SecBSD's official ports repository

2023-08-16 22:26:55 +00:00 · 2023-08-16 22:26:55 +00:00 · 2c0afcbbf3
commit 2c0afcbbf3
64331 changed files with 5339189 additions and 0 deletions
--- a/mail/pop3d/patches/patch-ssl_privsep_c
+++ b/mail/pop3d/patches/patch-ssl_privsep_c
@ -0,0 +1,93 @@
+https://github.com/snimmagadda/pop3d/pull/12
+
+Use LibreSSL-specific API for by_mem lookup.
+
+Index: ssl_privsep.c
+--- ssl_privsep.c.orig
+++ ssl_privsep.c
+@@ -81,6 +81,7 @@ int	 ssl_ctx_use_certificate_chain(SSL_CTX *, char *, 
+ int	 ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t);
+ int	 ssl_by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **);
+ 
+#if 0
+ X509_LOOKUP_METHOD x509_mem_lookup = {
+ 	"Load cert from memory",
+ 	NULL,			/* new */
+@@ -95,6 +96,7 @@ X509_LOOKUP_METHOD x509_mem_lookup = {
+ };
+ 
+ #define X509_L_ADD_MEM	3
+#endif
+ 
+ int
+ ssl_ctx_use_private_key(SSL_CTX *ctx, char *buf, off_t len)
+@@ -111,8 +113,8 @@ ssl_ctx_use_private_key(SSL_CTX *ctx, char *buf, off_t
+ 	}
+ 
+ 	pkey = PEM_read_bio_PrivateKey(in, NULL,
+-	    ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata);
+	    SSL_CTX_get_default_passwd_cb(ctx),
+	    SSL_CTX_get_default_passwd_cb_userdata(ctx));
+ 
+ 	if (pkey == NULL) {
+ 		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB);
+@@ -145,8 +147,8 @@ ssl_ctx_use_certificate_chain(SSL_CTX *ctx, char *buf,
+ 	}
+ 
+ 	if ((x = PEM_read_bio_X509(in, NULL,
+-	    ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata)) == NULL) {
+	    SSL_CTX_get_default_passwd_cb(ctx),
+	    SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) {
+ 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+ 		goto end;
+ 	}
+@@ -158,14 +160,11 @@ ssl_ctx_use_certificate_chain(SSL_CTX *ctx, char *buf,
+ 	 * the CA certificates.
+ 	 */
+ 
+-	if (ctx->extra_certs != NULL) {
+-		sk_X509_pop_free(ctx->extra_certs, X509_free);
+-		ctx->extra_certs = NULL;
+-	}
+	SSL_CTX_clear_extra_chain_certs(ctx);
+ 
+ 	while ((ca = PEM_read_bio_X509(in, NULL,
+-	    ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata)) != NULL) {
+	    SSL_CTX_get_default_passwd_cb(ctx),
+	    SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
+ 
+ 		if (!SSL_CTX_add_extra_chain_cert(ctx, ca))
+ 			goto end;
+@@ -195,20 +194,20 @@ ssl_ctx_load_verify_memory(SSL_CTX *ctx, char *buf, of
+ 	X509_LOOKUP		*lu;
+ 	struct iovec		 iov;
+ 
+-	if ((lu = X509_STORE_add_lookup(ctx->cert_store,
+-	    &x509_mem_lookup)) == NULL)
+	if ((lu = X509_STORE_add_lookup(SSL_CTX_get_cert_store(ctx),
+	    X509_LOOKUP_mem())) == NULL)
+ 		return (0);
+ 
+ 	iov.iov_base = buf;
+ 	iov.iov_len = len;
+ 
+-	if (!ssl_by_mem_ctrl(lu, X509_L_ADD_MEM,
+-	    (const char *)&iov, X509_FILETYPE_PEM, NULL))
+	if (!X509_LOOKUP_add_mem(lu, &iov, X509_FILETYPE_PEM))
+ 		return (0);
+ 
+ 	return (1);
+ }
+ 
+#if 0
+ int
+ ssl_by_mem_ctrl(X509_LOOKUP *lu, int cmd, const char *buf,
+     long type, char **ret)
+@@ -251,3 +250,4 @@ ssl_by_mem_ctrl(X509_LOOKUP *lu, int cmd, const char *
+ 		BIO_free(in);
+ 	return (count);
+ }
+#endif