Etusivu Tutki Apua
Kirjaudu sisään
PUBLIC_REPOS
/
buildroot
peilaus alkaen git://git.buildroot.net/buildroot
2
1
Fork 0
Tiedostot
Puu: 611835ce2f
Haarat Tagit
buildroot
/
package
/
qpid-proton
/
0004-src-ssl-openssl-add-libressl-compatibility.patch

0004-src-ssl-openssl-add-libressl-compatibility.patch 2.0 KB
Historia Raaka

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. From 87c44b4ebc64c15f6324ed40852224b61fbe77a7 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Matt Weber <matthew.weber@rockwellcollins.com>
    3. 

  3. Date: Tue, 5 Feb 2019 06:10:16 -0600
    4. 

  4. Subject: [PATCH] src/ssl/openssl: add libressl compatibility
    5. 

  5. 

  6. Similar to https://github.com/FreeRDP/FreeRDP/issues/5049
    7. 

  7. libressl has `#define OPENSSL_VERSION_NUMBER ` defined the same as
    8. 

  8. openssl 1.1.x which results in SSL_CTX_set_security_level() getting used.
    9. 

  9. 

  10. This patch prevents SSL_CTX_set_security_level() from being used with
    11. 

  11. libressl.
    12. 

  12. 

  13. Upstream: https://github.com/apache/qpid-proton/pull/175
    14. 

  14. 

  15. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
    16. 

  16. ---
    17. 

  17.  c/src/ssl/openssl.c | 6 +++---
    18. 

  18.  1 file changed, 3 insertions(+), 3 deletions(-)
    19. 

  19. 

  20. diff --git a/proton-c/src/ssl/openssl.c b/proton-c/src/ssl/openssl.c
    21. 

  21. index c2b5869..541d0ae 100644
    22. 

  22. --- a/proton-c/src/ssl/openssl.c
    23. 

  23. +++ b/proton-c/src/ssl/openssl.c
    24. 

  24. @@ -522,7 +522,7 @@ pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode )
    25. 

  25.    // Mitigate the CRIME vulnerability
    26. 

  26.    SSL_CTX_set_options(domain->ctx, SSL_OP_NO_COMPRESSION);
    27. 

  27.  #endif
    28. 

  28. -#if OPENSSL_VERSION_NUMBER >= 0x10100000
    29. 

  29. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
    30. 

  30.      domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
    31. 

  31.  #endif
    32. 

  32.  
    33. 

  33. @@ -709,7 +709,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
    34. 

  34.     case PN_SSL_VERIFY_PEER:
    35. 

  35.     case PN_SSL_VERIFY_PEER_NAME:
    36. 

  36.  
    37. 

  37. -#if OPENSSL_VERSION_NUMBER >= 0x10100000
    38. 

  38. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
    39. 

  39.      SSL_CTX_set_security_level(domain->ctx, domain->default_seclevel);
    40. 

  40.  #endif
    41. 

  41.  
    42. 

  42. @@ -749,7 +749,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
    43. 

  43.      break;
    44. 

  44.  
    45. 

  45.    case PN_SSL_ANONYMOUS_PEER:   // hippie free love mode... :)
    46. 

  46. -#if OPENSSL_VERSION_NUMBER >= 0x10100000
    47. 

  47. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
    48. 

  48.      // Must use lowest OpenSSL security level to enable anonymous ciphers.
    49. 

  49.      SSL_CTX_set_security_level(domain->ctx, 0);
    50. 

  50.  #endif
    51. 

  51. -- 
    52. 

  52. 1.9.1
    53. 

  53.