[packages/mutt.git] / openssl.patch

From 6ce3be71ed60e4fe41ea255b74119ded47bd4ca2 Mon Sep 17 00:00:00 2001
From: TAKAHASHI Tamotsu <ttakah@lapis.plala.or.jp>
Date: Wed, 7 Sep 2016 20:00:04 -0700
Subject: [PATCH] Fix openssl 1.1 compilation issues. (closes #3870)

With these changes, Mutt will no longer compile for versions less than
0.9.6.
---
 configure.ac |  7 +++++--
 mutt_ssl.c   | 24 ++++++++----------------
 2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/configure.ac b/configure.ac
index aff9479c7..b84b531cb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -689,13 +689,16 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi
 
             crypto_libs=""
             AC_CHECK_LIB(z, deflate, [crypto_libs=-lz])
-            AC_CHECK_LIB(crypto, X509_new,
-              [crypto_libs="-lcrypto $crypto_libs"],, [$crypto_libs])
+            AC_CHECK_LIB(crypto, X509_STORE_CTX_new,
+              [crypto_libs="-lcrypto $crypto_libs"],
+              AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
             AC_CHECK_LIB(ssl, SSL_new,,
               AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
 
             LIBS="$LIBS $crypto_libs"
             AC_CHECK_FUNCS(RAND_status RAND_egd)
+            AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
+              AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]])
 
             AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ])
             AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ])
diff --git a/mutt_ssl.c b/mutt_ssl.c
index 35cb5135c..791b1c631 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -37,12 +37,6 @@
 #include "mutt_ssl.h"
 #include "mutt_idna.h"
 
-#if OPENSSL_VERSION_NUMBER >= 0x00904000L
-#define READ_X509_KEY(fp, key)	PEM_read_X509(fp, key, NULL, NULL)
-#else
-#define READ_X509_KEY(fp, key)	PEM_read_X509(fp, key, NULL)
-#endif
-
 /* Just in case OpenSSL doesn't define DEVRANDOM */
 #ifndef DEVRANDOM
 #define DEVRANDOM "/dev/urandom"
@@ -406,11 +400,7 @@ static int ssl_negotiate (CONNECTION *conn, sslsockdata* ssldata)
   int err;
   const char* errmsg;
 
-#if OPENSSL_VERSION_NUMBER >= 0x00906000L
-  /* This only exists in 0.9.6 and above. Without it we may get interrupted
-   *   reads or writes. Bummer. */
   SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY);
-#endif
 
   if ((err = SSL_connect (ssldata->ssl)) != 1)
   {
@@ -631,7 +621,7 @@ static char *asn1time_to_string (ASN1_UTCTIME *tm)
 
 static int check_certificate_by_signer (X509 *peercert)
 {
-  X509_STORE_CTX xsc;
+  X509_STORE_CTX *xsc;
   X509_STORE *ctx;
   int pass = 0, i;
 
@@ -661,23 +651,25 @@ static int check_certificate_by_signer (X509 *peercert)
     return 0;
   }
 
-  X509_STORE_CTX_init (&xsc, ctx, peercert, SslSessionCerts);
+  xsc = X509_STORE_CTX_new();
+  if (xsc == NULL) return 0;
+  X509_STORE_CTX_init (xsc, ctx, peercert, SslSessionCerts);
 
-  pass = (X509_verify_cert (&xsc) > 0);
+  pass = (X509_verify_cert (xsc) > 0);
 #ifdef DEBUG
   if (! pass)
   {
     char buf[SHORT_STRING];
     int err;
 
-    err = X509_STORE_CTX_get_error (&xsc);
+    err = X509_STORE_CTX_get_error (xsc);
     snprintf (buf, sizeof (buf), "%s (%d)",
 	X509_verify_cert_error_string(err), err);
     dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
     dprint (2, (debugfile, " [%s]\n", peercert->name));
   }
 #endif
-  X509_STORE_CTX_cleanup (&xsc);
+  X509_STORE_CTX_free (xsc);
   X509_STORE_free (ctx);
 
   return pass;
@@ -766,7 +758,7 @@ static int check_certificate_by_digest (X509 *peercert)
     return 0;
   }
 
