rpms/libesmtp/EL-5 libesmtp-1.0.4-ssl.patch, NONE, 1.1 .cvsignore, 1.5, 1.6 libesmtp.spec, 1.9, 1.10 sources, 1.6, 1.7 nobranch, 1.1, NONE
Pawel Salek
pawsa at fedoraproject.org
Wed Jul 7 21:53:27 UTC 2010
Author: pawsa
Update of /cvs/pkgs/rpms/libesmtp/EL-5
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv13287
Modified Files:
.cvsignore libesmtp.spec sources
Added Files:
libesmtp-1.0.4-ssl.patch
Removed Files:
nobranch
Log Message:
- Use SSL patch by Ludwig Nussel of SUSE (bugzilla att id 399130).
libesmtp-1.0.4-ssl.patch:
smtp-tls.c | 109 ++++++++++++++++++++++++++++++++++---------------------------
1 file changed, 61 insertions(+), 48 deletions(-)
--- NEW FILE libesmtp-1.0.4-ssl.patch ---
- fix broken match_component()
- fix \0 in CN and subjAltname
- don't use CN if dNSName in subjAltname
- use most specific (=last) CN instead of the first
Index: libesmtp-1.0.4/smtp-tls.c
===================================================================
--- libesmtp-1.0.4.orig/smtp-tls.c
+++ libesmtp-1.0.4/smtp-tls.c
@@ -439,16 +439,24 @@ static int
match_component (const char *dom, const char *edom,
const char *ref, const char *eref)
{
+ int wildcard = 0;
+
while (dom < edom && ref < eref)
{
/* Accept a final '*' in the reference as a wildcard */
if (*ref == '*' && ref + 1 == eref)
- break;
+ {
+ wildcard = 1;
+ break;
+ }
/* compare the domain name case insensitive */
if (!(*dom == *ref || tolower (*dom) == tolower (*ref)))
return 0;
ref++, dom++;
}
+ if (!wildcard && (dom < edom || ref < eref))
+ return 0;
+
return 1;
}
@@ -492,7 +500,6 @@ static int
check_acceptable_security (smtp_session_t session, SSL *ssl)
{
X509 *cert;
- char buf[256];
int bits;
long vfy_result;
int ok;
@@ -541,65 +548,71 @@ check_acceptable_security (smtp_session_
}
else
{
- int i, j, extcount;
+ char buf[256] = {0};
+ STACK_OF(GENERAL_NAME) *altnames;
+ int hasaltname = 0;
- extcount = X509_get_ext_count (cert);
- for (i = 0; i < extcount; i++)
+ altnames = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
+ if (altnames != NULL)
{
- const char *extstr;
- X509_EXTENSION *ext = X509_get_ext (cert, i);
-
- extstr = OBJ_nid2sn (OBJ_obj2nid (X509_EXTENSION_get_object (ext)));
- if (strcmp (extstr, "subjectAltName") == 0)
+ int i;
+ for (i = 0; i < sk_GENERAL_NAME_num (altnames); ++i)
{
- unsigned char *data;
- STACK_OF(CONF_VALUE) *val;
- CONF_VALUE *nval;
- X509V3_EXT_METHOD *meth;
- void *ext_str = NULL;
- int stack_len;
-
- meth = X509V3_EXT_get (ext);
- if (meth == NULL)
- break;
- data = ext->value->data;
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
- if (meth->it)
- ext_str = ASN1_item_d2i (NULL, &data, ext->value->length,
- ASN1_ITEM_ptr (meth->it));
- else
-#endif
- ext_str = meth->d2i (NULL, &data, ext->value->length);
- val = meth->i2v (meth, ext_str, NULL);
- stack_len = sk_CONF_VALUE_num (val);
- for (j = 0; j < stack_len; j++)
+ GENERAL_NAME *name = sk_GENERAL_NAME_value (altnames, i);
+ if (name->type == GEN_DNS)
{
- nval = sk_CONF_VALUE_value (val, j);
- if (strcmp (nval->name, "DNS") == 0
- && match_domain (session->host, nval->value))
+ const ASN1_IA5STRING* ia5str = name->d.ia5;
+ hasaltname = 1;
+ if (strlen ((const char *)ia5str->data) == ia5str->length
+ && match_domain (session->host, (const char *)ia5str->data))
+ ok = 1;
+ else
{
- ok = 1;
- break;
+ *buf = 0;
+ strncat(buf, (const char *)ia5str->data, sizeof(buf)-1);
}
}
+ // TODO: handle GEN_IPADD
}
- if (ok)
- break;
+ sk_GENERAL_NAME_pop_free (altnames, GENERAL_NAME_free);
}
- if (!ok)
+
+ if (!hasaltname)
{
- /* Matching by subjectAltName failed, try commonName */
- X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
- NID_commonName, buf, sizeof buf);
