org/releases/exosip/libexosip2-%{version}.tar.gz
# Source0-md5: 91a69fdd7d5da5b94e71b764cabb2e29
Patch0: %{name}-link.patch
+Patch1: openssl.patch
URL: http://savannah.nongnu.org/projects/exosip
BuildRequires: autoconf >= 2.69
BuildRequires: automake
@@ -65,6 +66,7 @@ Statyczna biblioteka libeXosip2.
%prep
%setup -q -n libexosip2-%{version}
%patch0 -p1
+%patch1 -p1
%build
%{__libtoolize}
diff --git a/openssl.patch b/openssl.patch
new file mode 100644
index 0000000..b224d61
--- /dev/null
+++ b/openssl.patch
@@ -0,0 +1,95 @@
+## Description: add some description
+## Origin/Author: add some origin or author
+## Bug: bug URL
+diff -urip libexosip2-4.1.0/src/eXtl_dtls.c libexosip2-4.1.0.openssl110/src/eXtl_dtls.c
+--- libexosip2-4.1.0/src/eXtl_dtls.c 2014-01-06 19:30:21.000000000 +0100
++++ libexosip2-4.1.0.openssl110/src/eXtl_dtls.c 2016-11-07 20:23:01.503943171 +0100
+@@ -233,7 +233,7 @@ shutdown_free_client_dtls (struct eXosip
+
+ BIO_ctrl (rbio, BIO_CTRL_DGRAM_SET_PEER, 0, (char *) &addr);
+
+- (reserved->socket_tab[pos].ssl_conn)->rbio = rbio;
++ SSL_set0_rbio((reserved->socket_tab[pos].ssl_conn), rbio);
+
+ i = SSL_shutdown (reserved->socket_tab[pos].ssl_conn);
+
+@@ -588,12 +588,11 @@ dtls_tl_read_message (struct eXosip_t *e
+ rbio = BIO_new_mem_buf (enc_buf, enc_buf_len);
+ BIO_set_mem_eof_return (rbio, -1);
+
+- reserved->socket_tab[pos].ssl_conn->rbio = rbio;
++ SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, rbio);
+
+ i = SSL_read (reserved->socket_tab[pos].ssl_conn, dec_buf, SIP_MESSAGE_MAX_LENGTH);
+ /* done with the rbio */
+- BIO_free (reserved->socket_tab[pos].ssl_conn->rbio);
+- reserved->socket_tab[pos].ssl_conn->rbio = BIO_new (BIO_s_mem ());
++ SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, BIO_new (BIO_s_mem ()));
+
+ if (i > 5) {
+ dec_buf[i] = '\0';
+@@ -904,7 +903,7 @@ dtls_tl_send_message (struct eXosip_t *e
+ _dtls_stream_used = &reserved->socket_tab[pos];
+ rbio = BIO_new_dgram (reserved->dtls_socket, BIO_NOCLOSE);
+ BIO_ctrl (rbio, BIO_CTRL_DGRAM_SET_PEER, 0, (char *) &addr);
+- reserved->socket_tab[pos].ssl_conn->rbio = rbio;
++ SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, rbio);
+ break;
+ }
+ }
+@@ -918,7 +917,7 @@ dtls_tl_send_message (struct eXosip_t *e
+ _dtls_stream_used = &reserved->socket_tab[pos];
+ rbio = BIO_new_dgram (reserved->dtls_socket, BIO_NOCLOSE);
+ BIO_ctrl (rbio, BIO_CTRL_DGRAM_SET_PEER, 0, (char *) &addr);
+- reserved->socket_tab[pos].ssl_conn->rbio = rbio;
++ SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, rbio);
+ break;
+ }
+ }
+diff -urip libexosip2-4.1.0/src/eXtl_tls.c libexosip2-4.1.0.openssl110/src/eXtl_tls.c
+--- libexosip2-4.1.0/src/eXtl_tls.c 2014-01-06 19:30:21.000000000 +0100
++++ libexosip2-4.1.0.openssl110/src/eXtl_tls.c 2016-11-07 20:27:51.568892332 +0100
+@@ -838,7 +838,7 @@ verify_cb (int preverify_ok, X509_STORE_
+ * it for something special
+ */
+ if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+- X509_NAME_oneline (X509_get_issuer_name (store->current_cert), buf, 256);
++ X509_NAME_oneline (X509_get_issuer_name (X509_STORE_CTX_get_current_cert(store)), buf, 256);
+ OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "issuer= %s\n", buf));
+ }
+
+@@ -1155,7 +1155,7 @@ initialize_client_ctx (struct eXosip_t *
+ }
+ else {
+ /* this is used to add a trusted certificate */
+- X509_STORE_add_cert (ctx->cert_store, cert);
++ X509_STORE_add_cert (SSL_CTX_get_cert_store(ctx), cert);
+ }
+ BIO_free (bio);
+ }
+@@ -1231,16 +1231,21 @@
+ if (excontext->tls_verify_client_certificate > 0 && sni_servernameindication!=NULL) {
+ X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store (ctx);
+ const X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_lookup ("ssl_server");
++#if (OPENSSL_VERSION_NUMBER > 0x10001000L)
++ X509_VERIFY_PARAM *store_param = X509_STORE_get0_param(pkix_validation_store);
++#else
++ X509_VERIFY_PARAM *store_param = pkix_validation_store->param;
++#endif
+
+ if (param != NULL) { /* const value, we have to copy (inherit) */
+- if (X509_VERIFY_PARAM_inherit (pkix_validation_store->param, param)) {
++ if (X509_VERIFY_PARAM_inherit (store_param, param)) {
+ X509_STORE_set_flags (pkix_validation_store, X509_V_FLAG_TRUSTED_FIRST);
+ X509_STORE_set_flags (pkix_validation_store, X509_V_FLAG_PARTIAL_CHAIN);
+ } else {
+ OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "PARAM_inherit: failed for ssl_server\n"));
+ }
+- if (X509_VERIFY_PARAM_set1_host (pkix_validation_store->param, sni_servernameindication, 0)) {
+- X509_VERIFY_PARAM_set_hostflags (pkix_validation_store->param, X509_CHECK_FLAG_NO_WILDCARDS);
++ if (X509_VERIFY_PARAM_set1_host (store_param, sni_servernameindication, 0)) {
++ X509_VERIFY_PARAM_set_hostflags (store_param, X509_CHECK_FLAG_NO_WILDCARDS);
+ } else {
+ OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "PARAM_set1_host: %s failed\n", sni_servernameindication));
+ }
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libeXosip2.git/commitdiff/567b69c33e95c6717f2410c0abb4d2d9b1dd6ead
More information about the pld-cvs-commit
mailing list