Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
isv:cpanel:dev:EA4
scl-php70-libc-client
1006_openssl11_autoverify.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 1006_openssl11_autoverify.patch of Package scl-php70-libc-client
From 8e07593d0a77b23ab988ca9c7aeb054ff8451f21 Mon Sep 17 00:00:00 2001 From: Julian Brown <julian.brown@cpanel.net> Date: Fri, 29 May 2020 15:13:01 -0500 Subject: [PATCH] 1006_openssl11_autoverify --- src/osdep/unix/ssl_unix.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c index 3bfdff3..c699640 100644 --- a/src/osdep/unix/ssl_unix.c +++ b/src/osdep/unix/ssl_unix.c @@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); - else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); - /* set default paths to CAs... */ + else { +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_VERIFY_PARAM_set1_host(param, host, 0); +#endif + + SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ + } SSL_CTX_set_default_verify_paths (stream->context); /* ...unless a non-standard path desired */ if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) @@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) if (SSL_write (stream->con,"",0) < 0) return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; /* need to validate host names? */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 if (!(flags & NET_NOVALIDATECERT) && (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), host))) { @@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags) sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); return ssl_last_error = cpystr (tmp); } +#endif return NIL; } @@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx) * Returns: NIL if validated, else string of error message */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 static char *ssl_validate_cert (X509 *cert,char *host) { int i,n; @@ -342,7 +353,8 @@ static char *ssl_validate_cert (X509 *cert,char *host) else ret = "Unable to locate common name in certificate"; return ret; } - +#endif + /* Case-independent wildcard pattern match * Accepts: base string * pattern string -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor