ports/mail/imapproxy/patches/patch-src_main_c

Index: src/main.c
--- src/main.c.orig
+++ src/main.c
@@ -460,14 +460,6 @@ int main( int argc, char *argv[] )
     /* Set up OpenSSL thread protection */
     ssl_thread_setup(fn);
 
-#ifndef HAVE_RAND_EGD
-    if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) ) 
-#endif
-    {
-	if ( RAND_load_file( f_randfile, -1 ) )
-	    RAND_write_file( f_randfile );
-    }
-
     SSL_load_error_strings();
 
     /* 
@@ -681,6 +673,22 @@ int main( int argc, char *argv[] )
     if ( BecomeNonRoot() )
 	exit( 1 );
 
+    /*
+     * Optional dir accessed at runtime if it exists, but allow unveil() to fail
+     * so the daemon can still run if the dir does not exist.
+     */
+    unveil("/etc/ssl/certs", "r");
+    if ( unveil(NULL, NULL) != 0 )
+    {
+	syslog(LOG_ERR, "%s: unveil() failed: [%d]\n", fn, rc);
+	exit( 1 );
+    }
+    if ( pledge("stdio inet dns rpath", NULL) != 0 )
+    {
+	syslog(LOG_ERR, "%s: pledge() failed: [%d]\n", fn, rc);
+	exit( 1 );
+    }
+
     /* some misc thread setup */
     rc = pthread_attr_init( &attr );
     if ( rc )
@@ -1574,9 +1582,9 @@ static int verify_callback(int ok, X509_STORE_CTX * ct
 	    verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
 	}
     }
-    switch (ctx->error) {
+    switch (err) {
     case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
+	X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
 	syslog(LOG_NOTICE, "issuer= %s", buf);
 	break;
     case X509_V_ERR_CERT_NOT_YET_VALID:
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`Index: src/main.c`
			`--- src/main.c.orig`
			`+++ src/main.c`
			`@@ -460,14 +460,6 @@ int main( int argc, char *argv[] )`
			`/* Set up OpenSSL thread protection */`
			`ssl_thread_setup(fn);`

			`-#ifndef HAVE_RAND_EGD`
			`- if ( RAND_egd( ( RAND_file_name( f_randfile, sizeof( f_randfile ) ) == f_randfile ) ? f_randfile : "/.rnd" ) )`
			`-#endif`
			`- {`
			`- if ( RAND_load_file( f_randfile, -1 ) )`
			`- RAND_write_file( f_randfile );`
			`- }`
			`-`
			`SSL_load_error_strings();`

			`/*`
			`@@ -681,6 +673,22 @@ int main( int argc, char *argv[] )`
			`if ( BecomeNonRoot() )`
			`exit( 1 );`

			`+ /*`
			`+ * Optional dir accessed at runtime if it exists, but allow unveil() to fail`
			`+ * so the daemon can still run if the dir does not exist.`
			`+ */`
			`+ unveil("/etc/ssl/certs", "r");`
			`+ if ( unveil(NULL, NULL) != 0 )`
			`+ {`
			`+ syslog(LOG_ERR, "%s: unveil() failed: [%d]\n", fn, rc);`
			`+ exit( 1 );`
			`+ }`
			`+ if ( pledge("stdio inet dns rpath", NULL) != 0 )`
			`+ {`
			`+ syslog(LOG_ERR, "%s: pledge() failed: [%d]\n", fn, rc);`
			`+ exit( 1 );`
			`+ }`
			`+`
			`/* some misc thread setup */`
			`rc = pthread_attr_init( &attr );`
			`if ( rc )`
			`@@ -1574,9 +1582,9 @@ static int verify_callback(int ok, X509_STORE_CTX * ct`
			`verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;`
			`}`
			`}`
			`- switch (ctx->error) {`
			`+ switch (err) {`
			`case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:`
			`- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));`
			`+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));`
			`syslog(LOG_NOTICE, "issuer= %s", buf);`
			`break;`
			`case X509_V_ERR_CERT_NOT_YET_VALID:`