On Wed, May 8, 2024 at 11:08 PM Zoltan Boszormenyi via lists.openembedded.org <[email protected]> wrote: > > The patch 0001-Support-OpenSSL-1.1.patch enabled building > uw-imap against OpenSSL 1.1.0 or later. > > However, TLSv1_client_method() and TLSv1_server_method() > restricts uw-imap to TLSv1.0. > > These APIs, along with explicitly versioned APIs like > TLSv1_1_*_method() and TLSv1_2_*_method() are deprecated > in OpenSSL 1.1.0 or later. The replacements are unversioned > API functions: TLS_client_method() and TLS_server_method() > which support TLS version autonegotiation. > > This allows the PHP IMAP extension to work with IMAP servers > that enforce TLSv1.2 or higher. > > Fixes: https://bugs.php.net/bug.php?id=76928 > Signed-off-by: Zoltán Böszörményi <[email protected]> > --- > .../uw-imap/uw-imap/uw-imap-newer-tls.patch | 29 +++++++++++++++++++ > .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + > 2 files changed, 30 insertions(+) > create mode 100644 > meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > > diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > new file mode 100644 > index 000000000..958abc90f > --- /dev/null > +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/uw-imap-newer-tls.patch > @@ -0,0 +1,29 @@ > +Signed-off-by: Zoltán Böszörményi <[email protected]> > +Upstream-Status: Pending > +
I think it will be good to submit this patch upstream to uw as well, > +--- imap-2007f/src/osdep/unix/ssl_unix.c.old 2024-05-08 09:41:06.183450584 > +0200 > ++++ imap-2007f/src/osdep/unix/ssl_unix.c 2024-05-08 09:43:38.512931933 > +0200 > +@@ -220,7 +220,11 @@ > + if (ssl_last_error) fs_give ((void **) &ssl_last_error); > + ssl_last_host = host; > + if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? > ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 > ++ TLS_client_method () : > ++#else > + TLSv1_client_method () : > ++#endif > + SSLv23_client_method ()))) > + return "SSL context failed"; > + SSL_CTX_set_options (stream->context,0); > +@@ -703,7 +707,11 @@ > + } > + /* create context */ > + if (!(stream->context = SSL_CTX_new (start_tls ? > ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 > ++ TLS_server_method () : > ++#else > + TLSv1_server_method () : > ++#endif > + SSLv23_server_method ()))) > + syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", > + tcp_clienthost ()); > diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > index dcb59f4ea..17faa3aa6 100644 > --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb > @@ -15,6 +15,7 @@ SRC_URI = > "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ > file://0001-Do-not-build-mtest.patch \ > file://0002-tmail-Include-ctype.h-for-isdigit.patch \ > file://0001-Fix-Wincompatible-function-pointer-types.patch \ > + file://uw-imap-newer-tls.patch \ > " > > SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" > -- > 2.45.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110282): https://lists.openembedded.org/g/openembedded-devel/message/110282 Mute This Topic: https://lists.openembedded.org/mt/105996685/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
