Re-add imapproxy, with updated patches to build with OpenSSL 1.1.1

14 files changed, 412 insertions, 0 deletions

diff --git a/mail/imapproxy/DESCR b/mail/imapproxy/DESCR
new file mode 100644
index 00000000000..7b2b6760517
--- /dev/null
+++ b/mail/imapproxy/DESCR
@@ -0,0 +1,6 @@
+ImapProxy is a caching IMAP proxy daemon designed to be used with
+Horde/IMP.  The program forwards all traffic between the client and the
+server, but keeps the connection to the server alive after the client logs
+out.  When the same user attempts to log in again, the proxy will use the
+cached username/password pair to authenticate the client, and tie the new
+client to the old server connection (which was kept alive).
diff --git a/mail/imapproxy/MESSAGE b/mail/imapproxy/MESSAGE
new file mode 100644
index 00000000000..34e3bb3610a
--- /dev/null
+++ b/mail/imapproxy/MESSAGE
@@ -0,0 +1,7 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.3 2020/04/16 14:03:29 manu Exp $
+
+imapproxy configuration file must be located at ${PREFIX}/etc/imapproxy.conf
+A sample file is provided in ${PREFIX}/share/examples/imapproxy
+
+===========================================================================
diff --git a/mail/imapproxy/Makefile b/mail/imapproxy/Makefile
new file mode 100644
index 00000000000..58d66f5a0ad
--- /dev/null
+++ b/mail/imapproxy/Makefile
@@ -0,0 +1,51 @@
+# $NetBSD: Makefile,v 1.25 2020/04/16 14:03:29 manu Exp $
+#
+
+DISTNAME=	squirrelmail-imap_proxy-1.2.7
+PKGNAME=	imapproxy-1.2.7
+PKGREVISION=	6
+CATEGORIES=	mail
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=squirrelmail/}
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	http://www.imapproxy.org/
+COMMENT=	Simple connection caching IMAP proxy daemon
+
+GNU_CONFIGURE=	YES
+
+CONFIGURE_ARGS+=	--exec_prefix=${DESTDIR}${PREFIX}
+BUILD_DEFS+=		VARBASE
+CFLAGS+=		-DDEFAULT_CONFIG_FILE=\"${PREFIX}/etc/imapproxy.conf\"
+CFLAGS+=		-DDEFAULT_PID_FILE=\"${VARBASE}/run/imapproxy.pid\"
+RCD_SCRIPTS=		imapproxy
+
+IMAPPROXY_USER?=	imapproxy
+IMAPPROXY_GROUP?=	imapproxy
+IMAPPROXY_CHROOT?=	${VARBASE}/chroot/imapproxy
+IMAPPROXY_DOC?=		share/doc/imapproxy
+IMAPPROXY_EXAMPLES?=	share/examples/imapproxy
+
+PKG_GROUPS_VARS+=		IMAPPROXY_GROUP
+PKG_USERS_VARS+=		IMAPPROXY_USER
+PKG_GROUPS=			${IMAPPROXY_GROUP}
+PKG_USERS=			${IMAPPROXY_USER}:${IMAPPROXY_GROUP}
+PKG_GECOS.${IMAPPROXY_USER}=	IMAP Proxy pseudo-user
+PKG_HOME.${IMAPPROXY_USER}=	${IMAPPROXY_CHROOT}
+
+INSTALLATION_DIRS+=	sbin
+INSTALLATION_DIRS+=	${IMAPPROXY_DOC}
+INSTALLATION_DIRS+=	${IMAPPROXY_EXAMPLES}
+
+MAKE_DIRS=		${VARBASE}/chroot
+OWN_DIRS=		${VARBASE}/chroot/imapproxy
+
+post-install:
+.for doc in COPYING ChangeLog README README.known_issues README.ssl
+	${INSTALL_DATA} ${WRKSRC}/${doc} ${DESTDIR}${PREFIX}/${IMAPPROXY_DOC}
+.endfor
+	${INSTALL_DATA} ${WRKSRC}/scripts/imapproxy.conf \
+			${DESTDIR}${PREFIX}/${IMAPPROXY_EXAMPLES}
+
+.include "../../mk/curses.buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/mail/imapproxy/PLIST b/mail/imapproxy/PLIST
new file mode 100644
index 00000000000..12ceffe1504
