[ssmtp] corrected TLS patch
wolfy
wolfy at fedoraproject.org
Tue Aug 20 07:40:26 UTC 2013
commit 9cf15159e1f296c1f2ae1b9a2e097a5d24c76260
Author: Manuel Wolfshant <wolfy at fedoraproject.org>
Date: Tue Aug 20 10:40:07 2013 +0300
corrected TLS patch
ssmtp-validate-TLS-server-cert.patch | 81 +++++++++++++++++-----------------
ssmtp.spec | 5 ++-
2 files changed, 45 insertions(+), 41 deletions(-)
---
diff --git a/ssmtp-validate-TLS-server-cert.patch b/ssmtp-validate-TLS-server-cert.patch
index f10a30b..96cb331 100644
--- a/ssmtp-validate-TLS-server-cert.patch
+++ b/ssmtp-validate-TLS-server-cert.patch
@@ -1,6 +1,23 @@
-diff -up ssmtp-2.64/ssmtp.c.old ssmtp-2.64/ssmtp.c
---- ssmtp-2.64/ssmtp.c.old 2012-10-13 06:39:35.933898733 +0300
-+++ ssmtp-2.64/ssmtp.c 2012-10-13 06:47:44.840337301 +0300
+diff -up ssmtp-2.64/ssmtp.conf.5.orig ssmtp-2.64/ssmtp.conf.5
+--- ssmtp-2.64/ssmtp.conf.5.orig 2013-08-20 10:09:28.912253115 +0300
++++ ssmtp-2.64/ssmtp.conf.5 2013-08-20 10:10:05.666212495 +0300
+@@ -53,6 +53,13 @@ See RFC 2487.
+ .Pp
+ .It Cm TLSCert
+ The file name of an RSA certificate to use for TLS, if required.
++.It Cm TLSKey
++The file name of an RSA key to use for TLS, if required.
++.It Cm TLS_CA_File
++A file of trusted certificates for validating the server, if required.
++.Pp
++.It Cm TLS_CA_Dir
++A directory of trusted certificates for validating the server, if required.
+ .Pp
+ .It Cm AuthUser
+ The user name to use for SMTP AUTH.
+diff -up ssmtp-2.64/ssmtp.c.orig ssmtp-2.64/ssmtp.c
+--- ssmtp-2.64/ssmtp.c.orig 2013-08-20 10:09:03.510255402 +0300
++++ ssmtp-2.64/ssmtp.c 2013-08-20 10:10:05.666212495 +0300
@@ -69,7 +69,10 @@ char *minus_F = (char)NULL;
char *gecos;
char *prog = (char)NULL;
@@ -47,7 +64,7 @@ diff -up ssmtp-2.64/ssmtp.c.old ssmtp-2.64/ssmtp.c
#endif
/* Command-line overrides these */
else if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
-@@ -1167,6 +1197,8 @@ int smtp_open(char *host, int port)
+@@ -1168,6 +1198,8 @@ int smtp_open(char *host, int port)
#ifdef HAVE_SSL
int err;
@@ -56,7 +73,7 @@ diff -up ssmtp-2.64/ssmtp.c.old ssmtp-2.64/ssmtp.c
char buf[(BUF_SZ + 1)];
/* Init SSL stuff */
-@@ -1189,7 +1221,7 @@ int smtp_open(char *host, int port)
+@@ -1190,7 +1222,7 @@ int smtp_open(char *host, int port)
return(-1);
}
@@ -65,25 +82,24 @@ diff -up ssmtp-2.64/ssmtp.c.old ssmtp-2.64/ssmtp.c
perror("Use PrivateKey");
return(-1);
}
-@@ -1198,6 +1230,17 @@ int smtp_open(char *host, int port)
- log_event(LOG_ERR, "Private key does not match the certificate public key\n");
+@@ -1200,6 +1232,16 @@ int smtp_open(char *host, int port)
return(-1);
}
-+
-+ if (tls_ca_file || tls_ca_dir) {
-+ if(!SSL_CTX_load_verify_locations(ctx, tls_ca_file, tls_ca_dir)) {
-+ ulerr = ERR_get_error();
-+ log_event(LOG_ERR, "Error setting verify location: %s",
