diff options
| author | Matt Weber <matthew.weber@rockwellcollins.com> | 2019-02-05 06:38:54 -0600 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2019-02-05 15:02:45 +0100 |
| commit | 611835ce2febda3ff278f4b0c665f5f4fb9fa2a0 (patch) | |
| tree | a3214ff40b26a0fb8b03de3fb9faaf6893578e4d /package/qpid-proton/0004-src-ssl-openssl-add-libressl-compatibility.patch | |
| parent | d6f00c5047f90b350d81650092f204fb73c45b8c (diff) | |
| download | buildroot-611835ce2febda3ff278f4b0c665f5f4fb9fa2a0.tar.gz buildroot-611835ce2febda3ff278f4b0c665f5f4fb9fa2a0.zip | |
package/qpid-proton: openssl 1.1.x compatibility
Updates are based on the original bug report upstream.
https://issues.apache.org/jira/browse/PROTON-1326
Fixes
http://autobuild.buildroot.net/results/f90/f9085f223cd54c70daf29b12e6c66edb416f7243/
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/qpid-proton/0004-src-ssl-openssl-add-libressl-compatibility.patch')
| -rw-r--r-- | package/qpid-proton/0004-src-ssl-openssl-add-libressl-compatibility.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/package/qpid-proton/0004-src-ssl-openssl-add-libressl-compatibility.patch b/package/qpid-proton/0004-src-ssl-openssl-add-libressl-compatibility.patch new file mode 100644 index 0000000000..f969671ffb --- /dev/null +++ b/package/qpid-proton/0004-src-ssl-openssl-add-libressl-compatibility.patch @@ -0,0 +1,53 @@ +From 87c44b4ebc64c15f6324ed40852224b61fbe77a7 Mon Sep 17 00:00:00 2001 +From: Matt Weber <matthew.weber@rockwellcollins.com> +Date: Tue, 5 Feb 2019 06:10:16 -0600 +Subject: [PATCH] src/ssl/openssl: add libressl compatibility + +Similar to https://github.com/FreeRDP/FreeRDP/issues/5049 +libressl has `#define OPENSSL_VERSION_NUMBER ` defined the same as +openssl 1.1.x which results in SSL_CTX_set_security_level() getting used. + +This patch prevents SSL_CTX_set_security_level() from being used with +libressl. + +Upstream: https://github.com/apache/qpid-proton/pull/175 + +Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> +--- + c/src/ssl/openssl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/proton-c/src/ssl/openssl.c b/proton-c/src/ssl/openssl.c +index c2b5869..541d0ae 100644 +--- a/proton-c/src/ssl/openssl.c ++++ b/proton-c/src/ssl/openssl.c +@@ -522,7 +522,7 @@ pn_ssl_domain_t *pn_ssl_domain( pn_ssl_mode_t mode ) + // Mitigate the CRIME vulnerability + SSL_CTX_set_options(domain->ctx, SSL_OP_NO_COMPRESSION); + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx); + #endif + +@@ -709,7 +709,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, + case PN_SSL_VERIFY_PEER: + case PN_SSL_VERIFY_PEER_NAME: + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CTX_set_security_level(domain->ctx, domain->default_seclevel); + #endif + +@@ -749,7 +749,7 @@ int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain, + break; + + case PN_SSL_ANONYMOUS_PEER: // hippie free love mode... :) +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + // Must use lowest OpenSSL security level to enable anonymous ciphers. + SSL_CTX_set_security_level(domain->ctx, 0); + #endif +-- +1.9.1 + |
