diff options
Diffstat (limited to 'main/libtls-standalone/openssl-1.1.0-verify-param.patch')
-rw-r--r-- | main/libtls-standalone/openssl-1.1.0-verify-param.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/main/libtls-standalone/openssl-1.1.0-verify-param.patch b/main/libtls-standalone/openssl-1.1.0-verify-param.patch new file mode 100644 index 0000000000..ef3f948e02 --- /dev/null +++ b/main/libtls-standalone/openssl-1.1.0-verify-param.patch @@ -0,0 +1,50 @@ +--- libressl-2.7.4.orig/tls/tls.c ++++ libressl-2.7.4/tls/tls.c +@@ -438,8 +438,16 @@ + } + + if (ctx->config->verify_time == 0) { +- X509_VERIFY_PARAM_set_flags(ssl_ctx->param, +- X509_V_FLAG_NO_CHECK_TIME); ++ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); ++ ++ if (param == NULL) { ++ goto err; ++ } ++ ++ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); ++ SSL_CTX_set1_param(ssl_ctx, param); ++ ++ X509_VERIFY_PARAM_free(param); + } + + /* Disable any form of session caching by default */ +@@ -487,6 +495,7 @@ + STACK_OF(X509_INFO) *xis = NULL; + X509_STORE *store; + X509_INFO *xi; ++ X509_VERIFY_PARAM *param; + BIO *bio = NULL; + int rv = -1; + int i; +@@ -548,8 +557,19 @@ + } + xi->crl = NULL; + } +- X509_VERIFY_PARAM_set_flags(store->param, ++ ++ param = X509_VERIFY_PARAM_new(); ++ ++ if (param == NULL) { ++ goto err; ++ } ++ ++ X509_VERIFY_PARAM_set_flags(param, + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); ++ ++ X509_STORE_set1_param(store, param); ++ ++ X509_VERIFY_PARAM_free(param); + } + + done: |