diff options
| author | Cem Keylan <cem@ckyln.com> | 2022-03-23 13:51:18 +0100 |
|---|---|---|
| committer | Cem Keylan <cem@ckyln.com> | 2022-03-23 13:51:18 +0100 |
| commit | 4de6483d4d86f078277e88c910cf47d7d2835d3e (patch) | |
| tree | cd246336dd82c61720d4e069441593974c0653e0 /extra/glib-networking/patches/libressl.patch | |
| parent | a5704e2ee8d740ad3de7279c224b02162aab8b4c (diff) | |
| download | repository-4de6483d4d86f078277e88c910cf47d7d2835d3e.tar.gz | |
glib-networking: bump to 2.72.0
Diffstat (limited to 'extra/glib-networking/patches/libressl.patch')
| -rw-r--r-- | extra/glib-networking/patches/libressl.patch | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/extra/glib-networking/patches/libressl.patch b/extra/glib-networking/patches/libressl.patch new file mode 100644 index 00000000..6f92662b --- /dev/null +++ b/extra/glib-networking/patches/libressl.patch @@ -0,0 +1,121 @@ +diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c +index bcbdf49..dc896c0 100644 +--- a/tls/base/gtlsconnection-base.c ++++ b/tls/base/gtlsconnection-base.c +@@ -1678,7 +1678,7 @@ finish_handshake (GTlsConnectionBase *tls, + if (priv->peer_certificate && !priv->peer_certificate_accepted) + { + g_set_error_literal (&my_error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, +- _("Unacceptable TLS certificate")); ++ _("Nonnacceptable TLS certificate")); + success = FALSE; + } + } +diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c +index 2e3148c..cef9dd6 100644 +--- a/tls/openssl/gtlscertificate-openssl.c ++++ b/tls/openssl/gtlscertificate-openssl.c +@@ -55,8 +55,10 @@ enum + PROP_PRIVATE_KEY, + PROP_PRIVATE_KEY_PEM, + PROP_ISSUER, ++ #ifndef LIBRESSL_VERSION_NUMBER + PROP_NOT_VALID_BEFORE, + PROP_NOT_VALID_AFTER, ++ #endif + PROP_SUBJECT_NAME, + PROP_ISSUER_NAME, + PROP_DNS_NAMES, +@@ -219,10 +221,12 @@ g_tls_certificate_openssl_get_property (GObject *object, + char *certificate_pem; + long size; + ++ #ifndef LIBRESSL_VERSION_NUMBER + const ASN1_TIME *time_asn1; + struct tm time_tm; + GDateTime *time; + GTimeZone *tz; ++ #endif + X509_NAME *name; + const char *name_string; + +@@ -279,6 +283,7 @@ g_tls_certificate_openssl_get_property (GObject *object, + g_value_set_object (value, openssl->issuer); + break; + ++ #ifndef LIBRESSL_VERSION_NUMBER + case PROP_NOT_VALID_BEFORE: + time_asn1 = X509_get0_notBefore (openssl->cert); + ASN1_TIME_to_tm (time_asn1, &time_tm); +@@ -296,6 +301,7 @@ g_tls_certificate_openssl_get_property (GObject *object, + g_value_take_boxed (value, time); + g_time_zone_unref (tz); + break; ++ #endif + + case PROP_SUBJECT_NAME: + bio = BIO_new (BIO_s_mem ()); +@@ -538,8 +544,10 @@ g_tls_certificate_openssl_class_init (GTlsCertificateOpensslClass *klass) + g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key"); + g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem"); + g_object_class_override_property (gobject_class, PROP_ISSUER, "issuer"); ++ #ifndef LIBRESSL_VERSION_NUMBER + g_object_class_override_property (gobject_class, PROP_NOT_VALID_BEFORE, "not-valid-before"); + g_object_class_override_property (gobject_class, PROP_NOT_VALID_AFTER, "not-valid-after"); ++ #endif + g_object_class_override_property (gobject_class, PROP_SUBJECT_NAME, "subject-name"); + g_object_class_override_property (gobject_class, PROP_ISSUER_NAME, "issuer-name"); + g_object_class_override_property (gobject_class, PROP_DNS_NAMES, "dns-names"); +diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c +index 9cf6ad7..6953a34 100644 +--- a/tls/openssl/gtlsconnection-openssl.c ++++ b/tls/openssl/gtlsconnection-openssl.c +@@ -206,7 +206,7 @@ end_openssl_io (GTlsConnectionOpenssl *openssl, + { + g_clear_error (&my_error); + g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, +- _("Unacceptable TLS certificate")); ++ _("Nonnacceptable TLS certificate")); + return G_TLS_CONNECTION_BASE_ERROR; + } + +@@ -581,10 +581,8 @@ perform_rehandshake (SSL *ssl, + GTlsConnectionBase *tls = user_data; + int ret = 1; /* always look on the bright side of life */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L +- if (SSL_version(ssl) >= TLS1_3_VERSION) +- ret = SSL_key_update (ssl, SSL_KEY_UPDATE_REQUESTED); +- else if (SSL_get_secure_renegotiation_support (ssl) && !(SSL_get_options(ssl) & SSL_OP_NO_RENEGOTIATION)) ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) ++ if (SSL_get_secure_renegotiation_support (ssl)) + /* remote and local peers both can rehandshake */ + ret = SSL_renegotiate (ssl); + else +@@ -827,7 +825,7 @@ g_tls_connection_openssl_handshake_thread_handshake (GTlsConnectionBase *tls, + if (!g_tls_connection_base_handshake_thread_verify_certificate (tls)) + { + g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, +- _("Unacceptable TLS certificate")); ++ _("Notnacceptable TLS certificate")); + return G_TLS_CONNECTION_BASE_ERROR; + } + } +diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c +index d24de05..54c607a 100644 +--- a/tls/openssl/gtlsserverconnection-openssl.c ++++ b/tls/openssl/gtlsserverconnection-openssl.c +@@ -274,11 +274,13 @@ ssl_info_callback (const SSL *ssl, + int type, + int val) + { ++ #ifndef LIBRESSL_VERSION_NUMBER + if ((type & SSL_CB_HANDSHAKE_DONE) != 0) + { + /* Disable renegotiation (CVE-2009-3555) */ + ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; + } ++ #endif + } + #endif + |