-+ ERR_reason_error_string(ulerr));
-+ return(-1);
-+ }
-+ }
-+
-+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
}
++ if (tls_ca_file || tls_ca_dir) {
++ if(!SSL_CTX_load_verify_locations(ctx, tls_ca_file, tls_ca_dir)) {
++ ulerr = ERR_get_error();
++ log_event(LOG_ERR, "Error setting verify location: %s",
++ ERR_reason_error_string(ulerr));
++ return(-1);
++ }
++ }
++
++ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
#endif
-@@ -1302,14 +1345,20 @@ int smtp_open(char *host, int port)
+ #ifdef INET6
+@@ -1303,14 +1345,20 @@ int smtp_open(char *host, int port)
ssl = SSL_new(ctx);
if(!ssl) {
@@ -106,7 +122,7 @@ diff -up ssmtp-2.64/ssmtp.c.old ssmtp-2.64/ssmtp.c
return(-1);
}
-@@ -1323,8 +1372,6 @@ int smtp_open(char *host, int port)
+@@ -1324,8 +1372,6 @@ int smtp_open(char *host, int port)
return(-1);
}
X509_free(server_cert);
@@ -115,26 +131,9 @@ diff -up ssmtp-2.64/ssmtp.c.old ssmtp-2.64/ssmtp.c
}
#endif
-diff -up ssmtp-2.64/ssmtp.conf.5.old ssmtp-2.64/ssmtp.conf.5
---- ssmtp-2.64/ssmtp.conf.5.old 2008-02-29 04:50:15.000000000 +0200
-+++ ssmtp-2.64/ssmtp.conf.5 2012-10-13 06:41:31.098787606 +0300
-@@ -53,6 +53,13 @@ See RFC 2487.
- .Pp
- .It Cm TLSCert
- The file name of an RSA certificate to use for TLS, if required.
-+.It Cm TLSKey
-+The file name of an RSA key to use for TLS, if required.
-+.It Cm TLS_CA_File
-+A file of trusted certificates for validating the server, if required.
-+.Pp
-+.It Cm TLS_CA_Dir
-+A directory of trusted certificates for validating the server, if required.
- .Pp
- .It Cm AuthUser
- The user name to use for SMTP AUTH.
-diff -up ssmtp-2.64/TLS.old ssmtp-2.64/TLS
---- ssmtp-2.64/TLS.old 2004-04-23 15:32:07.000000000 +0300
-+++ ssmtp-2.64/TLS 2012-10-13 06:41:31.098787606 +0300
+diff -up ssmtp-2.64/TLS.orig ssmtp-2.64/TLS
+--- ssmtp-2.64/TLS.orig 2013-08-20 10:09:52.524212818 +0300
++++ ssmtp-2.64/TLS 2013-08-20 10:10:05.667213425 +0300
@@ -26,9 +26,13 @@ Set this to yes to make ssmtp identify i
TLSCert=<file>
Specify which certificate file should be used.
@@ -150,3 +149,5 @@ diff -up ssmtp-2.64/TLS.old ssmtp-2.64/TLS
+
+TLS_CA_Dir=<file>
+Optional directory of trusted certificates for validating the server.
+
+
diff --git a/ssmtp.spec b/ssmtp.spec
index a14dbaa..cf38ec1 100644
--- a/ssmtp.spec
+++ b/ssmtp.spec
@@ -1,6 +1,6 @@
Name: ssmtp
Version: 2.64
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: Extremely simple MTA to get mail off the system to a Mailhub
Group: Applications/Internet
License: GPLv2+
@@ -138,6 +138,9 @@ fi
%changelog
+* Wed Aug 20 2013 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 2.64-9
+- replace TLS patch with a corrected one. thanks Till Maas for the fix
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.64-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list