--- /dev/null
+++ b/mail/imapproxy/PLIST
@@ -0,0 +1,9 @@
+@comment $NetBSD: PLIST,v 1.6 2020/04/16 14:03:29 manu Exp $
+sbin/in.imapproxyd
+sbin/pimpstat
+share/doc/imapproxy/COPYING
+share/doc/imapproxy/ChangeLog
+share/doc/imapproxy/README
+share/doc/imapproxy/README.known_issues
+share/doc/imapproxy/README.ssl
+share/examples/imapproxy/imapproxy.conf
diff --git a/mail/imapproxy/distinfo b/mail/imapproxy/distinfo
new file mode 100644
index 00000000000..4e23a15434d
--- /dev/null
+++ b/mail/imapproxy/distinfo
@@ -0,0 +1,14 @@
+$NetBSD: distinfo,v 1.13 2020/04/16 14:03:29 manu Exp $
+
+SHA1 (squirrelmail-imap_proxy-1.2.7.tar.gz) = b2e324383ae8a2cdb3b5bd0340a2e2174941bd65
+RMD160 (squirrelmail-imap_proxy-1.2.7.tar.gz) = 87f3b9ab367e9da2a3f532e6de867004abbe75cf
+SHA512 (squirrelmail-imap_proxy-1.2.7.tar.gz) = 355816e26eb9fa273b2b4e6cf0c2f55b85d0568291095913a4b05dd73a428a173c2a5b327c4ef296ca74ca500250b22fa2ae44d7d44613624641954fc9603507
+Size (squirrelmail-imap_proxy-1.2.7.tar.gz) = 136209 bytes
+SHA1 (patch-aa) = ee753ff90c68549067ef28d9ed8c10ffeb1982e4
+SHA1 (patch-ba) = 8f3d8adbac5a147cc143d7737d56a83401736a9d
+SHA1 (patch-bb) = 348768062f5f9e314223fb7d385f749646ed04be
+SHA1 (patch-bc) = c3daf40715af721a0c4ff1b1071a892c94b59ce5
+SHA1 (patch-include_imapproxy.h) = 9e2326ece220e48c3baa2949b13d21448405e741
+SHA1 (patch-src_config.c) = 84ac9bde7cf64add665adb0f4d658ef856a91ae0
+SHA1 (patch-src_imapcommon.c) = a8d95e87cd6f3857e69abe17dc71a683f196d98d
+SHA1 (patch-src_main.c) = e0795df7e7312cfb285cc65bbabdecd3553c7e65
diff --git a/mail/imapproxy/files/imapproxy.sh b/mail/imapproxy/files/imapproxy.sh
new file mode 100755
index 00000000000..d9f6257894e
--- /dev/null
+++ b/mail/imapproxy/files/imapproxy.sh
@@ -0,0 +1,18 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: imapproxy.sh,v 1.4 2020/04/16 14:03:29 manu Exp $
+#
+
+# PROVIDE: imapproxy
+# REQUIRE: DAEMON
+# BEFORE:  LOGIN
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="imapproxy"
+rcvar=$name
+command="@PREFIX@/sbin/in.imapproxyd"
+required_files="@PKG_SYSCONFDIR@/imapproxy.conf"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/mail/imapproxy/patches/patch-aa b/mail/imapproxy/patches/patch-aa
new file mode 100644
index 00000000000..175d5c5550e
--- /dev/null
+++ b/mail/imapproxy/patches/patch-aa
@@ -0,0 +1,26 @@
+$NetBSD: patch-aa,v 1.6 2020/04/16 14:03:29 manu Exp $
+
+--- Makefile.in.orig	2010-07-25 09:11:36.000000000 +0000
++++ Makefile.in
+@@ -70,7 +70,7 @@ $(XYD_BIN): $(XYD_OBJ)
+ 	$(CC) -o $@ $(XYD_OBJ) $(LDFLAGS) $(XYD_LIB)
+ 
+ $(TAT_BIN): $(TAT_OBJ)
+-	$(CC) -o $@ $(TAT_OBJ) $(TAT_LIB)
++	$(CC) -o $@ $(TAT_OBJ) $(LDFLAGS) $(TAT_LIB)
+ 
+ clean:
+ 	rm -f ./src/core  $(XYD_OBJ) $(TAT_OBJ) $(XYD_BIN) $(TAT_BIN)
+@@ -79,9 +79,9 @@ distclean: clean
+ 	rm -f config.cache config.log config.h Makefile
+ 
+ install: $(XYD_BIN) $(TAT_BIN)
+-	mkdir -p $(EBIN)
+-	$(INSTALL) -o bin -g bin -m 0755 $(XYD_BIN) $(EBIN)
+-	$(INSTALL) -o bin -g bin -m 0755 $(TAT_BIN) $(EBIN)
++	${BSD_INSTALL_PROGRAM_DIR} $(EBIN)
++	${BSD_INSTALL_PROGRAM} $(XYD_BIN) $(EBIN)
