summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-power/nut/files/nut-openssl-1.1-support.patch')
-rw-r--r--sys-power/nut/files/nut-openssl-1.1-support.patch302
1 files changed, 60 insertions, 242 deletions
diff --git a/sys-power/nut/files/nut-openssl-1.1-support.patch b/sys-power/nut/files/nut-openssl-1.1-support.patch
index 71e1bf47f1b9..5d1c2afe7dca 100644
--- a/sys-power/nut/files/nut-openssl-1.1-support.patch
+++ b/sys-power/nut/files/nut-openssl-1.1-support.patch
@@ -1,78 +1,11 @@
From da1f5aa699f54e0f6977ab64a3bc2f90a51c3104 Mon Sep 17 00:00:00 2001
From: Arjen de Korte <build+lede@de-korte.org>
Date: Mon, 27 Nov 2017 21:10:13 +0100
-Subject: [PATCH 1/7] Add support for openssl-1.1.0
+Subject: [PATCH] Add support for openssl-1.1.0
----
- clients/upsclient.c | 4 ++++
- m4/nut_check_libopenssl.m4 | 5 +++--
- server/netssl.c | 4 ++++
- 3 files changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/clients/upsclient.c b/clients/upsclient.c
-index b90587b00..fc5e7523c 100644
--- a/clients/upsclient.c
+++ b/clients/upsclient.c
-@@ -316,7 +316,11 @@ int upscli_init(int certverify, const char *certpath,
-
- #ifdef WITH_OPENSSL
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
-+#else
-+ OPENSSL_init_ssl(0, NULL);
-+#endif
- SSL_load_error_strings();
-
- ssl_method = TLSv1_client_method();
-diff --git a/m4/nut_check_libopenssl.m4 b/m4/nut_check_libopenssl.m4
-index 1b875077b..5f29f4a38 100644
---- a/m4/nut_check_libopenssl.m4
-+++ b/m4/nut_check_libopenssl.m4
-@@ -57,8 +57,9 @@ if test -z "${nut_have_libopenssl_seen}"; then
- AC_MSG_RESULT([${LIBS}])
-
- dnl check if openssl is usable
-- AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
-- AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])
-+ AC_CHECK_FUNCS(OPENSSL_init_ssl, [nut_have_openssl=yes], [nut_have_openssl=no])
-+ AC_CHECK_FUNCS(SSL_library_init, [nut_have_openssl=yes], [])
-+ AC_CHECK_HEADERS(openssl/ssl.h, [], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
-
- if test "${nut_have_openssl}" = "yes"; then
- nut_with_ssl="yes"
-diff --git a/server/netssl.c b/server/netssl.c
-index c2f409899..0f9a70acf 100644
---- a/server/netssl.c
-+++ b/server/netssl.c
-@@ -388,7 +388,11 @@ void ssl_init(void)
- #ifdef WITH_OPENSSL
-
- SSL_load_error_strings();
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
-+#else
-+ OPENSSL_init_ssl(0, NULL);
-+#endif
-
- if ((ssl_method = TLSv1_server_method()) == NULL) {
- ssl_debug();
-
-From b15656efb2575647ca0e0b6439b6380373767b8f Mon Sep 17 00:00:00 2001
-From: Arjen de Korte <build+lede@de-korte.org>
-Date: Tue, 28 Nov 2017 20:00:52 +0100
-Subject: [PATCH 2/7] Allow TLSv1 and higher (not just TLSv1)
-
----
- clients/upsclient.c | 30 +++++++++++++++++-------------
- server/netssl.c | 26 +++++++++++++++-----------
- 2 files changed, 32 insertions(+), 24 deletions(-)
-
-diff --git a/clients/upsclient.c b/clients/upsclient.c
-index fc5e7523c..bd951e854 100644
---- a/clients/upsclient.c
-+++ b/clients/upsclient.c
-@@ -299,11 +299,6 @@ int upscli_init(int certverify, const char *certpath,
+@@ -299,11 +299,6 @@
{
#ifdef WITH_OPENSSL
int ret, ssl_mode = SSL_VERIFY_NONE;
@@ -84,27 +17,24 @@ index fc5e7523c..bd951e854 100644
#elif defined(WITH_NSS) /* WITH_OPENSSL */
SECStatus status;
#endif /* WITH_OPENSSL | WITH_NSS */
-@@ -315,26 +310,35 @@ int upscli_init(int certverify, const char *certpath,
+@@ -315,22 +310,32 @@
}
#ifdef WITH_OPENSSL
-+
-+ SSL_load_error_strings();
-
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
-+
