[m2crypto] Add minimal SNI support
Miloslav Trmac
mitr at fedoraproject.org
Wed Dec 18 02:15:06 UTC 2013
commit 61093d89c29c1bbc4e76a52deda8bb0956da6528
Author: Miloslav Trmač <mitr at redhat.com>
Date: Tue Dec 17 02:45:32 2013 +0100
Add minimal SNI support
m2crypto-0.21.1-sni.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
m2crypto.spec | 8 ++++++++
2 files changed, 51 insertions(+), 0 deletions(-)
---
diff --git a/m2crypto-0.21.1-sni.patch b/m2crypto-0.21.1-sni.patch
new file mode 100644
index 0000000..cfc40d7
--- /dev/null
+++ b/m2crypto-0.21.1-sni.patch
@@ -0,0 +1,43 @@
+Based on https://bugzilla.osafoundation.org/attachment.cgi?id=5760
+by Sander Steffann <sander at steffann.nl>.
+
+diff -ur M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py
+--- M2Crypto/M2Crypto/SSL/Connection.py 2013-12-17 02:01:49.843287273 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-12-17 02:28:28.357633159 +0100
+@@ -368,3 +368,7 @@
+
+ def set_post_connection_check_callback(self, postConnectionCheck):
+ self.postConnectionCheck = postConnectionCheck
++
++ def set_tlsext_host_name(self, name):
++ "Set the requested hostname for the SNI (Server Name Indication) extension"
++ m2.ssl_set_tlsext_host_name(self.ssl, name)
+diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
+--- M2Crypto/SWIG/_ssl.i 2013-12-17 02:01:49.863287264 +0100
++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-17 02:39:28.138364398 +0100
+@@ -15,6 +15,7 @@
+ #include <openssl/bio.h>
+ #include <openssl/dh.h>
+ #include <openssl/ssl.h>
++#include <openssl/tls1.h>
+ #include <openssl/x509.h>
+ #include <poll.h>
+ #include <sys/time.h>
+@@ -398,6 +399,17 @@
+ return SSL_get_mode(ssl);
+ }
+
++int ssl_set_tlsext_host_name(SSL *ssl, const char *name) {
++ long l;
++
++ if (!(l = SSL_set_tlsext_host_name(ssl, name))) {
++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
++ return -1;
++ }
++ /* Return an "int" to match the 'typemap(out) int' in _lib.i */
++ return 1;
++}
++
+ void ssl_set_client_CA_list_from_file(SSL *ssl, const char *ca_file) {
+ SSL_set_client_CA_list(ssl, SSL_load_client_CA_file(ca_file));
+ }
diff --git a/m2crypto.spec b/m2crypto.spec
index f789851..56635db 100644
--- a/m2crypto.spec
+++ b/m2crypto.spec
@@ -32,6 +32,8 @@ Patch9: m2crypto-0.21.1-certs.patch
Patch10: m2crypto-0.21.1-ssl23.patch
# https://bugzilla.osafoundation.org/show_bug.cgi?id=13098
Patch11: m2crypto-0.21.1-SSL_CTX_new.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13073
+Patch12: m2crypto-0.21.1-sni.patch
License: MIT
Group: System Environment/Libraries
URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
@@ -59,6 +61,7 @@ This package allows you to call OpenSSL functions from python scripts.
openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER
%patch10 -p0 -b .ssl23
%patch11 -p1 -b .SSL_CTX_new
+%patch12 -p1 -b .sni
# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
# doesn't follow the #include.
@@ -120,6 +123,11 @@ rm tests/*.{pem,py}.* # Patch backup files
%{python_sitearch}/M2Crypto-*.egg-info
%changelog
+* Tue Dec 17 2013 Miloslav Trmač <mitr at redhat.com> - 0.21.1-13
+- Add minimal SNI support, based on a patch by Sander Steffann
+ <sander at steffann.nl>
+ Resolves: #1029246
+
* Sat Dec 7 2013 Miloslav Trmač <mitr at redhat.com> - 0.21.1-13
- Fix incorrect exception handling of SSL_CTX_new (manifesting in FIPS mode)
Resolves: #879043
More information about the scm-commits
mailing list