++	${BSD_INSTALL_PROGRAM} $(TAT_BIN) $(EBIN)
+ 
+ install-init:
+ 	$(INSTALL) -o root -g sys -m 0755 ./scripts/imapproxy.init $(ETC)/init.d/imapproxy
diff --git a/mail/imapproxy/patches/patch-ba b/mail/imapproxy/patches/patch-ba
new file mode 100644
index 00000000000..101d92ab94e
--- /dev/null
+++ b/mail/imapproxy/patches/patch-ba
@@ -0,0 +1,14 @@
+$NetBSD: patch-ba,v 1.3 2020/04/16 14:03:29 manu Exp $
+--- configure.in.orig	2010-03-21 22:20:57.000000000 +0100
++++ configure.in	2010-03-21 22:21:05.000000000 +0100
+@@ -120,9 +120,9 @@
+ dnl Check for curses
+ save_LIBS="$LIBS"
+ LIB_CURSES=""
+ AC_CHECK_LIB(curses, initscr, LIB_CURSES="-lcurses", [ curses_found=no ])
+-if test "$curses_found" == no; then
++if test "$curses_found" = no; then
+   AC_CHECK_LIB(ncurses, initscr, LIB_CURSES="-lncurses",
+  AC_ERROR([Can't compile without curses!!!]))
+ fi
+ 
diff --git a/mail/imapproxy/patches/patch-bb b/mail/imapproxy/patches/patch-bb
new file mode 100644
index 00000000000..6ce71e1d514
--- /dev/null
+++ b/mail/imapproxy/patches/patch-bb
@@ -0,0 +1,14 @@
+$NetBSD: patch-bb,v 1.3 2020/04/16 14:03:29 manu Exp $
+--- configure.orig	2010-03-21 22:20:49.000000000 +0100
++++ configure	2010-03-21 22:21:13.000000000 +0100
+@@ -3418,9 +3418,9 @@
+ else
+    curses_found=no
+ fi
+ 
+-if test "$curses_found" == no; then
++if test "$curses_found" = no; then
+   echo "$as_me:$LINENO: checking for initscr in -lncurses" >&5
+ echo $ECHO_N "checking for initscr in -lncurses... $ECHO_C" >&6
+ if test "${ac_cv_lib_ncurses_initscr+set}" = set; then
+   echo $ECHO_N "(cached) $ECHO_C" >&6
diff --git a/mail/imapproxy/patches/patch-bc b/mail/imapproxy/patches/patch-bc
new file mode 100644
index 00000000000..a5a5bc34022
--- /dev/null
+++ b/mail/imapproxy/patches/patch-bc
@@ -0,0 +1,20 @@
+$NetBSD: patch-bc,v 1.3 2020/04/16 14:03:29 manu Exp $
+--- include/imapproxy.h.orig	2010-03-22 07:40:36.000000000 +0100
++++ include/imapproxy.h	2010-03-22 08:46:47.000000000 +0100
+@@ -171,14 +171,14 @@
+  */
+ #define PGM                     "in.imapproxyd"
+ #define IMAP_UNTAGGED_OK        "* OK "           /* untagged OK response    */
+ #define IMAP_TAGGED_OK          "1 OK "           /* tagged OK response      */
+-#define BUFSIZE                 4096              /* default buffer size     */
++#define BUFSIZE                 8192              /* default buffer size     */
+ #define MAX_CONN_BACKLOG        5                 /* tcp connection backlog  */
+ #define MAXTAGLEN               256               /* max IMAP tag length     */
+ #define MAXMAILBOXNAME          512               /* max mailbox name length */
+ #define MAXUSERNAMELEN          64                /* max username length     */
+-#define MAXPASSWDLEN            64                /* max passwd length       */
++#define MAXPASSWDLEN            8192              /* max passwd length       */
+ #define POLL_TIMEOUT_MINUTES    30                /* Poll timeout in minutes */
+ #define POLL_TIMEOUT            (POLL_TIMEOUT_MINUTES * 60000)
