Репозитории ALT
S: | 2007f-alt1 |
5.1: | 2004g-alt2 |
4.1: | 2004g-alt1.1 |
4.0: | 2004g-alt1.1 |
3.0: | 2001a-alt9.1.1 |
Группа :: Система/Серверы
Пакет: uw-imap
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: uw-imap-2001a-debian-openssl1.1_autoverify.patch
Скачать
Скачать
Description: Support OpenSSL 1.1
When building with OpenSSL 1.1 and newer, use the new built-in
hostname verification instead of code that doesn't compile due to
structs having been made opaque.
Bug-Debian: https://bugs.debian.org/828589
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@ -215,8 +215,15 @@
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs */
+ }
SSL_CTX_set_default_verify_paths (stream->context);
/* create connection */
if (!(stream->con = (SSL *) SSL_new (stream->context)))
@@ -229,6 +236,7 @@
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT)) {
/* get certificate */
if (!(cert = SSL_get_peer_certificate (stream->con)))
@@ -247,6 +255,7 @@
return ssl_last_error = cpystr (tmp);
}
}
+#endif
return NIL;
}