diff options
| author | joerg <joerg@pkgsrc.org> | 2020-04-15 22:38:18 +0000 |
|---|---|---|
| committer | joerg <joerg@pkgsrc.org> | 2020-04-15 22:38:18 +0000 |
| commit | 26fb2187fde93bfb66a66c60f5a839b95a3db6a6 (patch) | |
| tree | 0e6fd7539c3d6e2ac8b1ce364931087432bf083d | |
| parent | 4e38c76eb8a96c1ef5e2b26a79203642a98f3f94 (diff) | |
| download | pkgsrc-26fb2187fde93bfb66a66c60f5a839b95a3db6a6.tar.gz | |
Adopt OpenSSL 1.1 interfaces.
6 files changed, 123 insertions, 1 deletions
diff --git a/www/cherokee/distinfo b/www/cherokee/distinfo index 783238e628a..f4a34beac31 100644 --- a/www/cherokee/distinfo +++ b/www/cherokee/distinfo @@ -1,8 +1,13 @@ -$NetBSD: distinfo,v 1.7 2015/11/04 02:46:51 agc Exp $ +$NetBSD: distinfo,v 1.8 2020/04/15 22:38:18 joerg Exp $ SHA1 (cherokee-1.2.101.tar.gz) = b27f149c7d7111207ac8c3cd8a4856c05490d136 RMD160 (cherokee-1.2.101.tar.gz) = dd3dedc352ba17bdcefd8e200143b8ffa19ad035 SHA512 (cherokee-1.2.101.tar.gz) = a2c513cadcc0d43def2199d38c5248eb7dae4d100ea019d3d705e46741df6c0a8f9a164668eb3983d6bdfebdb1e28d29dc8e6bf7f6858c600307067e083e1098 Size (cherokee-1.2.101.tar.gz) = 6320209 bytes SHA1 (patch-cherokee_common-internal.h) = 730b67aa0cdf4990686e9529cec3a7fc1ddd90a5 +SHA1 (patch-cherokee_cryptor__libssl.c) = 86fba9edc122ba28bc38b1688013fa68192665bd +SHA1 (patch-cherokee_cryptor__libssl__dh__1024.c) = 331bf1bb18ec78f8ddb2e5e2ef18a48cf66b624a +SHA1 (patch-cherokee_cryptor__libssl__dh__2048.c) = 46541cfd1ab8dfcc14a14aa3240d2047dd044aaa +SHA1 (patch-cherokee_cryptor__libssl__dh__4096.c) = 8aa7c90d05fcefba59243a8b9671fca3f74f73d3 +SHA1 (patch-cherokee_cryptor__libssl__dh__512.c) = 8c0c43942b7fa2485e241f376c9d542cb9b506b9 SHA1 (patch-configure) = 58a25088320863dd00f4c7d4f050e1c163dbe6f3 diff --git a/www/cherokee/patches/patch-cherokee_cryptor__libssl.c b/www/cherokee/patches/patch-cherokee_cryptor__libssl.c new file mode 100644 index 00000000000..e9102d97de3 --- /dev/null +++ b/www/cherokee/patches/patch-cherokee_cryptor__libssl.c @@ -0,0 +1,37 @@ +$NetBSD: patch-cherokee_cryptor__libssl.c,v 1.1 2020/04/15 22:38:19 joerg Exp $ + +Use OpenSSL 1.1 interface. Drop renegotation option, it doesn't exist in +TLS 1.1 and newer. + +--- cherokee/cryptor_libssl.c.orig 2020-04-13 20:05:38.835019312 +0000 ++++ cherokee/cryptor_libssl.c +@@ -238,13 +238,13 @@ cherokee_cryptor_libssl_find_vserver (SS + /* SSL_set_SSL_CTX() only change certificates. We need to + * changes more options by hand. + */ +- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx)); ++ SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl))); + + if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) || + (SSL_num_renegotiations(ssl) == 0)) { + +- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), +- SSL_CTX_get_verify_callback(ssl->ctx)); ++ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)), ++ SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl))); + } + + return ret_ok; +@@ -672,12 +672,6 @@ _socket_init_tls (cherokee_cryptor_socke + } + #endif + +- /* Disable Ciphers renegotiation (CVE-2009-3555) +- */ +- if (cryp->session->s3) { +- cryp->session->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; +- } +- + return ret_ok; + } + diff --git a/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__1024.c b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__1024.c new file mode 100644 index 00000000000..eb70fda9989 --- /dev/null +++ b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__1024.c @@ -0,0 +1,20 @@ +$NetBSD: patch-cherokee_cryptor__libssl__dh__1024.c,v 1.1 2020/04/15 22:38:19 