+ #define SELECT_BUF_SIZE         BUFSIZE           /* max length of a SELECT  */
+ 						  /* string we can cache     */
diff --git a/mail/imapproxy/patches/patch-include_imapproxy.h b/mail/imapproxy/patches/patch-include_imapproxy.h
new file mode 100644
index 00000000000..dd74160a3c0
--- /dev/null
+++ b/mail/imapproxy/patches/patch-include_imapproxy.h
@@ -0,0 +1,17 @@
+$NetBSD: patch-include_imapproxy.h,v 1.3 2020/04/16 14:03:29 manu Exp $
+
+SASL PLAIN Support. Patch submitted upstream
+http://sourceforge.net/tracker/?func=detail&aid=3610674&group_id=311&atid=300311
+
+--- include/imapproxy.h.orig	2013-04-15 11:57:37.000000000 +0200
++++ include/imapproxy.h	2013-04-15 11:58:33.000000000 +0200
+@@ -311,8 +311,9 @@
+     unsigned char support_unselect;           /* unselect support flag */
+     unsigned char support_starttls;           /* starttls support flag */
+     unsigned char login_disabled;             /* login disabled flag */
+     char *chroot_directory;                   /* chroot(2) into this dir */
++    char *auth_sasl_mech;                     /* SASL mechanism */
+ };
+ 
+ 
+ /*
diff --git a/mail/imapproxy/patches/patch-src_config.c b/mail/imapproxy/patches/patch-src_config.c
new file mode 100644
index 00000000000..f6b64164143
--- /dev/null
+++ b/mail/imapproxy/patches/patch-src_config.c
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_config.c,v 1.3 2020/04/16 14:03:29 manu Exp $
+
+SASL PLAIN Support. Patch submitted upstream
+http://sourceforge.net/tracker/?func=detail&aid=3610674&group_id=311&atid=300311
+
+--- src/config.c.orig	2010-02-20 18:16:58.000000000 +0100
++++ src/config.c	2013-04-15 12:00:50.000000000 +0200
+@@ -452,8 +452,11 @@
+ 		  &PC_Struct.force_tls, index );
+ 
+     ADD_TO_TABLE( "enable_admin_commands", SetBooleanValue,
+ 		  &PC_Struct.enable_admin_commands, index );
++
++    ADD_TO_TABLE( "auth_sasl_mech", SetStringValue,
++		  &PC_Struct.auth_sasl_mech, index );
+     
+     ConfigTable[index].Keyword[0] = '\0';
+     
+     FP = fopen( ConfigFile, "r" );
diff --git a/mail/imapproxy/patches/patch-src_imapcommon.c b/mail/imapproxy/patches/patch-src_imapcommon.c
new file mode 100644
index 00000000000..767ccd2e810
--- /dev/null
+++ b/mail/imapproxy/patches/patch-src_imapcommon.c
@@ -0,0 +1,131 @@
+$NetBSD: patch-src_imapcommon.c,v 1.3 2020/04/16 14:03:29 manu Exp $
+
+Build fixes for OpenSSL 1.1.1
+
+SASL PLAIN Support. Patch submitted upstream
+http://sourceforge.net/tracker/?func=detail&aid=3610674&group_id=311&atid=300311
+
+--- src/imapcommon.c.orig	2010-07-26 09:08:47.000000000 +0200
++++ src/imapcommon.c	2020-04-16 15:49:08.132245848 +0200
+@@ -397,18 +397,19 @@
+     ITD_Struct Server;
+     int rc;
+     unsigned int Expiration;
+ 
+-    EVP_MD_CTX mdctx;
++    EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+     int md_len;
+ 
+     Expiration = PC_Struct.cache_expiration_time;
+     memset( &Server, 0, sizeof Server );
+     
+     /* need to md5 the passwd regardless, so do that now */
+-    EVP_DigestInit(&mdctx, EVP_md5());
+-    EVP_DigestUpdate(&mdctx, Password, strlen(Password));
