--- /dev/null
+From c3f68d987c00284d91ad6599a013b7111662545b Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Fri, 2 Sep 2016 21:33:33 +0000
+Subject: [PATCH] uw-imap: compile against openssl 1.1.0
+
+I *think* I replaced access to cert->name with certificate's subject name. I
+assume that the re-aranged C-code is doing the same thing. A double check
+wouldn't hurt :)
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ src/osdep/unix/ssl_unix.c | 28 +++++++++++++++++-----------
+ 1 file changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/src/osdep/unix/ssl_unix.c b/src/osdep/unix/ssl_unix.c
+index 3bfdff3..836e9fa 100644
+--- a/src/osdep/unix/ssl_unix.c
++++ b/src/osdep/unix/ssl_unix.c
+@@ -59,7 +59,7 @@ typedef struct ssl_stream {
+ static SSLSTREAM *ssl_start(TCPSTREAM *tstream,char *host,unsigned long flags);
+ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags);
+ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx);
+-static char *ssl_validate_cert (X509 *cert,char *host);
++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj);
+ static long ssl_compare_hostnames (unsigned char *s,unsigned char *pat);
+ static char *ssl_getline_work (SSLSTREAM *stream,unsigned long *size,
+ long *contd);
+@@ -210,6 +210,7 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+ BIO *bio;
+ X509 *cert;
+ unsigned long sl,tl;
++ char cert_subj[250];
+ char *s,*t,*err,tmp[MAILTMPLEN];
+ sslcertificatequery_t scq =
+ (sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
+@@ -266,14 +267,19 @@ static char *ssl_start_work (SSLSTREAM *stream,char *host,unsigned long flags)
+ if (SSL_write (stream->con,"",0) < 0)
+ return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ /* need to validate host names? */
+- if (!(flags & NET_NOVALIDATECERT) &&
+- (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+- host))) {
+- /* application callback */
+- if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
++ if (!(flags & NET_NOVALIDATECERT)) {
++
++ cert_subj[0] = '\0';
++ cert = SSL_get_peer_certificate(stream->con);
++ if (cert)
++ X509_NAME_oneline(X509_get_subject_name(cert), cert_subj, sizeof(cert_subj));
++ err = ssl_validate_cert (cert, host, cert_subj);
++ if (err)
++ /* application callback */
++ if (scq) return (*scq) (err,host,cert ? cert_subj : "???") ? NIL : "";
+ /* error message to return via mm_log() */
+- sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
+- return ssl_last_error = cpystr (tmp);
++ sprintf (tmp,"*%.128s: %.255s",err,cert ? cert_subj : "???");
++ return ssl_last_error = cpystr (tmp);
+ }
+ return NIL;
+ }
+@@ -313,7 +319,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
+ * Returns: NIL if validated, else string of error message
+ */
+
+-static char *ssl_validate_cert (X509 *cert,char *host)
++static char *ssl_validate_cert (X509 *cert,char *host, char *cert_subj)
+ {
+ int i,n;
+ char *s,*t,*ret;
+@@ -322,9 +328,9 @@ static char *ssl_validate_cert (X509 *cert,char *host)
+ /* make sure have a certificate */
+ if (!cert) ret = "No certificate from server";
+ /* and that it has a name */
+- else if (!cert->name) ret = "No name in certificate";
++ else if (cert_subj[0] == '\0') ret = "No name in certificate";
+ /* locate CN */
+- else if (s = strstr (cert->name,"/CN=")) {
++ else if (s = strstr (cert_subj,"/CN=")) {
+ if (t = strchr (s += 4,'/')) *t = '\0';
+ /* host name matches pattern? */
+ ret = ssl_compare_hostnames (host,s) ? NIL :
+--
+2.9.3
+
projects / feed / packages.git / commitdiff