joerg Exp $ + +Use OpenSSL 1.1 interface. + +--- cherokee/cryptor_libssl_dh_1024.c.orig 2020-04-13 20:11:32.162747627 +0000 ++++ cherokee/cryptor_libssl_dh_1024.c +@@ -23,9 +23,10 @@ static DH *get_dh1024() + DH *dh; + + if ((dh=DH_new()) == NULL) return(NULL); +- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); +- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ BIGNUM *p = BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); ++ BIGNUM *g = BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); ++ DH_set0_pqg(dh, p, NULL, g); ++ if (p == NULL || g == NULL) + { DH_free(dh); return(NULL); } + return(dh); + } diff --git a/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__2048.c b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__2048.c new file mode 100644 index 00000000000..eb4dc501ec8 --- /dev/null +++ b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__2048.c @@ -0,0 +1,20 @@ +$NetBSD: patch-cherokee_cryptor__libssl__dh__2048.c,v 1.1 2020/04/15 22:38:19 joerg Exp $ + +Use OpenSSL 1.1 interface. + +--- cherokee/cryptor_libssl_dh_2048.c.orig 2020-04-13 20:11:21.574212142 +0000 ++++ cherokee/cryptor_libssl_dh_2048.c +@@ -34,9 +34,10 @@ static DH *get_dh2048() + DH *dh; + + if ((dh=DH_new()) == NULL) return(NULL); +- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ BIGNUM *p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ++ BIGNUM *g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ++ DH_set0_pqg(dh, p, NULL, g); ++ if (p == NULL || g == NULL) + { DH_free(dh); return(NULL); } + return(dh); + } diff --git a/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__4096.c b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__4096.c new file mode 100644 index 00000000000..8b10ee09f59 --- /dev/null +++ b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__4096.c @@ -0,0 +1,20 @@ +$NetBSD: patch-cherokee_cryptor__libssl__dh__4096.c,v 1.1 2020/04/15 22:38:19 joerg Exp $ + +Use OpenSSL 1.1 interface. + +--- cherokee/cryptor_libssl_dh_4096.c.orig 2020-04-13 20:07:50.092112602 +0000 ++++ cherokee/cryptor_libssl_dh_4096.c +@@ -55,9 +55,10 @@ static DH *get_dh4096() + DH *dh; + + if ((dh=DH_new()) == NULL) return(NULL); +- dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL); +- dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ BIGNUM *p = BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL); ++ BIGNUM *g = BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL); ++ DH_set0_pqg(dh, p, NULL, g); ++ if (p == NULL || g == NULL) + { DH_free(dh); return(NULL); } + return(dh); + } diff --git a/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__512.c b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__512.c new file mode 100644 index 00000000000..a99f43266a3 --- /dev/null +++ b/www/cherokee/patches/patch-cherokee_cryptor__libssl__dh__512.c @@ -0,0 +1,20 @@ +$NetBSD: patch-cherokee_cryptor__libssl__dh__512.c,v 1.1 2020/04/15 22:38:19 joerg Exp $ + +Use OpenSSL 1.1 interface. + +--- cherokee/cryptor_libssl_dh_512.c.orig 2020-04-13 20:12:04.828129889 +0000 ++++ cherokee/cryptor_libssl_dh_512.c +@@ -18,9 +18,10 @@ static DH *get_dh512() + DH *dh; + + if ((dh=DH_new()) == NULL) return(NULL); +- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); +- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ BIGNUM *p = BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); ++ BIGNUM *g = BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); ++ DH_set0_pqg(dh, p, NULL, g); ++ if (p == NULL || g == NULL) + { DH_free(dh); return(NULL); } + return(dh); + } |