gentoo-overlay/www-servers/cherokee/files/cherokee-1.2.104-openssl.patch

96 lines
4.2 KiB
Diff
Raw Normal View History

diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl.c webserver-1.2.104/cherokee/cryptor_libssl.c
--- webserver-1.2.104.orig/cherokee/cryptor_libssl.c 2014-04-01 11:12:48.000000000 -0600
+++ webserver-1.2.104/cherokee/cryptor_libssl.c 2022-03-18 05:44:45.000000000 -0600
@@ -238,13 +238,13 @@ cherokee_cryptor_libssl_find_vserver (SS
/* SSL_set_SSL_CTX() only change certificates. We need to
* changes more options by hand.
*/
- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
+ SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl)));
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
(SSL_num_renegotiations(ssl) == 0)) {
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
- SSL_CTX_get_verify_callback(ssl->ctx));
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)),
+ SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl)));
}
return ret_ok;
@@ -792,9 +792,7 @@ _socket_init_tls (cherokee_cryptor_socke
/* Disable Ciphers renegotiation (CVE-2009-3555)
*/
- if (cryp->session->s3) {
- cryp->session->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
- }
+ SSL_set_options(cryp->session, SSL_OP_NO_RENEGOTIATION);
return ret_ok;
}
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_1024.c webserver-1.2.104/cherokee/cryptor_libssl_dh_1024.c
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_1024.c 2014-04-01 11:12:48.000000000 -0600
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_1024.c 2022-03-18 05:08:11.000000000 -0600
@@ -23,9 +23,9 @@ static DH *get_dh1024()
DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_set0_pqg(dh, BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL),
+ NULL, BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL));
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
DH_free(dh); return(NULL);
}
return(dh);
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_2048.c webserver-1.2.104/cherokee/cryptor_libssl_dh_2048.c
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_2048.c 2014-04-01 11:12:48.000000000 -0600
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_2048.c 2022-03-18 05:09:20.000000000 -0600
@@ -34,9 +34,9 @@ static DH *get_dh2048()
DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_set0_pqg(dh, BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
+ NULL, BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL));
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
DH_free(dh); return(NULL);
}
return(dh);
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_4096.c webserver-1.2.104/cherokee/cryptor_libssl_dh_4096.c
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_4096.c 2014-04-01 11:12:48.000000000 -0600
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_4096.c 2022-03-18 05:10:34.000000000 -0600
@@ -55,9 +55,9 @@ static DH *get_dh4096()
DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);
- dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_set0_pqg(dh, BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL),
+ NULL, BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL));
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
DH_free(dh); return(NULL);
}
return(dh);
diff -puriN webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_512.c webserver-1.2.104/cherokee/cryptor_libssl_dh_512.c
--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_512.c 2014-04-01 11:12:48.000000000 -0600
+++ webserver-1.2.104/cherokee/cryptor_libssl_dh_512.c 2022-03-18 05:05:46.000000000 -0600
@@ -18,9 +18,9 @@ static DH *get_dh512()
DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_set0_pqg(dh, BN_bin2bn(dh512_p,sizeof(dh512_p),NULL),
+ NULL, BN_bin2bn(dh512_g,sizeof(dh512_g),NULL));
+ if ((DH_get0_p(dh) == NULL) || (DH_get0_g(dh) == NULL)) {
DH_free(dh); return(NULL);
}
return(dh);