-+ ssl_ctx = SSL_CTX_new(SSLv23_client_method());
- #else
- OPENSSL_init_ssl(0, NULL);
--#endif
+-
+- SSL_library_init();
- SSL_load_error_strings();
- ssl_method = TLSv1_client_method();
--
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ SSL_load_error_strings();
++ SSL_library_init();
+
- if (!ssl_method) {
- return 0;
- }
++ ssl_ctx = SSL_CTX_new(SSLv23_client_method());
++#else
+ ssl_ctx = SSL_CTX_new(TLS_client_method());
+#endif
@@ -128,11 +58,49 @@ index fc5e7523c..bd951e854 100644
if (!certpath) {
if (certverify == 1) {
upslogx(LOG_ERR, "Can not verify certificate if any is specified");
-diff --git a/server/netssl.c b/server/netssl.c
-index 0f9a70acf..98680d25e 100644
+@@ -737,7 +742,7 @@
+ switch(res)
+ {
+ case 1:
+- upsdebugx(3, "SSL connected");
++ upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));
+ break;
+ case 0:
+ upslog_with_errno(1, "SSL_connect do not accept handshake.");
+--- a/clients/upssched.c
++++ b/clients/upssched.c
+@@ -794,7 +794,7 @@
+ }
+
+ if (!strcmp(cmd, "EXECUTE")) {
+- if (ca1 == '\0') {
++ if (ca1[0] == '\0') {
+ upslogx(LOG_ERR, "Empty EXECUTE command argument");
+ return;
+ }
+--- a/m4/nut_check_libopenssl.m4
++++ b/m4/nut_check_libopenssl.m4
+@@ -58,7 +58,7 @@
+
+ dnl check if openssl is usable
+ AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
+- AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])
++ AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])
+
+ if test "${nut_have_openssl}" = "yes"; then
+ nut_with_ssl="yes"
--- a/server/netssl.c
+++ b/server/netssl.c
-@@ -371,13 +371,7 @@ void ssl_init(void)
+@@ -274,7 +274,7 @@
+ {
+ case 1:
+ client->ssl_connected = 1;
+- upsdebugx(3, "SSL connected");
++ upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));
+ break;
+
+ case 0:
+@@ -370,13 +370,7 @@
{
#ifdef WITH_NSS
SECStatus status;
@@ -147,22 +115,20 @@ index 0f9a70acf..98680d25e 100644
if (!certfile) {
return;
-@@ -388,21 +382,31 @@ void ssl_init(void)
+@@ -386,18 +380,29 @@
+
#ifdef WITH_OPENSSL
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
-+
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init();
-+
-+ ssl_ctx = SSL_CTX_new(SSLv23_server_method());
- #else
- OPENSSL_init_ssl(0, NULL);
-+
-+ ssl_ctx = SSL_CTX_new(TLS_server_method());
- #endif
- if ((ssl_method = TLSv1_server_method()) == NULL) {
++ ssl_ctx = SSL_CTX_new(SSLv23_server_method());
++#else
++ ssl_ctx = SSL_CTX_new(TLS_server_method());
++#endif
++
+ if (!ssl_ctx) {
ssl_debug();
- fatalx(EXIT_FAILURE, "TLSv1_server_method failed");
@@ -183,151 +149,3 @@ index 0f9a70acf..98680d25e 100644
if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
ssl_debug();
-
-From 5a8308aef9884017754fb70620c8ded34fa44290 Mon Sep 17 00:00:00 2001
-From: Arjen de Korte <build+lede@de-korte.org>
-Date: Tue, 28 Nov 2017 22:01:41 +0100
-Subject: [PATCH 3/7] Fix check for empty string
-
----
- clients/upssched.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/clients/upssched.c b/clients/upssched.c
-index 97b3ed42d..3fdf118ed 100644
---- a/clients/upssched.c
-+++ b/clients/upssched.c
-@@ -794,7 +794,7 @@ static void parse_at(const char *ntype, const char *un, const char *cmd,
- }
-
- if (!strcmp(cmd, "EXECUTE")) {
-- if (ca1 == '\0') {
-+ if (ca1[0] == '\0') {
- upslogx(LOG_ERR, "Empty EXECUTE command argument");
- return;
- }
-
-From 5ecfb0ffe3d89a5116dd287ff2c3f60de67ecbb9 Mon Sep 17 00:00:00 2001
-From: Arjen de Korte <build+github@de-korte.org>
-Date: Fri, 1 Dec 2017 12:24:00 +0100