+-    EVP_DigestFinal(&mdctx, md5pw, &md_len);
++    EVP_DigestInit(mdctx, EVP_md5());
++    EVP_DigestUpdate(mdctx, Password, strlen(Password));
++    EVP_DigestFinal(mdctx, md5pw, &md_len);
++    EVP_MD_CTX_free(mdctx);
+     
+     /* see if we have a reusable connection available */
+     ICC_Active = NULL;
+     HashIndex = Hash( Username, HASH_TABLE_SIZE );
+@@ -689,13 +690,96 @@
+     }
+ #endif /* HAVE_LIBSSL */
+ 
+ 
++     /*
++      * If configured to do so, use SASL PLAIN instead of IMAP LOGIN
++      */
++     if ( PC_Struct.auth_sasl_mech && 
++ 	      !strcmp( PC_Struct.auth_sasl_mech, "plain" ) )
++     {
++ 	/*
++ 	 * Build SASL AUTH PLAIN string:
++ 	 * username\0username\0password
++ 	 */
++ 	char *ptr_username;
++ 	unsigned int username_size;
++ 	char *ptr_password;
++ 	unsigned int password_size;
++ 	unsigned int total_size;
++	unsigned int AuthBufIndex;
++	char AuthBuf[BUFSIZE]; 
++	char EncodedAuthBuf[BUFSIZE]; 
++ 
++ 	/*
++ 	 * Strip quotes From username
++ 	 */
++ 	ptr_username = Username;
++ 	username_size = strlen( Username );
++ 	if ( *ptr_username == '"' && *(ptr_username + username_size - 1) == '"' )
++ 	{
++ 	    ++ptr_username;
++ 	    username_size = username_size - 2;
++ 	}
++ 
++ 	/*
++ 	 * Same with password
++ 	 */
++ 	ptr_password = Password;
++ 	password_size = strlen( Password );
++ 	if ( *ptr_password == '"' && *(ptr_password + password_size - 1) == '"' )
++ 	{
++ 	    ++ptr_password;
++ 	    password_size = password_size - 2;
++ 	}
++ 
++ 	/*
++ 	 * Make sure output buffer is big enough ( +3 for three \0 )
++ 	 */
++ 	total_size = username_size + username_size + password_size + 3;
++ 	if ( total_size > sizeof(AuthBuf) ) {
++ 	    syslog( LOG_INFO,
++ 		    "LOGIN: '%s' (%s:%s) failed: PLAIN AUTH needs %d/%d bytes",
++ 		    Username, ClientAddr, portstr, total_size, sizeof(AuthBuf));
++ 	    goto fail;
++ 	}
++ 
++ 	/*
++ 	 * Prepare the buffer
++ 	 */
++ 	AuthBufIndex = 0;
++ 
++ 	memcpy( AuthBuf + AuthBufIndex, ptr_username, username_size );
++ 	AuthBufIndex += username_size;
++ 	AuthBuf[AuthBufIndex++] = '\0';
++ 
++ 	memcpy( AuthBuf + AuthBufIndex, ptr_username, username_size );
++ 	AuthBufIndex += username_size;
++ 	AuthBuf[AuthBufIndex++] = '\0';
++ 
++ 	memcpy( AuthBuf + AuthBufIndex, ptr_password, password_size );
++ 	AuthBufIndex += password_size;
++ 	AuthBuf[AuthBufIndex++] = '\0';
++ 
++ 	EVP_EncodeBlock( EncodedAuthBuf, AuthBuf, AuthBufIndex );
++ 
++ 	snprintf( SendBuf, BufLen, "A0001 AUTHENTICATE PLAIN %s\r\n", EncodedAuthBuf );
++ 
++ 	/* syslog( LOG_INFO, "sending auth plain '%s'", EncodedAuthBuf ); */
++ 
++ 	if ( IMAP_Write( Server.conn, SendBuf, strlen(SendBuf) ) == -1 )
++ 	{
++ 	    syslog( LOG_INFO,
++ 		    "LOGIN: '%s' (%s:%s) failed: IMAP_Write() failed attempting to send AUTHENTICATE command to IMAP server: %s",
++ 		    Username, ClientAddr, portstr, strerror( errno ) );
++ 	    goto fail;
++ 	}
++     }
+     /*
+      * Send the login command off to the IMAP server.  Have to treat a literal
+      * password different.
