This repository has been archived by the owner on May 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
2.8.8-openssl.patch
117 lines (108 loc) · 3.98 KB
/
2.8.8-openssl.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
diff -Naur origsrc/xchat-2.8.8/src/common/server.c src/xchat-2.8.8/src/common/server.c
--- origsrc/xchat-2.8.8/src/common/server.c 2019-12-12 12:48:04.063415964 -0500
+++ src/xchat-2.8.8/src/common/server.c 2019-12-12 12:47:52.055415629 -0500
@@ -598,10 +598,22 @@
char buf[512];
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+/* OpenSSL 1.1.0 and up: */
+ X509 *current_cert = X509_STORE_CTX_get_current_cert (ctx);
+ if (!current_cert)
+ return TRUE;
+ X509_NAME_oneline (X509_get_subject_name (current_cert),
+ subject, sizeof (subject));
+ X509_NAME_oneline (X509_get_issuer_name (current_cert),
+ issuer, sizeof (issuer));
+#else
+/* Pre-OpenSSL 1.1.0: */
X509_NAME_oneline (X509_get_subject_name (ctx->current_cert), subject,
sizeof (subject));
X509_NAME_oneline (X509_get_issuer_name (ctx->current_cert), issuer,
sizeof (issuer));
+#endif
snprintf (buf, sizeof (buf), "* Subject: %s", subject);
EMIT_SIGNAL (XP_TE_SSLMESSAGE, g_sess, buf, NULL, NULL, NULL, 0);
@@ -751,8 +763,16 @@
return (0); /* remove it (0) */
} else
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+/* OpenSSL < 1.10 */
if (serv->ssl->session && serv->ssl->session->time + SSLTMOUT < time (NULL))
{
+#else
+/* OpenSSL 1.1.0 up */
+ SSL_SESSION *session = SSL_get_session (serv->ssl);
+ if (session && SSL_SESSION_get_time (session) + SSLTMOUT < time (NULL))
+ {
+#endif
snprintf (buf, sizeof (buf), "SSL handshake timed out");
EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, buf, NULL,
NULL, NULL, 0);
diff -Naur origsrc/xchat-2.8.8/src/common/ssl.c src/xchat-2.8.8/src/common/ssl.c
--- origsrc/xchat-2.8.8/src/common/ssl.c 2019-12-12 12:48:06.839416041 -0500
+++ src/xchat-2.8.8/src/common/ssl.c 2019-12-12 12:47:55.235415717 -0500
@@ -70,7 +70,7 @@
SSLeay_add_ssl_algorithms ();
SSL_load_error_strings ();
- ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());
+ ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ());
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout (ctx, 300);
@@ -136,6 +136,10 @@
_SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
{
X509 *peer_cert;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ X509_PUBKEY *key;
+ X509_ALGOR *algor = NULL;
+#endif
EVP_PKEY *peer_pkey;
/* EVP_PKEY *ca_pkey; */
/* EVP_PKEY *tmp_pkey; */
@@ -155,8 +159,18 @@
broke_oneline (cert_info->subject, cert_info->subject_word);
broke_oneline (cert_info->issuer, cert_info->issuer_word);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+/* Old OpenSSL */
alg = OBJ_obj2nid (peer_cert->cert_info->key->algor->algorithm);
sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
+#else
+/* New OpenSSL */
+ key = X509_get_X509_PUBKEY(peer_cert);
+ if (!X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key))
+ return 1;
+ alg = OBJ_obj2nid (algor->algorithm);
+ sign_alg = X509_get_signature_nid (peer_cert);
+#endif
ASN1_TIME_snprintf (notBefore, sizeof (notBefore),
X509_get_notBefore (peer_cert));
ASN1_TIME_snprintf (notAfter, sizeof (notAfter),
@@ -171,7 +185,6 @@
strncpy (cert_info->sign_algorithm,
(sign_alg == NID_undef) ? "Unknown" : OBJ_nid2ln (sign_alg),
sizeof (cert_info->sign_algorithm));
- /* EVP_PKEY_bits(ca_pkey)); */
cert_info->sign_algorithm_bits = 0;
strncpy (cert_info->notbefore, notBefore, sizeof (cert_info->notbefore));
strncpy (cert_info->notafter, notAfter, sizeof (cert_info->notafter));
@@ -274,6 +287,7 @@
_SSL_socket (SSL_CTX *ctx, int sd)
{
SSL *ssl;
+ const SSL_METHOD *method;
if (!(ssl = SSL_new (ctx)))
@@ -281,7 +295,14 @@
__SSL_critical_error ("SSL_new");
SSL_set_fd (ssl, sd);
- if (ctx->method == SSLv3_client_method())
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+/* Old OpenSSL */
+ method = ctx->method;
+#else
+/* New OpenSSL */
+ method = SSL_CTX_get_ssl_method (ctx);
+#endif
+ if (method == SSLv23_client_method())
SSL_set_connect_state (ssl);
else
SSL_set_accept_state(ssl);