The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped automatically by the mailing list software.
--- Begin Message ---Patch to compile ustream-ssl with openssl-1.1.0, maintaining compatibility with openssl 1.0.2. Fixed flag handling in ustream-io-openssl.c. Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com> --- openssl_bio_compat.h | 33 +++++++++++++++++++++++++++++++++ ustream-io-openssl.c | 46 ++++++++++++++++++++++------------------------ ustream-openssl.c | 30 +++++++++++++++++++----------- 3 files changed, 74 insertions(+), 35 deletions(-) create mode 100644 openssl_bio_compat.h diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h new file mode 100644 index 0000000..9355c86 --- /dev/null +++ b/openssl_bio_compat.h @@ -0,0 +1,33 @@ +#ifndef OPENSSL_BIO_COMPAT_H +#define OPENSSL_BIO_COMPAT_H + +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <openssl/bio.h> +#include <string.h> + +#define BIO_get_data(b) (b->ptr) +#define BIO_set_data(b, v) (b->ptr = v) +#define BIO_set_init(b, v) (b->init = v) +#define BIO_meth_set_write(m, f) (m->bwrite = f) +#define BIO_meth_set_read(m, f) (m->bread = f) +#define BIO_meth_set_puts(m, f) (m->bputs = f) +#define BIO_meth_set_gets(m, f) (m->bgets = f) +#define BIO_meth_set_ctrl(m, f) (m->ctrl = f) +#define BIO_meth_set_create(m, f) (m->create = f) +#define BIO_meth_set_destroy(m, f) (m->destroy = f) + +static inline BIO_METHOD *BIO_meth_new(int type, const char *name) +{ + BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD)); + if (bm) { + bm->type = type; + bm->name = name; + } + return bm; +} + +#endif /* OPENSSL_VERSION_NUMBER */ + +#endif /* OPENSSL_BIO_COMPAT_H */ diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c index 6711055..606ed4a 100644 --- a/ustream-io-openssl.c +++ b/ustream-io-openssl.c @@ -21,15 +21,15 @@ #include <libubox/ustream.h> #include "ustream-ssl.h" +#include "openssl_bio_compat.h" #include "ustream-internal.h" static int s_ustream_new(BIO *b) { - b->init = 1; - b->num = 0; - b->ptr = NULL; - b->flags = 0; + BIO_set_init(b, 1); + BIO_set_data(b, NULL); + BIO_clear_flags(b, ~0); return 1; } @@ -39,9 +39,9 @@ s_ustream_free(BIO *b) if (!b) return 0; - b->ptr = NULL; - b->init = 0; - b->flags = 0; + BIO_set_data(b, NULL); + BIO_set_init(b, 0); + BIO_clear_flags(b, ~0); return 1; } @@ -55,7 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len) if (!buf || len <= 0) return 0; - s = (struct ustream *)b->ptr; + s = (struct ustream *)BIO_get_data(b); if (!s) return 0; @@ -84,7 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len) if (!buf || len <= 0) return 0; - s = (struct ustream *)b->ptr; + s = (struct ustream *)BIO_get_data(b); if (!s) return 0; @@ -116,25 +116,23 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr) }; } -static BIO_METHOD methods_ustream = { - 100 | BIO_TYPE_SOURCE_SINK, - "ustream", - s_ustream_write, - s_ustream_read, - s_ustream_puts, - s_ustream_gets, - s_ustream_ctrl, - s_ustream_new, - s_ustream_free, - NULL, -}; - static BIO *ustream_bio_new(struct ustream *s) { BIO *bio; - bio = BIO_new(&methods_ustream); - bio->ptr = s; + BIO_METHOD *methods_ustream; + + methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream"); + BIO_meth_set_write(methods_ustream, s_ustream_write); + BIO_meth_set_read(methods_ustream, s_ustream_read); + BIO_meth_set_puts(methods_ustream, s_ustream_puts); + BIO_meth_set_gets(methods_ustream, s_ustream_gets); + BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl); + BIO_meth_set_create(methods_ustream, s_ustream_new); + BIO_meth_set_destroy(methods_ustream, s_ustream_free); + bio = BIO_new(methods_ustream); + BIO_set_data(bio, s); + return bio; } diff --git a/ustream-openssl.c b/ustream-openssl.c index 91bc4e8..c6839ea 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -25,35 +25,43 @@ __hidden struct ustream_ssl_ctx * __ustream_ssl_context_new(bool server) { - static bool _init = false; const void *m; SSL_CTX *c; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + static bool _init = false; + if (!_init) { SSL_load_error_strings(); SSL_library_init(); _init = true; } - - if (server) -#ifdef CYASSL_OPENSSL_H_ - m = SSLv23_server_method(); -#else - m = TLSv1_2_server_method(); +# define TLS_server_method SSLv23_server_method +# define TLS_client_method SSLv23_client_method #endif - else - m = SSLv23_client_method(); + + if (server) { + m = TLS_server_method(); + } else + m = TLS_client_method(); c = SSL_CTX_new((void *) m); if (!c) return NULL; SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); -#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) + SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */ +#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(c, 1); #endif - if (server) + if (server) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); +#else + SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); +#endif SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); + } SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; -- 2.16.4
--- End Message ---
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/listinfo/openwrt-devel