-
Notifications
You must be signed in to change notification settings - Fork 68
/
75_15-Fix-build-with-recent-LibreSSL-when-including-DANE.-.patch
93 lines (83 loc) · 3.08 KB
/
75_15-Fix-build-with-recent-LibreSSL-when-including-DANE.-.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
From 09cc73f04332f420e07f4bc8bb2e2466c2460067 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 5 Apr 2019 13:38:54 +0100
Subject: [PATCH 15/29] Fix build with recent LibreSSL, when including DANE.
Bug 2386
(cherry picked from commit c19ab167ac and 1fbf41cdf6
(cherry picked from commit 0d82437ff97668a34a67b4ba398d1294ec016d3a)
---
doc/ChangeLog | 3 +++
src/dane-openssl.c | 11 ++++++++++-
src/tlscert-openssl.c | 12 +++++++++---
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 12cbd5b4..326895f6 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -47,6 +47,9 @@ JH/11 Harden plaintext authenticator against a badly misconfigured client-send
JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no
output.
+JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old
+ API was removed, so update to use the newer ones.
+
Exim version 4.92
diff --git a/src/dane-openssl.c b/src/dane-openssl.c
index f7ccbd76..79f136ea 100644
--- a/src/dane-openssl.c
+++ b/src/dane-openssl.c
@@ -2,7 +2,7 @@
* Author: Viktor Dukhovni
* License: THIS CODE IS IN THE PUBLIC DOMAIN.
*
- * Copyright (c) The Exim Maintainers 2014 - 2018
+ * Copyright (c) The Exim Maintainers 2014 - 2019
*/
#include <stdio.h>
#include <string.h>
@@ -25,9 +25,18 @@
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
# define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
#endif
+
+/* LibreSSL 2.9.0 and later - 2.9.0 has removed a number of macros ... */
+#ifdef LIBRESSL_VERSION_NUMBER
+# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL
+# define EXIM_HAVE_ASN1_MACROS
+# endif
+#endif
+/* OpenSSL */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
# define EXIM_HAVE_ASN1_MACROS
# define EXIM_OPAQUE_X509
+/* Older OpenSSL and all LibreSSL */
#else
# define X509_STORE_CTX_get_verify(ctx) (ctx)->verify
# define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb
diff --git a/src/tlscert-openssl.c b/src/tlscert-openssl.c
index 7e0128ee..3551045c 100644
--- a/src/tlscert-openssl.c
+++ b/src/tlscert-openssl.c
@@ -2,7 +2,7 @@
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) Jeremy Harris 2014 - 2018 */
+/* Copyright (c) Jeremy Harris 2014 - 2019 */
/* This module provides TLS (aka SSL) support for Exim using the OpenSSL
library. It is #included into the tls.c file when that library is used.
@@ -17,8 +17,14 @@ library. It is #included into the tls.c file when that library is used.
#include <openssl/rand.h>
#include <openssl/x509v3.h>
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-# define EXIM_HAVE_ASN1_MACROS
+#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */
+# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL
+# define EXIM_HAVE_ASN1_MACROS
+# endif
+#else /* OpenSSL */
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# define EXIM_HAVE_ASN1_MACROS
+# endif
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
--
2.20.1