]>
Commit | Line | Data |
---|---|---|
875c35e0 JR |
1 | --- Pound-3.0.1/include/pound.h.in~ 2021-08-23 17:31:52.000000000 +0200 |
2 | +++ Pound-3.0.1/include/pound.h.in 2022-04-05 12:35:33.796420709 +0200 | |
3 | @@ -68,8 +68,7 @@ | |
4 | #include <grp.h> | |
5 | #include <signal.h> | |
6 | #include <setjmp.h> | |
7 | -#include <mbedtls/config.h> | |
8 | -#include <mbedtls/certs.h> | |
9 | +#include <mbedtls/build_info.h> | |
10 | #include <mbedtls/oid.h> | |
11 | #include <mbedtls/asn1.h> | |
12 | #include <mbedtls/x509.h> | |
13 | --- Pound-3.0.1/CMakeLists.txt~ 2022-04-04 23:23:36.000000000 +0200 | |
14 | +++ Pound-3.0.1/CMakeLists.txt 2022-04-05 12:36:14.645777663 +0200 | |
15 | @@ -28,7 +28,7 @@ | |
16 | find_package(Threads REQUIRED) | |
17 | ||
18 | include(CheckIncludeFiles) | |
19 | -CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/config.h;mbedtls/certs.h;mbedtls/oid.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C) | |
20 | +CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/oid.h;mbedtls/build_info.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C) | |
21 | if(NOT HAVE_MANDATORY_INCLUDES) | |
22 | message(FATAL_ERROR "Missing mandatory header files!") | |
23 | endif() | |
24 | --- Pound-3.0.2/src/config.c.orig 2021-11-28 17:04:25.000000000 +0100 | |
25 | +++ Pound-3.0.2/src/config.c 2022-04-05 13:03:00.802981794 +0200 | |
26 | @@ -63,6 +63,19 @@ | |
27 | return res; | |
28 | } | |
29 | ||
30 | +static int mbedtls_rnd( void *rng_state, unsigned char *output, size_t len ) | |
31 | +{ | |
32 | + size_t i; | |
33 | + | |
34 | + if( rng_state != NULL ) | |
35 | + rng_state = NULL; | |
36 | + | |
37 | + for( i = 0; i < len; ++i ) | |
38 | + output[i] = rand(); | |
39 | + | |
40 | + return(0); | |
41 | +} | |
42 | + | |
43 | static void | |
44 | get_global(yaml_document_t *document, yaml_node_t *root) | |
45 | { | |
46 | @@ -380,11 +393,11 @@ | |
47 | if(mbedtls_x509_crt_parse_file(&res->certificate, filename)) | |
48 | fatal("SNI: can't read certificate %s", filename); | |
49 | mbedtls_pk_init(&res->key); | |
50 | - if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL)) | |
51 | + if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL, mbedtls_rnd, NULL)) | |
52 | fatal("SNI: can't read key %s", filename); | |
53 | utarray_new(hosts, ®ex_icd); | |
54 | for(cur = &res->certificate; cur != NULL; cur = cur->next) { | |
55 | - if(mbedtls_pk_check_pair(&cur->pk, &res->key)) | |
56 | + if(mbedtls_pk_check_pair(&cur->pk, &res->key, mbedtls_rnd, NULL)) | |
57 | continue; | |
58 | for(nd = &cur->subject; nd != NULL; nd = nd->next) | |
59 | if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) { | |
60 | --- Pound-3.0.2/src/http.c~ 2021-11-28 17:04:25.000000000 +0100 | |
61 | +++ Pound-3.0.2/src/http.c 2022-04-05 13:30:02.176298374 +0200 | |
62 | @@ -476,6 +476,7 @@ | |
63 | ||
64 | typedef struct cookie { | |
65 | mbedtls_ssl_context *fd; | |
66 | + mbedtls_net_context *ssl_fd; | |
67 | } COOKIE; | |
68 | ||
69 | static size_t | |
70 | @@ -506,13 +507,11 @@ | |
71 | { | |
72 | COOKIE *c; | |
73 | int res; | |
74 | - mbedtls_net_context *ssl_fd; | |
75 | ||
76 | c = (COOKIE *)cv; | |
77 | res = mbedtls_ssl_close_notify(c->fd); | |
78 | - ssl_fd = c->fd->p_bio; | |
79 | + mbedtls_net_free(c->ssl_fd); | |
80 | mbedtls_ssl_free(c->fd); | |
81 | - mbedtls_net_free(ssl_fd); | |
82 | return res; | |
83 | } | |
84 | ||
85 | @@ -580,6 +579,7 @@ | |
86 | crt_buf[0] = '\0'; | |
87 | /* for HTTP2: !strcmp(mbedtls_ssl_get_alpn_protocol(&ssl), "h2"), but we don't really need it */ | |
88 | c.fd = &ssl; | |
89 | + c.ssl_fd = &ssl_client; | |
90 | cio.read = (cookie_read_function_t *)c_read; | |
91 | cio.write = (cookie_write_function_t *)c_write; | |
92 | cio.seek = NULL; |