Hello community, here is the log from the commit of package tlswrap for openSUSE:Factory checked in at 2017-12-06 08:59:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tlswrap (Old) and /work/SRC/openSUSE:Factory/.tlswrap.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tlswrap" Wed Dec 6 08:59:41 2017 rev:3 rq:548516 version:1.04 Changes: -------- --- /work/SRC/openSUSE:Factory/tlswrap/tlswrap.changes 2017-12-05 01:30:42.196284606 +0100 +++ /work/SRC/openSUSE:Factory/.tlswrap.new/tlswrap.changes 2017-12-06 08:59:43.466491667 +0100 @@ -1,0 +2,7 @@ +Tue Dec 5 03:46:14 UTC 2017 - [email protected] + +- Add openssl-1_1-compat.patch for OpenSSL 1.1 compatibility, + build with default openssl version +- Package license and documentation + +------------------------------------------------------------------- New: ---- openssl-1_1-compat.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tlswrap.spec ++++++ --- /var/tmp/diff_new_pack.oMjvkq/_old 2017-12-06 08:59:43.982472781 +0100 +++ /var/tmp/diff_new_pack.oMjvkq/_new 2017-12-06 08:59:43.982472781 +0100 @@ -24,15 +24,12 @@ Group: Productivity/Networking/Ftp/Clients Url: http://www.tlswrap.com/ Source0: %{name}-%{version}.tar.gz +Patch0: openssl-1_1-compat.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc -%if %{suse_version} >= 1330 -BuildRequires: libopenssl-1_0_0-devel -%else -BuildRequires: openssl-devel -%endif BuildRequires: make +BuildRequires: openssl-devel %description TLS/SSL FTP wrapper/proxy, allowing you to use your favorite FTP client with @@ -40,6 +37,7 @@ %prep %setup -q +%patch0 -p1 %build autoreconf -fi @@ -51,7 +49,8 @@ %files %defattr(-,root,root) -%doc +%license COPYING +%doc README %{_bindir}/tlswrap %changelog ++++++ openssl-1_1-compat.patch ++++++ diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c --- tlswrap-1.04.orig/tls.c 2006-11-25 19:52:08.000000000 +0100 +++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100 @@ -73,10 +73,12 @@ printf("egd_sock is %s\n", egd_sock); #ifdef HAVE_RAND_STATUS if (RAND_status() != 1) { +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) if ( RAND_egd(egd_sock) == -1 ) { fprintf(stderr, "egd_sock is %s\n", egd_sock); sys_err("RAND_egd failed\n"); } +#endif if (RAND_status() != 1) sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); } @@ -262,7 +264,8 @@ int ok, extcount, i, j; char *extstr; SSL *ssl; -#if (OPENSSL_VERSION_NUMBER > 0x00908000L) +#if (OPENSSL_VERSION_NUMBER > 0x10100000L) +#elif (OPENSSL_VERSION_NUMBER > 0x00908000L) unsigned char const *data1; #else unsigned char *data1; @@ -279,6 +282,16 @@ if (debug) printf("tls_cert2\n"); +#if (OPENSSL_VERSION_NUMBER > 0x10100000L) + if (ud->sec_level > 3) { + X509_VERIFY_PARAM *param = SSL_get0_param(ssl); + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0); + X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host); + SSL_set_verify(ssl, SSL_VERIFY_PEER, 0); + } +#endif + if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL) return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* can only be NULL on 'anonymous DH connections' so shouldn't happen. */ @@ -287,6 +300,8 @@ return SSL_get_verify_result(ssl); } + +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) if ((extcount = X509_get_ext_count(x509_peer)) > 0) { if (debug) printf("extcount = %d\n", extcount); for (i = 0; i < extcount; i++) { @@ -333,6 +348,7 @@ return X509_V_ERR_APPLICATION_VERIFICATION; } } +#endif X509_free(x509_peer); return SSL_get_verify_result(ssl); }
