From b6e8dcdcbe2d985c44be35198b01e9378b677905 Mon Sep 17 00:00:00 2001
From: Felix Huettner <huettner94@gmx.de>
Date: Wed, 17 May 2023 23:13:55 +0200
Subject: [PATCH] Fix othername generation

depends on https://github.com/sfackler/rust-openssl/pull/1915 and https://github.com/sfackler/rust-openssl/pull/1928
---
 Cargo.lock                | 29 ++++++++++++++---------------
 Cargo.toml                |  8 +++++++-
 dtrd/Cargo.toml           |  9 ++++++++-
 tcpcl/Cargo.toml          | 10 ++++++++--
 tcpcl/tests/common/tls.rs | 23 +++++++++++++----------
 5 files changed, 50 insertions(+), 29 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 18bfc7d..e6b8b06 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -133,9 +133,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.70"
+version = "1.0.71"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7de8ce5e0f9f8d88245311066a578d72b7af3e7088f32783804676302df237e4"
+checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"
 
 [[package]]
 name = "asn1-rs"
@@ -217,9 +217,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 
 [[package]]
 name = "axum"
-version = "0.6.17"
+version = "0.6.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b70caf9f1b0c045f7da350636435b775a9733adf2df56e8aa2a29210fbc335d4"
+checksum = "f8175979259124331c1d7bf6586ee7e0da434155e4b2d48ec2c8386281d8df39"
 dependencies = [
  "async-trait",
  "axum-core",
@@ -1204,9 +1204,7 @@ checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
 
 [[package]]
 name = "openssl"
-version = "0.10.52"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56"
+version = "0.10.53"
 dependencies = [
  "bitflags 1.3.2",
  "cfg-if",
@@ -1220,8 +1218,6 @@ dependencies = [
 [[package]]
 name = "openssl-macros"
 version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1231,8 +1227,6 @@ dependencies = [
 [[package]]
 name = "openssl-sys"
 version = "0.9.87"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e"
 dependencies = [
  "cc",
  "libc",
@@ -1506,9 +1500,9 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.37.15"
+version = "0.37.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0661814f891c57c930a610266415528da53c4933e6dea5fb350cbfe048a9ece"
+checksum = "8bbfc1d1c7c40c01715f47d71444744a81669ca84e8b63e25a55e169b1f86433"
 dependencies = [
  "bitflags 1.3.2",
  "errno",
@@ -1991,10 +1985,11 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
 
 [[package]]
 name = "tracing"
-version = "0.1.38"
+version = "0.1.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9cf6a813d3f40c88b0b6b6f29a5c95c6cdbf97c1f9cc53fb820200f5ad814d"
+checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
 dependencies = [
+ "cfg-if",
  "pin-project-lite",
  "tracing-attributes",
  "tracing-core",
@@ -2381,3 +2376,7 @@ dependencies = [
  "thiserror",
  "time 0.3.20",
 ]
+
+[[patch.unused]]
+name = "openssl-errors"
+version = "0.2.0"
diff --git a/Cargo.toml b/Cargo.toml
index f173b61..15c2535 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,4 +6,10 @@ members = [
     "client",
     "dtrd",
     "tcpcl"
-]
\ No newline at end of file
+]
+
+[patch.crates-io]
+openssl = { path = "../rust-openssl/openssl" }
+openssl-sys = { path = "../rust-openssl/openssl-sys" }
+openssl-errors = { path = "../rust-openssl/openssl-errors" }
+openssl-macros = { path = "../rust-openssl/openssl-macros" }
diff --git a/dtrd/Cargo.toml b/dtrd/Cargo.toml
index 0a753ed..3c3bf69 100644
--- a/dtrd/Cargo.toml
+++ b/dtrd/Cargo.toml
@@ -16,7 +16,7 @@ tokio-stream = "0.1.14"
 tokio-util = "0.7.8"
 futures-util = "0.3.28"
 env_logger = "0.10.0"
-openssl = "0.10.52"
+openssl = "0.10.53"
 uuid = {version = "1.3.2", features = ["v4"]}
 console-subscriber = "0.1.8"
 actix = "0.13.0"
@@ -25,3 +25,10 @@ async-stream = "0.3.5"
 