-Subject: [PATCH 4/7] Report TLS handshake in debug mode
-
----
- clients/upsclient.c | 2 +-
- server/netssl.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/clients/upsclient.c b/clients/upsclient.c
-index bd951e854..b7dd8f424 100644
---- a/clients/upsclient.c
-+++ b/clients/upsclient.c
-@@ -745,7 +745,7 @@ static int upscli_sslinit(UPSCONN_t *ups, int verifycert)
- switch(res)
- {
- case 1:
-- upsdebugx(3, "SSL connected");
-+ upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));
- break;
- case 0:
- upslog_with_errno(1, "SSL_connect do not accept handshake.");
-diff --git a/server/netssl.c b/server/netssl.c
-index 98680d25e..6ae13e8d3 100644
---- a/server/netssl.c
-+++ b/server/netssl.c
-@@ -275,7 +275,7 @@ void net_starttls(nut_ctype_t *client, int numarg, const char **arg)
- {
- case 1:
- client->ssl_connected = 1;
-- upsdebugx(3, "SSL connected");
-+ upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));
- break;
-
- case 0:
-
-From ab0c8b41c0530d3706e4997257939026cfd29ccc Mon Sep 17 00:00:00 2001
-From: Arjen de Korte <build+github@de-korte.org>
-Date: Sun, 24 Feb 2019 18:31:21 +0100
-Subject: [PATCH 5/7] Update nut_check_libopenssl.m4
-
----
- m4/nut_check_libopenssl.m4 | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/m4/nut_check_libopenssl.m4 b/m4/nut_check_libopenssl.m4
-index 5f29f4a38..7eb401cd9 100644
---- a/m4/nut_check_libopenssl.m4
-+++ b/m4/nut_check_libopenssl.m4
-@@ -57,9 +57,8 @@ if test -z "${nut_have_libopenssl_seen}"; then
- AC_MSG_RESULT([${LIBS}])
-
- dnl check if openssl is usable
-- AC_CHECK_FUNCS(OPENSSL_init_ssl, [nut_have_openssl=yes], [nut_have_openssl=no])
-- AC_CHECK_FUNCS(SSL_library_init, [nut_have_openssl=yes], [])
-- AC_CHECK_HEADERS(openssl/ssl.h, [], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
-+ AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
-+ AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])
-
- if test "${nut_have_openssl}" = "yes"; then
- nut_with_ssl="yes"
-
-From 1dc34a5da7308f0f85537a6761fefb3ff3098863 Mon Sep 17 00:00:00 2001
-From: Arjen de Korte <build+github@de-korte.org>
-Date: Sun, 24 Feb 2019 18:34:53 +0100
-Subject: [PATCH 6/7] Update upsclient.c
-
----
- clients/upsclient.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/clients/upsclient.c b/clients/upsclient.c
-index b7dd8f424..541664f36 100644
---- a/clients/upsclient.c
-+++ b/clients/upsclient.c
-@@ -311,15 +311,12 @@ int upscli_init(int certverify, const char *certpath,
-
- #ifdef WITH_OPENSSL
-
-- SSL_load_error_strings();
--
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
-+ SSL_load_error_strings();
- SSL_library_init();
-
- ssl_ctx = SSL_CTX_new(SSLv23_client_method());
- #else
-- OPENSSL_init_ssl(0, NULL);
--
- ssl_ctx = SSL_CTX_new(TLS_client_method());
- #endif
-
-
-From 108c31c9b170da2ee34a25fd373d21837d4d10a3 Mon Sep 17 00:00:00 2001
-From: Arjen de Korte <build+github@de-korte.org>
-Date: Sun, 24 Feb 2019 18:37:42 +0100
-Subject: [PATCH 7/7] Update netssl.c
-
----
- server/netssl.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/server/netssl.c b/server/netssl.c
-index 6ae13e8d3..cf9419edf 100644
---- a/server/netssl.c
-+++ b/server/netssl.c
-@@ -381,15 +381,12 @@ void ssl_init(void)
-
- #ifdef WITH_OPENSSL
-
-- SSL_load_error_strings();
--
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
-+ SSL_load_error_strings();
- SSL_library_init();
-
- ssl_ctx = SSL_CTX_new(SSLv23_server_method());
- #else
-- OPENSSL_init_ssl(0, NULL);
--
- ssl_ctx = SSL_CTX_new(TLS_server_method());
- #endif
-