Skip to content
Snippets Groups Projects
Commit 7e8ab83f authored by Alexey Dokuchaev's avatar Alexey Dokuchaev
Browse files

ftp/bsdftpd-ssl: convert to modern OpenSSL and unbreak the build on -CURRENT.

parent 63593047
No related branches found
No related tags found
No related merge requests found
......@@ -30,9 +30,7 @@ LDFLAGS+= -lpam
.include <bsd.port.options.mk>
.if ${SSL_DEFAULT} == base
BROKEN_FreeBSD_12= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
BROKEN_FreeBSD_13= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
BROKEN_FreeBSD_14= variable has incomplete type 'X509_STORE_CTX' (aka 'struct x509_store_ctx_st')
BROKEN_FreeBSD_11= undefined reference to `X509_OBJECT_new'
.endif
.if ${PORT_OPTIONS:MSERVER} && ${PORT_OPTIONS:MEXAMPLES}
......
--- ftp/Makefile.FreeBSD.orig 2005-01-11 10:06:55 UTC
+++ ftp/Makefile.FreeBSD
@@ -17,11 +17,11 @@ CFLAGS+=-DINET6
### TLS/SSL support
## Comment lines below to disable TLS/SSL support
CFLAGS+=-DUSE_SSL
-LDADD+= -lssl -lcrypto
+LDADD+= -L${OPENSSLLIB} -lssl -lcrypto
## Next lines must present regardless of TLS/SSL support state
.PATH: ${.CURDIR}/../ssl
SRCS+= sslapp.c ssl_port.c ssl_port_ftps.c
-CFLAGS+=-I../ssl
+CFLAGS+= -I${OPENSSLINC} -I../ssl
###
###
@@ -31,7 +31,7 @@ PROG= ftps
SRCS+= cmds.c cmdtab.c complete.c domacro.c fetch.c ftp.c main.c ruserpass.c \
util.c
-CFLAGS+= -I../port -Wall
+CFLAGS+= -I../port -Wall -fcommon
LDADD+= ../port/libedit.a
.if defined(BSDTYPE) && ( ${BSDTYPE} == "NetBSD" )
--- ftpd/Makefile.FreeBSD.orig 2005-01-11 22:49:16 UTC
+++ ftpd/Makefile.FreeBSD
@@ -78,12 +78,12 @@ LDADD+= -lm
### TLS/SSL support
.if defined(SSL_SUPPORT)
CFLAGS+=-DUSE_SSL
-LDADD+= -lssl -lcrypto ../port/libbsdport.a
+LDADD+= -L${OPENSSLLIB} -lssl -lcrypto ../port/libbsdport.a
.endif
## Next lines must present regardless of TLS/SSL support state
.PATH: ${.CURDIR}/../ssl
SRCS+= sslapp.c ssl_port.c ssl_port_ftpd.c
-CFLAGS+=-I../ssl -I../port
+CFLAGS+= -I${OPENSSLINC} -I../ssl -I../port
###
### PAM support
--- ftpd/ftpcmd.y.orig 2004-12-19 18:44:42 UTC
+++ ftpd/ftpcmd.y
@@ -1376,7 +1376,7 @@ static void toolong(int);
#ifdef INET6
static void v4map_data_dest(void);
#endif
-static int yylex(void);
+int yylex(void);
static struct tab *
lookup(struct tab *p, char *cmd)
@@ -1394,7 +1394,7 @@ lookup(struct tab *p, char *cmd)
* getline - a hacked up version of fgets to ignore TELNET escape codes.
*/
......@@ -9,6 +18,15 @@
{
int c;
register char *cs;
@@ -1530,7 +1530,7 @@ check_syntax(struct tab *cmd, char *cbuf, size_t cpos)
return 1;
}
-static int
+int
yylex(void)
{
static int cpos;
@@ -1545,7 +1545,7 @@ yylex(void)
case CMD:
(void) signal(SIGALRM, toolong);
......
......@@ -126,72 +126,3 @@
.if !target(${PROG})
SRCS= ${PROG}.c
--- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC
+++ ssl/sslapp.c
@@ -108,8 +108,8 @@ do_ssleay_init(int server)
* export things work... If so we generate one now!
