mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-25 12:15:32 +03:00
community/alpine: fix download, cert validation
also create debug subpackage
This commit is contained in:
Kaarle Ritvanen
parent
e16abe5408
commit
46394f56c5
2 changed files with 72 additions and 7 deletions
|
|
@ -0,0 +1,63 @@
|
||||||
|
From 381647e651dd17f2a48b66a1cc358db3f3be6f98 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
|
||||||
|
Date: Fri, 6 Mar 2020 20:05:14 +0200
|
||||||
|
Subject: [PATCH] ssl_unix: fix server name validation
|
||||||
|
|
||||||
|
look for CN instead of checking only the first RDN
|
||||||
|
---
|
||||||
|
imap/src/osdep/unix/ssl_unix.c | 29 ++++++++++++-----------------
|
||||||
|
1 file changed, 12 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
|
||||||
|
index 4ebe1ae..24a503f 100644
|
||||||
|
--- a/imap/src/osdep/unix/ssl_unix.c
|
||||||
|
+++ b/imap/src/osdep/unix/ssl_unix.c
|
||||||
|
@@ -507,7 +507,7 @@ static int ssl_open_verify (int ok,X509_STORE_CTX *ctx)
|
||||||
|
|
||||||
|
static char *ssl_validate_cert (X509 *cert,char *host)
|
||||||
|
{
|
||||||
|
- int i,j,n, m = 0;
|
||||||
|
+ int i,n, m = 0;
|
||||||
|
char *s=NULL,*t,*ret = NIL;
|
||||||
|
void *ext;
|
||||||
|
GENERAL_NAME *name;
|
||||||
|
@@ -540,25 +540,20 @@ static char *ssl_validate_cert (X509 *cert,char *host)
|
||||||
|
/* Method 2, use cname */
|
||||||
|
if(m == 0 || ret != NIL){
|
||||||
|
cname = X509_get_subject_name(cert);
|
||||||
|
- for(j = 0, ret = NIL; j < X509_NAME_entry_count(cname) && ret == NIL; j++){
|
||||||
|
- if((e = X509_NAME_get_entry(cname, j)) != NULL){
|
||||||
|
- X509_NAME_get_text_by_OBJ(cname, X509_NAME_ENTRY_get_object(e), buf, sizeof(buf));
|
||||||
|
- s = (char *) buf;
|
||||||
|
- }
|
||||||
|
- else s = NIL;
|
||||||
|
- if (s != NIL) {
|
||||||
|
+ s = X509_NAME_get_text_by_NID(cname, NID_commonName, buf, sizeof(buf)) > 0 ?
|
||||||
|
+ (char *) buf : NIL;
|
||||||
|
+ if (s != NIL) {
|
||||||
|
/* host name matches pattern? */
|
||||||
|
- ret = ssl_compare_hostnames (host,s) ? NIL :
|
||||||
|
- "Server name does not match certificate";
|
||||||
|
+ ret = ssl_compare_hostnames (host,s) ? NIL :
|
||||||
|
+ "Server name does not match certificate";
|
||||||
|
/* if mismatch, see if in extensions */
|
||||||
|
- if (ret && (ext = X509_get_ext_d2i (cert,NID_subject_alt_name,NIL,NIL)) &&
|
||||||
|
- (n = sk_GENERAL_NAME_num (ext)))
|
||||||
|
+ if (ret && (ext = X509_get_ext_d2i (cert,NID_subject_alt_name,NIL,NIL)) &&
|
||||||
|
+ (n = sk_GENERAL_NAME_num (ext)))
|
||||||
|
/* older versions of OpenSSL use "ia5" instead of dNSName */
|
||||||
|
- for (i = 0; ret && (i < n); i++)
|
||||||
|
- if ((name = sk_GENERAL_NAME_value (ext,i)) &&
|
||||||
|
- (name->type = GEN_DNS) && (s = name->d.ia5->data) &&
|
||||||
|
- ssl_compare_hostnames (host,s)) ret = NIL;
|
||||||
|
- }
|
||||||
|
+ for (i = 0; ret && (i < n); i++)
|
||||||
|
+ if ((name = sk_GENERAL_NAME_value (ext,i)) &&
|
||||||
|
+ (name->type = GEN_DNS) && (s = name->d.ia5->data) &&
|
||||||
|
+ ssl_compare_hostnames (host,s)) ret = NIL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
||||||
|
|
@ -1,19 +1,20 @@
|
||||||
# Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
|
# Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
|
||||||
pkgname=alpine
|
pkgname=alpine
|
||||||
pkgver=2.22
|
pkgver=2.22
|
||||||
_ver=${pkgver%_p*}
|
_commit=7e3b3be
|
||||||
_pver=${pkgver##*_p}
|
pkgrel=1
|
||||||
pkgrel=0
|
|
||||||
pkgdesc="Text-based email client, friendly for novices but powerful"
|
pkgdesc="Text-based email client, friendly for novices but powerful"
|
||||||
url="http://alpine.x10host.com/alpine/"
|
url="http://alpine.x10host.com/alpine/"
|
||||||
arch="all"
|
arch="all"
|
||||||
license="Apache-2.0"
|
license="Apache-2.0"
|
||||||
makedepends="openldap-dev heimdal-dev ncurses-dev openssl-dev
|
makedepends="openldap-dev heimdal-dev ncurses-dev openssl-dev
|
||||||
automake autoconf libtool gettext-dev"
|
automake autoconf libtool gettext-dev"
|
||||||
subpackages="$pkgname-doc"
|
subpackages="$pkgname-dbg $pkgname-doc"
|
||||||
source="http://alpine.x10host.com/alpine/release/src/alpine-$pkgver.tar.xz
|
source="$pkgname-$pkgver.tar.gz::https://repo.or.cz/alpine.git/snapshot/v$pkgver.tar.gz
|
||||||
uclibc-musl.patch
|
uclibc-musl.patch
|
||||||
|
0001-ssl_unix-fix-server-name-validation.patch
|
||||||
"
|
"
|
||||||
|
builddir="$srcdir/$pkgname-v$pkgver-$_commit"
|
||||||
|
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
|
|
@ -38,5 +39,6 @@ package() {
|
||||||
make DESTDIR="$pkgdir" install
|
make DESTDIR="$pkgdir" install
|
||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="7737dce02ac94170948df7fccb61380c6cb101190e37f5b3ba281d573f54df1db24569d177b460f49bfff381a922be2e4b0f3a0f1a213d88a64d361aedc3c4f1 alpine-2.22.tar.xz
|
sha512sums="5d10c68374337dbaed9a8dcca91a17a20dfe240a13b28107574a8e37db70eaf3c959654c7f8ffc2d4292f643f4ea64344718bc8eda9fc5cda9955337f58aa7c3 alpine-2.22.tar.gz
|
||||||
1b14352571dd12749bbb6ebc1fd468dbb5a8e4d7a27e87f5baeb00a60d5c1a016d925c6bc776da7e1dbf0ad8d799a65049b64774113274d7ffb07c7b1b196775 uclibc-musl.patch"
|
1b14352571dd12749bbb6ebc1fd468dbb5a8e4d7a27e87f5baeb00a60d5c1a016d925c6bc776da7e1dbf0ad8d799a65049b64774113274d7ffb07c7b1b196775 uclibc-musl.patch
|
||||||
|
5e10289f292139bf576e40bda0f3539d62024309650473a2fdbb281e5d7691cc4c1d3d21f78615e2c900766eddba076f512d92f60d4fbb61e1683f35cba185aa 0001-ssl_unix-fix-server-name-validation.patch"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue