diff options
Diffstat (limited to 'main/socat/socat-libressl.patch')
| -rw-r--r-- | main/socat/socat-libressl.patch | 208 |
1 files changed, 208 insertions, 0 deletions
diff --git a/main/socat/socat-libressl.patch b/main/socat/socat-libressl.patch new file mode 100644 index 0000000000..988821332d --- /dev/null +++ b/main/socat/socat-libressl.patch @@ -0,0 +1,208 @@ +diff --git a/doc/xio.help b/doc/xio.help +index 3a6eb8d..f005b1c 100644 +--- a/doc/xio.help ++++ b/doc/xio.help +@@ -4566,19 +4566,6 @@ must contain certificates in PEM format and their hashes (see OpenSSL + documentation) + + +-Option: openssl-egd=file +-Aliases: egd +- +-Type: FILENAME +-Option group: OPENSSL +-Phase: SPEC +-Platforms: (depends on openssl installation) +- +-On some systems, openssl requires an explicit source of random data. Specify +-the socket name where an entropy gathering daemon like egd provides random +-data, e.g. /dev/egd-pool. +- +- + Option: openssl-pseudo + Aliases: pseudo + +diff --git a/sslcls.c b/sslcls.c +index 6ddc077..3f7c6a0 100644 +--- a/sslcls.c ++++ b/sslcls.c +@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method(void) { + } + #endif + ++#ifdef HAVE_SSLv3_client_method + const SSL_METHOD *sycSSLv3_client_method(void) { + const SSL_METHOD *result; + Debug("SSLv3_client_method()"); +@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method(void) { + Debug1("SSLv3_client_method() -> %p", result); + return result; + } ++#endif + ++#ifdef HAVE_SSLv3_server_method + const SSL_METHOD *sycSSLv3_server_method(void) { + const SSL_METHOD *result; + Debug("SSLv3_server_method()"); +@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) { + Debug1("SSLv3_server_method() -> %p", result); + return result; + } ++#endif + + const SSL_METHOD *sycSSLv23_client_method(void) { + const SSL_METHOD *result; +@@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) { + return; + } + +-int sycRAND_egd(const char *path) { +- int result; +- Debug1("RAND_egd(\"%s\")", path); +- result = RAND_egd(path); +- Debug1("RAND_egd() -> %d", result); +- return result; +-} +- + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) { + DH *result; + Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)", +@@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) { + } + #endif /* WITH_FIPS */ + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) { + const COMP_METHOD *result; + Debug1("SSL_get_current_compression(%p)", ssl); +diff --git a/sslcls.h b/sslcls.h +index aece28a..7ed2283 100644 +--- a/sslcls.h ++++ b/sslcls.h +@@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl); + int sycSSL_shutdown(SSL *ssl); + void sycSSL_CTX_free(SSL_CTX *ctx); + void sycSSL_free(SSL *ssl); +-int sycRAND_egd(const char *path); + + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); + +@@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filename, const char *mode); + + int sycFIPS_mode_set(int onoff); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl); + const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl); + const char *sycSSL_COMP_get_name(const COMP_METHOD *comp); +@@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *comp); + #define sycSSL_shutdown(s) SSL_shutdown(s) + #define sycSSL_CTX_free(c) SSL_CTX_free(c) + #define sycSSL_free(s) SSL_free(s) +-#define sycRAND_egd(p) RAND_egd(p) + + #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u) + +diff --git a/xio-openssl.c b/xio-openssl.c +index b7e95c1..b77d340 100644 +--- a/xio-openssl.c ++++ b/xio-openssl.c +@@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key = { "openssl-key", "key", + const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; +-const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; +@@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) { + static void openssl_conn_loginfo(SSL *ssl) { + Notice1("SSL connection using %s", SSL_get_cipher(ssl)); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + { + const COMP_METHOD *comp, *expansion; + +@@ -722,7 +721,6 @@ int + char *opt_dhparam = NULL; /* file name of DH params */ + char *opt_cafile = NULL; /* certificate authority file */ + char *opt_capath = NULL; /* certificate authority directory */ +- char *opt_egd = NULL; /* entropy gathering daemon socket path */ + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + char *opt_compress = NULL; /* compression method */ + #endif +@@ -741,7 +739,6 @@ int + retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); + retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); + retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); +- retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); + retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); +@@ -877,10 +874,6 @@ int + } + } + +- if (opt_egd) { +- sycRAND_egd(opt_egd); +- } +- + if (opt_pseudo) { + long int randdata; + /* initialize libc random from actual microseconds */ +@@ -1105,7 +1098,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char *funcname) { + if (e == ((ERR_LIB_RAND<<24)| + (RAND_F_SSLEAY_RAND_BYTES<<12)| + (RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { +- Error("too few entropy; use options \"egd\" or \"pseudo\""); ++ Error("too few entropy; use option \"pseudo\""); + stat = STAT_NORETRY; + } else { + Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); +diff --git a/xio-openssl.h b/xio-openssl.h +index 9cad8f4..cc20e36 100644 +--- a/xio-openssl.h ++++ b/xio-openssl.h +@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key; + extern const struct optdesc opt_openssl_dhparam; + extern const struct optdesc opt_openssl_cafile; + extern const struct optdesc opt_openssl_capath; +-extern const struct optdesc opt_openssl_egd; + extern const struct optdesc opt_openssl_pseudo; + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + extern const struct optdesc opt_openssl_compress; +diff --git a/xioopts.c b/xioopts.c +index 3b0f300..b1b5943 100644 +--- a/xioopts.c ++++ b/xioopts.c +@@ -412,7 +412,6 @@ const struct optname optionnames[] = { + #ifdef ECHOPRT + IF_TERMIOS("echoprt", &opt_echoprt) + #endif +- IF_OPENSSL("egd", &opt_openssl_egd) + IF_ANY ("end-close", &opt_end_close) + IF_TERMIOS("eof", &opt_veof) + IF_TERMIOS("eol", &opt_veol) +@@ -1102,7 +1101,6 @@ const struct optname optionnames[] = { + IF_OPENSSL("openssl-compress", &opt_openssl_compress) + #endif + IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam) +- IF_OPENSSL("openssl-egd", &opt_openssl_egd) + #if WITH_FIPS + IF_OPENSSL("openssl-fips", &opt_openssl_fips) + #endif +diff --git a/xioopts.h b/xioopts.h +index ebcf315..d569c30 100644 +--- a/xioopts.h ++++ b/xioopts.h +@@ -478,7 +478,6 @@ enum e_optcode { + OPT_OPENSSL_COMPRESS, + #endif + OPT_OPENSSL_DHPARAM, +- OPT_OPENSSL_EGD, + OPT_OPENSSL_FIPS, + OPT_OPENSSL_KEY, + OPT_OPENSSL_METHOD, |