diff options
Diffstat (limited to 'main/imap')
-rw-r--r-- | main/imap/1006_openssl1.1_autoverify.patch | 58 | ||||
-rw-r--r-- | main/imap/APKBUILD | 8 |
2 files changed, 63 insertions, 3 deletions
diff --git a/main/imap/1006_openssl1.1_autoverify.patch b/main/imap/1006_openssl1.1_autoverify.patch new file mode 100644 index 0000000000..087e747d59 --- /dev/null +++ b/main/imap/1006_openssl1.1_autoverify.patch @@ -0,0 +1,58 @@ +Description: Support OpenSSL 1.1 + When building with OpenSSL 1.1 and newer, use the new built-in + hostname verification instead of code that doesn't compile due to + structs having been made opaque. +Bug-Debian: https://bugs.debian.org/828589 + +--- a/src/osdep/unix/ssl_unix.c ++++ b/src/osdep/unix/ssl_unix.c +@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * + /* disable certificate validation? */ + if (flags & NET_NOVALIDATECERT) + SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); +- else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); ++ else { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); ++ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); ++ X509_VERIFY_PARAM_set1_host(param, host, 0); ++#endif ++ ++ SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + /* set default paths to CAs... */ ++ } + SSL_CTX_set_default_verify_paths (stream->context); + /* ...unless a non-standard path desired */ + if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) +@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * + if (SSL_write (stream->con,"",0) < 0) + return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; + /* need to validate host names? */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if (!(flags & NET_NOVALIDATECERT) && + (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), + host))) { +@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * + sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); + return ssl_last_error = cpystr (tmp); + } ++#endif + return NIL; + } + +@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ + * Returns: NIL if validated, else string of error message + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + static char *ssl_validate_cert (X509 *cert,char *host) + { + int i,n; +@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce + else ret = "Unable to locate common name in certificate"; + return ret; + } ++#endif + + /* Case-independent wildcard pattern match + * Accepts: base string diff --git a/main/imap/APKBUILD b/main/imap/APKBUILD index f0b3d5276e..37b294d476 100644 --- a/main/imap/APKBUILD +++ b/main/imap/APKBUILD @@ -5,17 +5,18 @@ # build it shared pkgname=imap pkgver=2007f -pkgrel=8 +pkgrel=9 pkgdesc="An IMAP/POP server" url="http://www.washington.edu/imap" arch="all" license="Apache-2.0" subpackages="$pkgname-dev c-client:cclient" depends="" -makedepends="libressl-dev" +makedepends="openssl-dev" source="http://ftp.ntua.gr/pub/net/mail/imap/imap-$pkgver.tar.gz fix-linking.patch c-client-2006k_KOLAB_Annotations.patch + 1006_openssl1.1_autoverify.patch " builddir="$srcdir"/$pkgname-$pkgver @@ -63,4 +64,5 @@ cclient() { sha512sums="7c3e1d9927872001e768ff2ddbcf3af74078243efe58dd70e01d966856b7611134e4b579818691a954bade9acaeeda6f2f30f40d812b8aa20990de5cb90d5d35 imap-2007f.tar.gz f8a4b5b8759b690273ec8c86db55c3c3ebf7b358321aa829341bc65e98db0f10696b1eeae922eecada668f011b0b3231ed73c3a959b47b4cba00568bf7d231c1 fix-linking.patch -871093236b3ae300968e1e200a2389566af72ed1f62ad57c1dc617dd59e8378f29175fe07e5cfc575e022f3c27769b06850cbf21567f7cc359ca204c4d87a3af c-client-2006k_KOLAB_Annotations.patch" +871093236b3ae300968e1e200a2389566af72ed1f62ad57c1dc617dd59e8378f29175fe07e5cfc575e022f3c27769b06850cbf21567f7cc359ca204c4d87a3af c-client-2006k_KOLAB_Annotations.patch +7ecbe52adc6e3d1deee05790745642f794150ffaebf51c0cf689dc036eea9c7d80e643648aac37bf0aa83ac138b8bb63abfad3b540bc9440de3456162dfabae5 1006_openssl1.1_autoverify.patch" |