 [build-dependencies]
 tonic-build = "0.9.2"
+
+
+[patch.crates-io]
+openssl = { path = "../rust-openssl/openssl" }
+openssl-sys = { path = "../rust-openssl/openssl-sys" }
+openssl-errors = { path = "../rust-openssl/openssl-errors" }
+openssl-macros = { path = "../rust-openssl/openssl-macros" }
diff --git a/tcpcl/Cargo.toml b/tcpcl/Cargo.toml
index 1441254..069fb14 100644
--- a/tcpcl/Cargo.toml
+++ b/tcpcl/Cargo.toml
@@ -9,10 +9,16 @@ edition = "2021"
 bitflags = "2.2.1"
 tokio = { version = "1.28.0", features = ["fs", "io-util", "net", "macros", "sync", "rt", "time"] }
 tokio-openssl = "0.6.3"
-openssl = "0.10.52"
+openssl = "0.10.53"
 log = "0.4"
 num_enum = "0.6.1"
 x509-parser = "0.15.0"
 tokio-util = {version = "0.7.8", features = ["codec"]}
 bytes = "1.4.0"
-futures-util = {version = "0.3.28", features = ["sink"]}
\ No newline at end of file
+futures-util = {version = "0.3.28", features = ["sink"]}
+
+[patch.crates-io]
+openssl = { path = "../rust-openssl/openssl" }
+openssl-sys = { path = "../rust-openssl/openssl-sys" }
+openssl-errors = { path = "../rust-openssl/openssl-errors" }
+openssl-macros = { path = "../rust-openssl/openssl-macros" }
diff --git a/tcpcl/tests/common/tls.rs b/tcpcl/tests/common/tls.rs
index 0f716d3..c02da52 100644
--- a/tcpcl/tests/common/tls.rs
+++ b/tcpcl/tests/common/tls.rs
@@ -1,11 +1,12 @@
 use openssl::{
-    asn1::Asn1Time,
+    asn1::{Asn1Object, Asn1String, Asn1Time},
     hash::MessageDigest,
     nid::Nid,
     pkey::{PKey, Private},
     rsa::Rsa,
-    x509::{X509Extension, X509Name, X509},
+    x509::{extension::SubjectAlternativeName, X509Name, X509},
 };
+use std::str::FromStr;
 
 fn get_cert_with_san(sanname: &str) -> (PKey<Private>, X509) {
     let cert_rsa = Rsa::generate(2048).unwrap();
@@ -21,14 +22,16 @@ fn get_cert_with_san(sanname: &str) -> (PKey<Private>, X509) {
     builder.set_subject_name(&name).unwrap();
     builder.set_issuer_name(&name).unwrap();
 
-    #[allow(deprecated)] // Depending on https://github.com/sfackler/rust-openssl/issues/1911 to fix
-    let subject_alternative_name = X509Extension::new_nid(
-        None,
-        Some(&builder.x509v3_context(None, None)),
-        Nid::SUBJECT_ALT_NAME,
-        &format!("otherName:1.3.6.1.5.5.7.8.11;IA5STRING:{}", sanname),
-    )
-    .unwrap();
+    let s = Asn1String::from_str(sanname).unwrap();
+    let subject_alternative_name = SubjectAlternativeName::new()
+        .other_name2(
+            Asn1Object::from_str("1.3.6.1.5.5.7.8.11").unwrap(),
+            &s.as_asn1type_der().unwrap(),
+        )
+        .unwrap()
+        .build(&builder.x509v3_context(None, None))
+        .unwrap();
+
     builder.append_extension(subject_alternative_name).unwrap();
 
     builder