*/
if (server) {
- const char ctx_sid[] = "BSDftpd-ssl";
- SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen(ctx_sid));
+ const unsigned char ctx_sid[] = "BSDftpd-ssl";
+ SSL_CTX_set_session_id_context(ssl_ctx, ctx_sid, strlen((const char*)ctx_sid));
if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
RSA *rsa;
@@ -474,12 +474,12 @@ ssl_log_msg(BIO *bio, const char *fmt, .
va_end(ap);
if (outputbuf == NULL) {
BIO_printf(bio, "\r\nRan out of memory.\r\n");
- BIO_flush(bio);
+ (void)BIO_flush(bio);
return;
}
BIO_printf(bio, "%s", outputbuf);
- BIO_flush(bio);
+ (void)BIO_flush(bio);
free(outputbuf);
}
@@ -498,12 +498,12 @@ ssl_log_msgn(BIO *bio, const char *fmt,
va_end(ap);
if (outputbuf == NULL) {
BIO_printf(bio, "\r\nRan out of memory.\r\n");
- BIO_flush(bio);
+ (void)BIO_flush(bio);
return;
}
BIO_printf(bio, "\r\n%s\r\n", outputbuf);
- BIO_flush(bio);
+ (void)BIO_flush(bio);
free(outputbuf);
}
@@ -519,7 +519,7 @@ ssl_log_vwarn_common(BIO *bio, int debug
vasprintf(&tmp, fmt, ap);
if (tmp == NULL) {
BIO_printf(bio, "\r\nRan out of memory.\r\n");
- BIO_flush(bio);
+ (void)BIO_flush(bio);
if (ssl_logerr_syslog)
syslog(LOG_ERR, "Ran out of memory.");
return;
@@ -531,14 +531,14 @@ ssl_log_vwarn_common(BIO *bio, int debug
free(tmp);
if (outputbuf == NULL) {
BIO_printf(bio, "\r\nRan out of memory.\r\n");
- BIO_flush(bio);
+ (void)BIO_flush(bio);
if (ssl_logerr_syslog)
syslog(LOG_ERR, "Ran out of memory.");
return;
}
BIO_printf(bio, "%s\r\n", outputbuf);
- BIO_flush(bio);
+ (void)BIO_flush(bio);
if (ssl_logerr_syslog)
syslog(LOG_WARNING, "%s", outputbuf);
free(outputbuf);
--- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC
+++ ssl/sslapp.c
@@ -113,10 +113,14 @@ do_ssleay_init(int server)
if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
RSA *rsa;
+ BIGNUM *e;
if (ssl_debug_flag)
ssl_log_msgn(bio_err, "Generating temp (512 bit) RSA key...");
- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
+
+ e = BN_new();
+ BN_set_word(e, RSA_F4);
+ RSA_generate_key_ex(rsa, 512, e, NULL);
if (ssl_debug_flag)
ssl_log_msgn(bio_err, "Generation of temp (512 bit) RSA key done");
@@ -289,12 +293,13 @@ int
ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
X509_NAME *pName, X509_OBJECT *pObj)
{
- X509_STORE_CTX pStoreCtx;
+ X509_STORE_CTX *pStoreCtx;
int rc;
- X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
- rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
- X509_STORE_CTX_cleanup(&pStoreCtx);
+ pStoreCtx = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(pStoreCtx, pStore, NULL, NULL);
+ rc = X509_STORE_get_by_subject(pStoreCtx, nType, pName, pObj);
+ X509_STORE_CTX_free(pStoreCtx);
return rc;
}
@@ -311,7 +316,7 @@ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
int
verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
{
- X509_OBJECT obj;
+ X509_OBJECT *obj;
X509_NAME *subject;
X509_NAME *issuer;
X509 *xs;
@@ -368,16 +373,16 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
* Try to retrieve a CRL corresponding to the _subject_ of
* the current certificate in order to verify it's integrity.
*/
- memset((char *)&obj, 0, sizeof(obj));
- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, &obj);
- crl = obj.data.crl;
+ obj = X509_OBJECT_new();
+ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, obj);
+ crl = X509_OBJECT_get0_X509_CRL(obj);
if (rc > 0 && crl != NULL) {
/*
* Verify the signature on this CRL
*/
if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free(obj);
return 0;
}
@@ -387,24 +392,24 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
if (i == 0) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free(obj);
return 0;
}
if (i < 0) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free(obj);
return 0;
}
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free(obj);
}
/*
* Try to retrieve a CRL corresponding to the _issuer_ of
* the current certificate in order to check for revocation.
*/
- memset((char *)&obj, 0, sizeof(obj));
- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, &obj);
- crl = obj.data.crl;
+ obj = X509_OBJECT_new();
+ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, obj);
+ crl = X509_OBJECT_get0_X509_CRL(obj);
if (rc > 0 && crl != NULL) {
/*
* Check if the current certificate is revoked by this CRL
@@ -412,13 +417,14 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
for (i = 0; i < n; i++) {
revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
- if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
+ X509_get_serialNumber(xs)) == 0) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free(obj);
return 0;
}
}
- X509_OBJECT_free_contents(&obj);
+ X509_OBJECT_free(obj);
}
return ok;
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment