Commit 8f68b8f9 authored by Natanael Copa's avatar Natanael Copa

main/imap: rebuild against openssl 1.1

parent 78bf4733
Description: Support OpenSSL 1.1
When building with OpenSSL 1.1 and newer, use the new built-in
hostname verification instead of code that doesn't compile due to
structs having been made opaque.
Bug-Debian: https://bugs.debian.org/828589
--- a/src/osdep/unix/ssl_unix.c
+++ b/src/osdep/unix/ssl_unix.c
@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
/* disable certificate validation? */
if (flags & NET_NOVALIDATECERT)
SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ else {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
+ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+ X509_VERIFY_PARAM_set1_host(param, host, 0);
+#endif
+
+ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
/* set default paths to CAs... */
+ }
SSL_CTX_set_default_verify_paths (stream->context);
/* ...unless a non-standard path desired */
if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
if (SSL_write (stream->con,"",0) < 0)
return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
/* need to validate host names? */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (!(flags & NET_NOVALIDATECERT) &&
(err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
host))) {
@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
return ssl_last_error = cpystr (tmp);
}
+#endif
return NIL;
}
@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
* Returns: NIL if validated, else string of error message
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
static char *ssl_validate_cert (X509 *cert,char *host)
{
int i,n;
@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
else ret = "Unable to locate common name in certificate";
return ret;
}
+#endif
/* Case-independent wildcard pattern match
* Accepts: base string
......@@ -5,17 +5,18 @@
# build it shared
pkgname=imap
pkgver=2007f
pkgrel=8
pkgrel=9
pkgdesc="An IMAP/POP server"
url="http://www.washington.edu/imap"
arch="all"
license="Apache-2.0"
subpackages="$pkgname-dev c-client:cclient"
depends=""
makedepends="libressl-dev"
makedepends="openssl-dev"
source="http://ftp.ntua.gr/pub/net/mail/imap/imap-$pkgver.tar.gz
fix-linking.patch
c-client-2006k_KOLAB_Annotations.patch
1006_openssl1.1_autoverify.patch
"
builddir="$srcdir"/$pkgname-$pkgver
......@@ -63,4 +64,5 @@ cclient() {
sha512sums="7c3e1d9927872001e768ff2ddbcf3af74078243efe58dd70e01d966856b7611134e4b579818691a954bade9acaeeda6f2f30f40d812b8aa20990de5cb90d5d35 imap-2007f.tar.gz
f8a4b5b8759b690273ec8c86db55c3c3ebf7b358321aa829341bc65e98db0f10696b1eeae922eecada668f011b0b3231ed73c3a959b47b4cba00568bf7d231c1 fix-linking.patch
871093236b3ae300968e1e200a2389566af72ed1f62ad57c1dc617dd59e8378f29175fe07e5cfc575e022f3c27769b06850cbf21567f7cc359ca204c4d87a3af c-client-2006k_KOLAB_Annotations.patch"
871093236b3ae300968e1e200a2389566af72ed1f62ad57c1dc617dd59e8378f29175fe07e5cfc575e022f3c27769b06850cbf21567f7cc359ca204c4d87a3af c-client-2006k_KOLAB_Annotations.patch
7ecbe52adc6e3d1deee05790745642f794150ffaebf51c0cf689dc036eea9c7d80e643648aac37bf0aa83ac138b8bb63abfad3b540bc9440de3456162dfabae5 1006_openssl1.1_autoverify.patch"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment