void-packages/srcpkgs/libstrophe/patches/fix-libressl.patch

41 lines
1.4 KiB
Diff
Raw Normal View History

Source: maxice8
Upstream: not upstreamable
Reason: Fixes compilation with LibreSSL
--- src/tls_openssl.c
+++ src/tls_openssl.c
@@ -51,12 +51,8 @@ static void _tls_log_error(xmpp_ctx_t *ctx);
void tls_initialize(void)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init();
SSL_load_error_strings();
-#else
- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
-#endif
}
void tls_shutdown(void)
@@ -120,20 +116,6 @@ tls_t *tls_new(xmpp_conn_t *conn)
/* Trust server's certificate when user sets the flag explicitly. */
mode = conn->tls_trust ? SSL_VERIFY_NONE : SSL_VERIFY_PEER;
SSL_set_verify(tls->ssl, mode, 0);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
- /* Hostname verification is supported in OpenSSL 1.0.2 and newer. */
- X509_VERIFY_PARAM *param = SSL_get0_param(tls->ssl);
-
- /*
- * Allow only complete wildcards. RFC 6125 discourages wildcard usage
- * completely, and lists internationalized domain names as a reason
- * against partial wildcards.
- * See https://tools.ietf.org/html/rfc6125#section-7.2 for more information.
- */
- X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
- X509_VERIFY_PARAM_set1_host(param, conn->domain, 0);
-#endif
-
ret = SSL_set_fd(tls->ssl, conn->sock);
if (ret <= 0)
goto err_free_ssl;