Pull in TLS fixes from https://github.com/bumptech/stud/pull/138

Bump PKGREVISION.
author: jperkin <jperkin> 2015-03-04 12:04:30 +0000
committer: jperkin <jperkin> 2015-03-04 12:04:30 +0000
commit: a053de226799f045186381924daf8f22cdb29f96 (patch)
tree: e8afe688c5891f1662391aa8b87c0d4b2edb3ecf /security/stud
parent: 32eb9ba255c5ceca131c032742ecb3c44bfa90b0 (diff)
download: pkgsrc-a053de226799f045186381924daf8f22cdb29f96.tar.gz
3 files changed, 33 insertions, 12 deletions
diff --git a/security/stud/Makefile b/security/stud/Makefile
index 92ceac3fad6..c1e9f7fb54f 100644
--- a/security/stud/Makefile
+++ b/security/stud/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2015/02/23 22:27:37 fhajny Exp $
+# $NetBSD: Makefile,v 1.6 2015/03/04 12:04:30 jperkin Exp $
 #
 
 PKGNAME=	stud-0.3p53
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	security
 MAINTAINER=	jym@NetBSD.org
 HOMEPAGE=	http://github.com/bumptech/stud
diff --git a/security/stud/distinfo b/security/stud/distinfo
index d7014829680..23d9c5b485f 100644
--- a/security/stud/distinfo
+++ b/security/stud/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2015/02/23 22:27:37 fhajny Exp $
+$NetBSD: distinfo,v 1.4 2015/03/04 12:04:30 jperkin Exp $
 
 SHA1 (bumptech-stud-0.3-51-g0b88039.tar.gz) = fad22d9cf008b7db8f30d8d7ca0a6fcc177714de
 RMD160 (bumptech-stud-0.3-51-g0b88039.tar.gz) = 66a186e1095fd127945802ab681f5948ee1d4011
@@ -6,4 +6,4 @@ Size (bumptech-stud-0.3-51-g0b88039.tar.gz) = 41000 bytes
 SHA1 (patch-Makefile) = c0794c6ebb3bdc3d55b473acec674a9f98b03ffb
 SHA1 (patch-configuration.c) = 886226a104f84bac6902bb8a8593d37a25653563
 SHA1 (patch-stud.8) = a6b36ab6ac8c65cbc70172a9c230b22965cbdc3d
-SHA1 (patch-stud.c) = a33ccb6adc85ea545db3372201b8f50733d79222
+SHA1 (patch-stud.c) = d9a6ce93c43ef949011f0e6784b6f017f3e3b6fc
diff --git a/security/stud/patches/patch-stud.c b/security/stud/patches/patch-stud.c
index d1e417e7b95..a7844e1cfd1 100644
--- a/security/stud/patches/patch-stud.c
+++ b/security/stud/patches/patch-stud.c
@@ -1,8 +1,8 @@
-$NetBSD: patch-stud.c,v 1.3 2015/02/23 22:27:37 fhajny Exp $
+$NetBSD: patch-stud.c,v 1.4 2015/03/04 12:04:30 jperkin Exp $
 
-SunOS fixes as per https://github.com/bumptech/stud/pull/71.
-SSL fixes as per https://github.com/bumptech/stud/pull/130.
-Fix for POSIX accept() that can also return ECONNABORTED.
+SunOS fixes as per https://github.com/bumptech/stud/pull/71
+SSL fixes as per https://github.com/bumptech/stud/pull/130
+TLS fixes as per https://github.com/bumptech/stud/pull/138
 
 --- stud.c.orig	2012-08-10 23:40:19.000000000 +0000
 +++ stud.c
@@ -38,7 +38,28 @@ Fix for POSIX accept() that can also return ECONNABORTED.
      if(setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) {
          ERR("Error setting TCP_KEEPIDLE on client socket: %s", strerror(errno));
      }
-@@ -889,6 +897,13 @@ static void shutdown_proxy(proxystate *p
+@@ -598,16 +606,14 @@ SSL_CTX *make_ctx(const char *pemfile) {
+ #endif
+ 
+     if (CONFIG->ETYPE == ENC_TLS) {
+-        ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
+-                TLSv1_client_method() : TLSv1_server_method());
+-    } else if (CONFIG->ETYPE == ENC_SSL) {
+-        ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
+-                SSLv23_client_method() : SSLv23_server_method());
+-    } else {
++        ssloptions |= SSL_OP_NO_SSLv3;
++    } else if (CONFIG->ETYPE != ENC_SSL) {
+         assert(CONFIG->ETYPE == ENC_TLS || CONFIG->ETYPE == ENC_SSL);
+         return NULL; // Won't happen, but gcc was complaining
+     }
+ 
++    ctx = SSL_CTX_new((CONFIG->PMODE == SSL_CLIENT) ?
++            SSLv23_client_method() : SSLv23_server_method());
+     SSL_CTX_set_options(ctx, ssloptions);
+     SSL_CTX_set_info_callback(ctx, info_callback);
+ 
+@@ -889,6 +895,13 @@ static void shutdown_proxy(proxystate *p
          close(ps->fd_up);
          close(ps->fd_down);
  
@@ -52,7 +73,7 @@ Fix for POSIX accept() that can also return ECONNABORTED.
          SSL_set_shutdown(ps->ssl, SSL_SENT_SHUTDOWN);
          SSL_free(ps->ssl);
  
-@@ -1197,7 +1212,15 @@ static void client_handshake(struct ev_l
+@@ -1197,7 +1210,15 @@ static void client_handshake(struct ev_l
              shutdown_proxy(ps, SHUTDOWN_SSL);
          }
          else {
@@ -69,7 +90,7 @@ Fix for POSIX accept() that can also return ECONNABORTED.
              shutdown_proxy(ps, SHUTDOWN_SSL);
          }
      }
-@@ -1312,7 +1335,7 @@ static void handle_accept(struct ev_loop
+@@ -1312,7 +1333,7 @@ static void handle_accept(struct ev_loop
              break;
  
          default:
@@ -78,7 +99,7 @@ Fix for POSIX accept() that can also return ECONNABORTED.
              break;
          }
          return;
-@@ -1751,24 +1774,16 @@ void daemonize () {
+@@ -1751,24 +1772,16 @@ void daemonize () {
          exit(0);
      }
author	jperkin <jperkin>	2015-03-04 12:04:30 +0000
committer	jperkin <jperkin>	2015-03-04 12:04:30 +0000
commit	a053de226799f045186381924daf8f22cdb29f96 (patch)
tree	e8afe688c5891f1662391aa8b87c0d4b2edb3ecf /security/stud
parent	32eb9ba255c5ceca131c032742ecb3c44bfa90b0 (diff)
download	pkgsrc-a053de226799f045186381924daf8f22cdb29f96.tar.gz