Date: Saturday, February 11, 2017 @ 18:40:56
Author: pierre
Revision: 288683
upgpkg: imap 2007f-7
OpenSSL 1.1 rebuild
Added:
imap/trunk/1006_openssl1.1_autoverify.patch
Modified:
imap/trunk/PKGBUILD
----------------------------------+
1006_openssl1.1_autoverify.patch | 58 +++++++++++++++++++++++++++++++++++++
PKGBUILD | 6 ++-
2 files changed, 62 insertions(+), 2 deletions(-)
Added: 1006_openssl1.1_autoverify.patch
===================================================================
--- 1006_openssl1.1_autoverify.patch (rev 0)
+++ 1006_openssl1.1_autoverify.patch 2017-02-11 18:40:56 UTC (rev 288683)
@@ -0,0 +1,58 @@
+Description: Support OpenSSL 1.1
+ When building with OpenSSL 1.1 and newer, use the new built-in
+ hostname verification instead of code that doesn't compile due to
+ structs having been made opaque.
+Bug-Debian: https://bugs.debian.org/828589
+
+--- a/src/osdep/unix/ssl_unix.c
++++ b/src/osdep/unix/ssl_unix.c
+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
+ /* disable certificate validation? */
+ if (flags & NET_NOVALIDATECERT)
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
+- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
++ else {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
++ X509_VERIFY_PARAM_set_hostflags(param,
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++ X509_VERIFY_PARAM_set1_host(param, host, 0);
++#endif
++
++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ /* set default paths to CAs... */
++ }
+ SSL_CTX_set_default_verify_paths (stream->context);
+ /* ...unless a non-standard path desired */
+ if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
+ if (SSL_write (stream->con,"",0) < 0)
+ return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ /* need to validate host names? */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if (!(flags & NET_NOVALIDATECERT) &&
+ (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+ host))) {
+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
+ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
+ return ssl_last_error = cpystr (tmp);
+ }
++#endif
+ return NIL;
+ }
+ �
+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
+ * Returns: NIL if validated, else string of error message
+ */
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static char *ssl_validate_cert (X509 *cert,char *host)
+ {
+ int i,n;
+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
+ else ret = "Unable to locate common name in certificate";
+ return ret;
+ }
++#endif
+ �
+ /* Case-independent wildcard pattern match
+ * Accepts: base string
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-02-11 17:19:43 UTC (rev 288682)
+++ PKGBUILD 2017-02-11 18:40:56 UTC (rev 288683)
@@ -3,17 +3,18 @@
pkgbase=imap
pkgname=(imap c-client)
pkgver=2007f
-pkgrel=6
+pkgrel=7
arch=('i686' 'x86_64')
license=('APACHE')
url="http://www.washington.edu/imap";
makedepends=('pam')
source=("ftp://ftp.cac.washington.edu/imap/${pkgname}-${pkgver}.tar.gz";
- 'c-client-2006k_GENTOO_amd64-so-fix.patch'
+ 'c-client-2006k_GENTOO_amd64-so-fix.patch'
'1006_openssl1.1_autoverify.patch'
'imap' 'ipop2' 'ipop3')
options=('staticlibs')
md5sums=('2126fd125ea26b73b20f01fcd5940369'
'7f3937a871edd54203fe51f91423e204'
+ 'cc8cc4df43f73bc144b9a41c55ef5991'
'3ae5b3b333bc8ea2da106f6a97d7bd8d'
'448f988dc5f9bdb2223dcea3abc4f5f1'
'1499b13015075f0aafba04324a6f523a')
@@ -28,6 +29,7 @@
-i src/osdep/unix/Makefile
patch -p1 -i $srcdir/c-client-2006k_GENTOO_amd64-so-fix.patch
+ patch -p1 -i $srcdir/1006_openssl1.1_autoverify.patch
}
build() {
