Overview

File imap-openssl-TLSv1.2.patch of Package imap

--- a/src/osdep/unix/ssl_unix.c 2011-07-22 19:20:10.000000000 -0500
+++ b/src/osdep/unix/ssl_unix.c 024-07-03 15:41:43.000000000 -0500
@@ -220,15 +220,27 @@
   if (ssl_last_error) fs_give ((void **) &ssl_last_error);
   ssl_last_host = host;
   if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ?
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+				       TLS_client_method () :
+#else
 				       TLSv1_client_method () :
+#endif
 				       SSLv23_client_method ())))
     return "SSL context failed";
   SSL_CTX_set_options (stream->context,0);
 				/* disable certificate validation? */
   if (flags & NET_NOVALIDATECERT)
     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+  else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000      
+      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+      X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
 				/* set default paths to CAs... */
+  }
   SSL_CTX_set_default_verify_paths (stream->context);
 				/* ...unless a non-standard path desired */
   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +278,7 @@
   if (SSL_write (stream->con,"",0) < 0)
     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
 				/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
   if (!(flags & NET_NOVALIDATECERT) &&
       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
 				host))) {
@@ -275,6 +288,7 @@
     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
     return ssl_last_error = cpystr (tmp);
   }
+#endif
   return NIL;
 }
 
@@ -313,6 +327,7 @@
  * Returns: NIL if validated, else string of error message
  */
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 static char *ssl_validate_cert (X509 *cert,char *host)
 {
   int i,n;
@@ -342,6 +357,7 @@
   else ret = "Unable to locate common name in certificate";
   return ret;
 }
+#endif
 
 /* Case-independent wildcard pattern match
  * Accepts: base string
@@ -703,7 +719,11 @@
   }
 				/* create context */
   if (!(stream->context = SSL_CTX_new (start_tls ?
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+				       TLS_server_method () :
+#else
 				       TLSv1_server_method () :
+#endif
 				       SSLv23_server_method ())))
     syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s",
 	    tcp_clienthost ());
openSUSE Build Service is sponsored by
Places