+++ /dev/null
-diff -Naur a/tls.c b/tls.c
---- a/tls.c 2006-11-25 19:52:08.000000000 +0100
-+++ b/tls.c 2015-11-10 16:16:25.000000000 +0100
-@@ -73,10 +73,12 @@
- printf("egd_sock is %s\n", egd_sock);
- #ifdef HAVE_RAND_STATUS
- if (RAND_status() != 1) {
-+#ifndef OPENSSL_NO_EGD
- if ( RAND_egd(egd_sock) == -1 ) {
- fprintf(stderr, "egd_sock is %s\n", egd_sock);
- sys_err("RAND_egd failed\n");
- }
-+#endif
- if (RAND_status() != 1)
- sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
- }
--- /dev/null
+diff -wru tlswrap-1.04.orig/tls.c tlswrap-1.04/tls.c
+--- tlswrap-1.04.orig/tls.c 2006-11-25 19:52:08.000000000 +0100
++++ tlswrap-1.04/tls.c 2017-12-05 04:43:56.757223948 +0100
+@@ -73,10 +73,12 @@
+ printf("egd_sock is %s\n", egd_sock);
+ #ifdef HAVE_RAND_STATUS
+ if (RAND_status() != 1) {
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || OPENSSL_NO_EGD
+ if ( RAND_egd(egd_sock) == -1 ) {
+ fprintf(stderr, "egd_sock is %s\n", egd_sock);
+ sys_err("RAND_egd failed\n");
+ }
++#endif
+ if (RAND_status() != 1)
+ sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n");
+ }
+@@ -262,7 +264,8 @@
+ int ok, extcount, i, j;
+ char *extstr;
+ SSL *ssl;
+-#if (OPENSSL_VERSION_NUMBER > 0x00908000L)
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
++#elif (OPENSSL_VERSION_NUMBER > 0x00908000L)
+ unsigned char const *data1;
+ #else
+ unsigned char *data1;
+@@ -279,6 +282,16 @@
+ if (debug)
+ printf("tls_cert2\n");
+
++#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
++ if (ud->sec_level > 3) {
++ X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++ X509_VERIFY_PARAM_set1_host(param, ud->serv_dns.hostname, 0);
++ X509_VERIFY_PARAM_set1_ip_asc(param, ud->serv_data_host);
++ SSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
++ }
++#endif
++
+ if ((x509_peer = SSL_get_peer_certificate(ssl)) == NULL)
+ return X509_V_ERR_APPLICATION_VERIFICATION; /* SSL_get_peer* can only be NULL on 'anonymous DH connections' so shouldn't happen. */
+
+@@ -287,6 +300,8 @@
+ return SSL_get_verify_result(ssl);
+ }
+
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ if ((extcount = X509_get_ext_count(x509_peer)) > 0) {
+ if (debug) printf("extcount = %d\n", extcount);
+ for (i = 0; i < extcount; i++) {
+@@ -333,6 +348,7 @@
+ return X509_V_ERR_APPLICATION_VERIFICATION;
+ }
+ }
++#endif
+ X509_free(x509_peer);
+ return SSL_get_verify_result(ssl);
+ }
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
-
+EAPI=7
inherit autotools
DESCRIPTION="FTP wrapper which supports TLS with every FTP client"
KEYWORDS="~amd64 ~x86"
IUSE="libressl"
-DEPEND="!libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )"
-RDEPEND="${DEPEND}"
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+"
+DEPEND="${RDEPEND}"
PATCHES=(
- "${FILESDIR}/${P}-libressl.patch"
"${FILESDIR}/respect-cflags.patch"
"${FILESDIR}/modernize-am_init_automake.patch"
"${FILESDIR}/fix-Wformat-security-warnings.patch"
+ "${FILESDIR}/${P}-openssl11.patch"
)
src_prepare() {
src_install() {
emake prefix="${D}/usr" install
- dodoc ChangeLog README
+ einstalldocs
newinitd "${FILESDIR}/tlswrap.init" tlswrap
}
projects / gentoo.git / commitdiff