File kdelibs-trinity-tls_client_method-tlsext_hostname.patch of Package kdelibs3
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kopenssl.cc kdelibs-3.5.10/kio/kssl/kopenssl.cc
--- kdelibs-3.5.10_orig/kio/kssl/kopenssl.cc 2018-05-16 04:37:21.338975706 +0000
+++ kdelibs-3.5.10/kio/kssl/kopenssl.cc 2018-05-16 04:50:44.108104318 +0000
@@ -58,6 +58,9 @@
static const char* (*K_RAND_file_name) (char *, size_t) = 0L;
static int (*K_RAND_load_file) (const char *, long) = 0L;
static int (*K_RAND_write_file) (const char *) = 0L;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+static SSL_METHOD * (*K_TLS_client_method) () = 0L;
+#endif
static SSL_METHOD * (*K_TLSv1_client_method) () = 0L;
static SSL_METHOD * (*K_SSLv2_client_method) () = 0L;
static SSL_METHOD * (*K_SSLv3_client_method) () = 0L;
@@ -560,6 +563,9 @@
_sslLib->symbol("SSL_get_current_cipher");
K_SSL_ctrl = (long (*)(SSL * ,int, long, void *))
_sslLib->symbol("SSL_ctrl");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ K_TLS_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("TLS_client_method");
+#endif
K_TLSv1_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("TLSv1_client_method");
K_SSLv2_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("SSLv2_client_method");
K_SSLv3_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("SSLv3_client_method");
@@ -778,7 +784,13 @@
SSL_METHOD *KOpenSSLProxy::SSLv23_client_method() {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ // Because openssl/ssl.h maps SSLv23_client_method to TLS_client_method,
+ // this method is used as KOpenSSLProxy::TLS_client_method.
+ if (K_TLS_client_method) return (K_TLS_client_method)();
+#else
if (K_SSLv23_client_method) return (K_SSLv23_client_method)();
+#endif
return 0L;
}
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kssl.cc kdelibs-3.5.10/kio/kssl/kssl.cc
--- kdelibs-3.5.10_orig/kio/kssl/kssl.cc 2018-05-16 04:37:21.342975651 +0000
+++ kdelibs-3.5.10/kio/kssl/kssl.cc 2018-05-16 04:45:51.644064971 +0000
@@ -135,7 +135,13 @@
return false;
seedWithEGD();
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ d->m_meth = d->kossl->TLS_client_method();
+#else
+ // Since openssl < 1.1 does not support TLS_client_method()...
d->m_meth = d->kossl->TLSv1_client_method();
+#endif
d->lastInitTLS = true;
m_pi.reset();
@@ -174,13 +180,19 @@
m_pi.reset();
- if (!m_cfg->tlsv1() && !m_cfg->sslv3() && m_cfg->sslv2())
- d->m_meth = d->kossl->SSLv2_client_method();
- else if (m_cfg->tlsv1() && !m_cfg->sslv3() && !m_cfg->sslv2())
+ if (m_cfg->tlsv1() || (m_cfg->sslv3() && m_cfg->sslv2())) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ d->m_meth = d->kossl->TLS_client_method();
+#else
d->m_meth = d->kossl->TLSv1_client_method();
- else if (!m_cfg->tlsv1() && m_cfg->sslv3() && !m_cfg->sslv2())
+#endif
+ }
+ else if (m_cfg->sslv3()) {
d->m_meth = d->kossl->SSLv3_client_method();
- else d->m_meth = d->kossl->SSLv23_client_method();
+ }
+ else if (m_cfg->sslv2()) {
+ d->m_meth = d->kossl->SSLv2_client_method();
+ }
/*
if (m_cfg->sslv2() && m_cfg->sslv3()) kdDebug(7029) << "Double method" << endl;
@@ -337,6 +349,9 @@
d->m_ssl = 0;
return rc;
}
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ d->kossl->SSL_set_tlsext_host_name(d->m_ssl, d->proxyPeer.ascii());
+#endif
rc = d->kossl->SSL_accept(d->m_ssl);
if (rc == 1) {
@@ -441,6 +456,9 @@
d->m_ssl = 0;
return rc;
}
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ d->kossl->SSL_set_tlsext_host_name(d->m_ssl, d->proxyPeer.ascii());
+#endif
connect_again:
rc = d->kossl->SSL_connect(d->m_ssl);