-  while ((cert = READ_X509_KEY (fp, &cert)) != NULL)
+  while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL)
   {
     pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;
Commit	Line	Data
c5fceb03 AM	1	From 6ce3be71ed60e4fe41ea255b74119ded47bd4ca2 Mon Sep 17 00:00:00 2001
	2	From: TAKAHASHI Tamotsu <ttakah@lapis.plala.or.jp>
	3	Date: Wed, 7 Sep 2016 20:00:04 -0700
	4	Subject: [PATCH] Fix openssl 1.1 compilation issues. (closes #3870)
	5
	6	With these changes, Mutt will no longer compile for versions less than
	7	0.9.6.
	8	---
	9	configure.ac \| 7 +++++--
	10	mutt_ssl.c \| 24 ++++++++----------------
	11	2 files changed, 13 insertions(+), 18 deletions(-)
	12
	13	diff --git a/configure.ac b/configure.ac
	14	index aff9479c7..b84b531cb 100644
	15	--- a/configure.ac
	16	+++ b/configure.ac
	17	@@ -689,13 +689,16 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi
	18
	19	crypto_libs=""
	20	AC_CHECK_LIB(z, deflate, [crypto_libs=-lz])
	21	- AC_CHECK_LIB(crypto, X509_new,
	22	- [crypto_libs="-lcrypto $crypto_libs"],, [$crypto_libs])
	23	+ AC_CHECK_LIB(crypto, X509_STORE_CTX_new,
	24	+ [crypto_libs="-lcrypto $crypto_libs"],
	25	+ AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
	26	AC_CHECK_LIB(ssl, SSL_new,,
	27	AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
	28
	29	LIBS="$LIBS $crypto_libs"
	30	AC_CHECK_FUNCS(RAND_status RAND_egd)
	31	+ AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
	32	+ AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]])
	33
	34	AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ])
	35	AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ])
	36	diff --git a/mutt_ssl.c b/mutt_ssl.c
	37	index 35cb5135c..791b1c631 100644
	38	--- a/mutt_ssl.c
	39	+++ b/mutt_ssl.c
	40	@@ -37,12 +37,6 @@
	41	#include "mutt_ssl.h"
	42	#include "mutt_idna.h"
	43
	44	-#if OPENSSL_VERSION_NUMBER >= 0x00904000L
	45	-#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL)
	46	-#else
	47	-#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL)
	48	-#endif
	49	-
	50	/* Just in case OpenSSL doesn't define DEVRANDOM */
	51	#ifndef DEVRANDOM
	52	#define DEVRANDOM "/dev/urandom"
	53	@@ -406,11 +400,7 @@ static int ssl_negotiate (CONNECTION conn, sslsockdata ssldata)
	54	int err;
	55	const char* errmsg;
	56
	57	-#if OPENSSL_VERSION_NUMBER >= 0x00906000L
	58	- /* This only exists in 0.9.6 and above. Without it we may get interrupted
	59	- * reads or writes. Bummer. */
	60	SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY);
	61	-#endif
	62
	63	if ((err = SSL_connect (ssldata->ssl)) != 1)
	64	{
65	@@ -631,7 +621,7 @@ static char asn1time_to_string (ASN1_UTCTIME tm)
66
67	static int check_certificate_by_signer (X509 *peercert)
68	{
69	- X509_STORE_CTX xsc;
70	+ X509_STORE_CTX *xsc;
71	X509_STORE *ctx;
72	int pass = 0, i;
73
74	@@ -661,23 +651,25 @@ static int check_certificate_by_signer (X509 *peercert)
75	return 0;
76	}
77
78	- X509_STORE_CTX_init (&xsc, ctx, peercert, SslSessionCerts);
79	+ xsc = X509_STORE_CTX_new();
80	+ if (xsc == NULL) return 0;
81	+ X509_STORE_CTX_init (xsc, ctx, peercert, SslSessionCerts);
82
83	- pass = (X509_verify_cert (&xsc) > 0);
84	+ pass = (X509_verify_cert (xsc) > 0);
85	#ifdef DEBUG
86	if (! pass)
87	{
88	char buf[SHORT_STRING];
89	int err;
90
91	- err = X509_STORE_CTX_get_error (&xsc);
92	+ err = X509_STORE_CTX_get_error (xsc);
93	snprintf (buf, sizeof (buf), "%s (%d)",
94	X509_verify_cert_error_string(err), err);
95	dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
96	dprint (2, (debugfile, " [%s]\n", peercert->name));
97	}
98	#endif
99	- X509_STORE_CTX_cleanup (&xsc);
100	+ X509_STORE_CTX_free (xsc);
101	X509_STORE_free (ctx);
102
103	return pass;
104	@@ -766,7 +758,7 @@ static int check_certificate_by_digest (X509 *peercert)
105	return 0;
106	}
107
108	- while ((cert = READ_X509_KEY (fp, &cert)) != NULL)
109	+ while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL)
110	{
111	pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;
112