void-packages/srcpkgs/vpn-ws/patches/openssl.patch

53 lines
1.7 KiB
Diff

From a9d297969457e4f1a835e7481ddcbb4a2241692b Mon Sep 17 00:00:00 2001
From: Peter Nikolow <peter@mobiliodevelopment.com>
Date: Fri, 29 Jan 2021 13:24:58 +0200
Subject: [PATCH 2/3] Update ssl.c
Fixing OpenSSL 1.1 deprecation of OPENSSL_config
---
src/ssl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/ssl.c b/src/ssl.c
index 4f0405c..996e9b0 100644
--- src/ssl.c
+++ src/ssl.c
@@ -225,7 +225,11 @@ static SSL_CTX *ssl_ctx = NULL;
void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
if (!ssl_initialized) {
- OPENSSL_config(NULL);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OPENSSL_config(NULL);
+#else
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG,NULL);
+#endif
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
From ec10c3526b115ea32775f495abd449948cc1d807 Mon Sep 17 00:00:00 2001
From: Peter Nikolow <peter@mobiliodevelopment.com>
Date: Fri, 29 Jan 2021 13:30:22 +0200
Subject: [PATCH 3/3] Update ssl.c
Adding default locations for trusted CA certificates.
This helps is your server uses 3rd party certificate like Let's Encrypt.
---
src/ssl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ssl.c b/src/ssl.c
index 996e9b0..3759d5b 100644
--- src/ssl.c
+++ src/ssl.c
@@ -254,6 +254,7 @@ void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
}
else {
+ SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/certs/ca-certificates.crt", "/etc/ssl/certs/");
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
}
ssl_peer_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);