- if (!match_domain (session->host, buf) != 0)
+ X509_NAME *subj = X509_get_subject_name(cert);
+ if (subj)
{
- if (session->event_cb != NULL)
- (*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE,
- session->event_cb_arg, &ok, buf, ssl);
+ ASN1_STRING *cn;
+ int idx, i = -1;
+ do
+ {
+ idx = i;
+ }
+ while((i = X509_NAME_get_index_by_NID(subj, NID_commonName, i)) >= 0);
+
+ if (idx >= 0 && (cn = X509_NAME_ENTRY_get_data (X509_NAME_get_entry (subj, idx))))
+ {
+ unsigned char* str = NULL;
+ int len = ASN1_STRING_to_UTF8 (&str, cn);
+ if (str)
+ {
+ if (strlen((char*)str) == len && match_domain(session->host, (char*)str))
+ ok = 1;
+ else
+ {
+ *buf = 0;
+ strncat(buf, (char *)str, sizeof(buf)-1);
+ }
+ OPENSSL_free(str);
+ }
+ }
}
- else
- ok = 1;
}
+
+ if (!ok && session->event_cb != NULL)
+ (*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE,
+ session->event_cb_arg, &ok, buf, ssl);
+
X509_free (cert);
}
return ok;
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/libesmtp/EL-5/.cvsignore,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- .cvsignore 24 Mar 2006 23:00:39 -0000 1.5
+++ .cvsignore 7 Jul 2010 21:53:27 -0000 1.6
@@ -1,3 +1 @@
-libesmtp-1.0.4-ssl.patch
-libesmtp-build.patch
libesmtp-1.0.4.tar.bz2
Index: libesmtp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libesmtp/EL-5/libesmtp.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- libesmtp.spec 18 Dec 2007 11:17:35 -0000 1.9
+++ libesmtp.spec 7 Jul 2010 21:53:27 -0000 1.10
@@ -3,11 +3,12 @@
Summary: SMTP client library
Name: libesmtp
Version: 1.0.4
-Release: 5%{?dist}
+Release: 7%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: http://www.stafford.uklinux.net/libesmtp/%{name}-%{version}.tar.bz2
Patch1: libesmtp-build.patch
+Patch2: libesmtp-1.0.4-ssl.patch
URL: http://www.stafford.uklinux.net/libesmtp/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel pkgconfig
@@ -37,7 +38,7 @@ necessary for building programs against
%prep
%setup -q
%patch1 -p1 -b .build
-#%patch2 -p1 -b .ssl
+%patch2 -p1 -b .ssl
# Keep rpmlint happy about libesmtp-debuginfo...
chmod a-x htable.c
@@ -52,11 +53,31 @@ fi
--enable-require-all-recipients --enable-debug \
--enable-etrn --disable-isoc --disable-more-warnings --disable-static
make %{?_smp_mflags}
+cat << "EOF" > libesmtp.pc
+prefix=%{_prefix}
+exec_prefix=%{_prefix}
+libdir=%{_libdir}
+includedir=%{_includedir}
+
+Name: libESMTP
+Version: %{version}
+Description: SMTP client library.
+Requires: openssl
+Libs: -pthread -L${libdir} -lesmtp
+Cflags:
+EOF
+
+cat << "EOF" > libesmtp-config
+#! /bin/sh
+exec pkg-config "$@" libesmtp
+EOF
%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install INSTALL='install -p'
rm $RPM_BUILD_ROOT/%{_libdir}/*.la
+rm $RPM_BUILD_ROOT/%{_libdir}/esmtp-plugins/*.la
+install -p -m644 -D libesmtp.pc $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libesmtp.pc
%clean
@@ -78,8 +99,13 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/libesmtp-config
%{_prefix}/include/*
%{_libdir}/libesmtp.so
+%{_libdir}/pkgconfig/libesmtp.pc
%changelog
+* Wed Jul 7 2010 Pawel Salek <pawsa at theochem.kth.se> - 1.0.4-7
+
+- Use SSL patch by Ludwig Nussel of SUSE (bugzilla att id 399130).
+
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.0.4-5
- Rebuild for deps
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/libesmtp/EL-5/sources,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- sources 18 Dec 2007 11:17:35 -0000 1.6
+++ sources 7 Jul 2010 21:53:27 -0000 1.7
@@ -1,2 +1 @@
-8ddc9f7691fa3561e4a73dafb6658369 libesmtp-1.0.4-ssl.patch
8b4e8a794adc46268f0c6a0b3fb79486 libesmtp-1.0.4.tar.bz2
--- nobranch DELETED ---
More information about the scm-commits
mailing list