+      */
+-    if ( LiteralPasswd )
++    else if ( LiteralPasswd )
+     {
+ 	snprintf( SendBuf, BufLen, "A0001 LOGIN %s {%d}\r\n", 
+ 		  Username, strlen( Password ) );
+ 	if ( IMAP_Write( Server.conn, SendBuf, strlen(SendBuf) ) == -1 )
diff --git a/mail/imapproxy/patches/patch-src_main.c b/mail/imapproxy/patches/patch-src_main.c
new file mode 100644
index 00000000000..46bd51e4e24
--- /dev/null
+++ b/mail/imapproxy/patches/patch-src_main.c
@@ -0,0 +1,66 @@
+$NetBSD: patch-src_main.c,v 1.3 2020/04/16 14:03:29 manu Exp $
+
+From upstream:
+Negotiate highest TLS protocol possible, with TLSv1.0 being the minium.
+
+Local patch:
+Fixes to build with OpenSSL 1.1.1
+
+--- src/main.c.orig	2010-07-26 09:21:19.000000000 +0200
++++ src/main.c	2020-04-16 15:44:18.020665162 +0200
+@@ -470,26 +470,36 @@
+ 
+ 	    /* Set up OpenSSL thread protection */
+ 	    ssl_thread_setup(fn);
+ 	    
++
+             /* Need to seed PRNG, too! */
++# ifndef OPENSSL_NO_EGD
+             if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) ) 
++#endif
+ 	    {
+                 /* Not an EGD, so read and write it. */
+                 if ( RAND_load_file( f_randfile, -1 ) )
+                     RAND_write_file( f_randfile );
+             }
+ 	
+ 	    SSL_load_error_strings();
+-	    tls_ctx = SSL_CTX_new( TLSv1_client_method() );
++
++	    /* 
++	     * Despite its name, SSLv23_client_method() negociates highest
++	     * version possible, which includes TLSv1.0, TLSv1.1, and TLSv1.2. 
++	     * SSLv2 and SSLv3 are disabled using SSL_OP_NO_SSLv2 and 
++	     * SSL_OP_NO_SSLv3 below.
++	     */ 
++	    tls_ctx = SSL_CTX_new( SSLv23_client_method() );
+ 	    if ( tls_ctx == NULL )
+-	    {
++	    { 
+ 		syslog(LOG_ERR, "%s: Failed to create new SSL_CTX.  Exiting.", fn);
+ 		exit( 1 );
+ 	    }
+-
+-	    /* Work around all known bugs */
+-	    SSL_CTX_set_options( tls_ctx, SSL_OP_ALL );
++	 
++	    /* Work around all known bugs, disable SSLv2 and SSLv3 */
++	    SSL_CTX_set_options( tls_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
+ 
+ 	    if ( ! SSL_CTX_load_verify_locations( tls_ctx,
+ 						  PC_Struct.tls_ca_file,
+ 						  PC_Struct.tls_ca_path ) ||
+@@ -1380,11 +1390,11 @@
+ 	    ok = 0;
+ 	    verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ 	}
+     }
+-    switch (ctx->error) {
++    switch (X509_STORE_CTX_get_error(ctx)) {
+     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
++	X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, sizeof(buf));
+ 	syslog(LOG_NOTICE, "issuer= %s", buf);
+ 	break;
+     case X509_V_ERR_CERT_NOT_YET_VALID:
+     case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: