1 --- Pound-3.0.1/include/pound.h.in~ 2021-08-23 17:31:52.000000000 +0200
2 +++ Pound-3.0.1/include/pound.h.in 2022-04-05 12:35:33.796420709 +0200
7 -#include <mbedtls/config.h>
8 -#include <mbedtls/certs.h>
9 +#include <mbedtls/build_info.h>
10 #include <mbedtls/oid.h>
11 #include <mbedtls/asn1.h>
12 #include <mbedtls/x509.h>
13 --- Pound-3.0.1/CMakeLists.txt~ 2022-04-04 23:23:36.000000000 +0200
14 +++ Pound-3.0.1/CMakeLists.txt 2022-04-05 12:36:14.645777663 +0200
16 find_package(Threads REQUIRED)
18 include(CheckIncludeFiles)
19 -CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/config.h;mbedtls/certs.h;mbedtls/oid.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
20 +CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/oid.h;mbedtls/build_info.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
21 if(NOT HAVE_MANDATORY_INCLUDES)
22 message(FATAL_ERROR "Missing mandatory header files!")
24 --- Pound-3.0.2/src/config.c.orig 2021-11-28 17:04:25.000000000 +0100
25 +++ Pound-3.0.2/src/config.c 2022-04-05 13:03:00.802981794 +0200
30 +static int mbedtls_rnd( void *rng_state, unsigned char *output, size_t len )
34 + if( rng_state != NULL )
37 + for( i = 0; i < len; ++i )
44 get_global(yaml_document_t *document, yaml_node_t *root)
47 if(mbedtls_x509_crt_parse_file(&res->certificate, filename))
48 fatal("SNI: can't read certificate %s", filename);
49 mbedtls_pk_init(&res->key);
50 - if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL))
51 + if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL, mbedtls_rnd, NULL))
52 fatal("SNI: can't read key %s", filename);
53 utarray_new(hosts, ®ex_icd);
54 for(cur = &res->certificate; cur != NULL; cur = cur->next) {
55 - if(mbedtls_pk_check_pair(&cur->pk, &res->key))
56 + if(mbedtls_pk_check_pair(&cur->pk, &res->key, mbedtls_rnd, NULL))
58 for(nd = &cur->subject; nd != NULL; nd = nd->next)
59 if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) {
60 --- Pound-3.0.2/src/http.c~ 2021-11-28 17:04:25.000000000 +0100
61 +++ Pound-3.0.2/src/http.c 2022-04-05 13:30:02.176298374 +0200
64 typedef struct cookie {
65 mbedtls_ssl_context *fd;
66 + mbedtls_net_context *ssl_fd;
74 - mbedtls_net_context *ssl_fd;
77 res = mbedtls_ssl_close_notify(c->fd);
78 - ssl_fd = c->fd->p_bio;
79 + mbedtls_net_free(c->ssl_fd);
80 mbedtls_ssl_free(c->fd);
81 - mbedtls_net_free(ssl_fd);
87 /* for HTTP2: !strcmp(mbedtls_ssl_get_alpn_protocol(&ssl), "h2"), but we don't really need it */
89 + c.ssl_fd = &ssl_client;
90 cio.read = (cookie_read_function_t *)c_read;
91 cio.write = (cookie_write_function_t *)c_write;