rpms / lua-sec

Clone
Source Code
GIT

Blame lua-sec-0.6-openssl_110.patch

el5 el6 epel7 epel8 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 main rawhide
  1.   41e3030c1633a00a6c53e8a13773a1e72557913d
  2.   lua-sec-0.6-openssl_110.patch
Blob History Raw
458d858 
git diff 20443861ebc3f6498ee7d9c70fbdaa059bec15e1...98f8872743f3d38bd44cb9eedb2c82e38571fe04
458d858
458d858 
diff --git a/src/Makefile b/src/Makefile
458d858 
index 727794b..02425af 100644
458d858 
--- a/src/Makefile
458d858 
+++ b/src/Makefile
458d858 
@@ -31,10 +31,10 @@ LDFLAGS += $(MYLDFLAGS)
458d858 
 all:
458d858
458d858 
 install: $(CMOD) $(LMOD)
458d858 
-	$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
458d858 
-	$(INSTALL) $(CMOD) $(LUACPATH)
458d858 
-	$(INSTALL) -m644 $(LMOD) $(LUAPATH)
458d858 
-	$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
458d858 
+	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
458d858 
+	$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
458d858 
+	$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
458d858 
+	$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
458d858
458d858 
 linux:
458d858 
 	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
458d858 
diff --git a/src/context.c b/src/context.c
458d858 
index 22f43b7..4187314 100644
458d858 
--- a/src/context.c
458d858 
+++ b/src/context.c
458d858 
@@ -35,10 +35,6 @@ typedef const SSL_METHOD LSEC_SSL_METHOD;
458d858 
 typedef       SSL_METHOD LSEC_SSL_METHOD;
458d858 
 #endif
458d858
458d858 
-#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
458d858 
-#define SSLv23_method() TLS_method()
458d858 
-#endif
458d858 
-
458d858 
 /*-- Compat - Lua 5.1 --------------------------------------------------------*/
458d858
458d858 
 #if (LUA_VERSION_NUM == 501)
458d858 
diff --git a/src/https.lua b/src/https.lua
458d858 
index befb72d..7916851 100644
458d858 
--- a/src/https.lua
458d858 
+++ b/src/https.lua
458d858 
@@ -89,6 +89,7 @@ local function tcp(params)
458d858 
       function conn:connect(host, port)
458d858 
          try(self.sock:connect(host, port))
458d858 
          self.sock = try(ssl.wrap(self.sock, params))
458d858 
+         self.sock:sni(host)
458d858 
          try(self.sock:dohandshake())
458d858 
          reg(self, getmetatable(self.sock))
458d858 
          return 1
458d858 
diff --git a/src/ssl.c b/src/ssl.c
458d858 
index d2b495d..d7b7243 100644
458d858 
--- a/src/ssl.c
458d858 
+++ b/src/ssl.c
458d858 
@@ -31,6 +31,13 @@
458d858 
 #include "context.h"
458d858 
 #include "ssl.h"
458d858
458d858 
+
458d858 
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
458d858 
+#define SSL_is_server(s) (s->server)
458d858 
+#define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
458d858 
+#endif
458d858 
+
458d858 
+
458d858 
 /**
458d858 
  * Underline socket error.
458d858 
  */
458d858 
@@ -191,9 +198,9 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
458d858 
 {
458d858 
   int err;
458d858 
   p_ssl ssl = (p_ssl)ctx;
458d858 
+  *got = 0;
458d858 
   if (ssl->state != LSEC_STATE_CONNECTED)
458d858 
     return IO_CLOSED;
458d858 
-  *got = 0;
458d858 
   for ( ; ; ) {
458d858 
     ERR_clear_error();
458d858 
     err = SSL_read(ssl->ssl, data, (int)count);
458d858 
@@ -203,7 +210,6 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
458d858 
       *got = err;
458d858 
       return IO_DONE;
458d858 
     case SSL_ERROR_ZERO_RETURN:
458d858 
-      *got = err;
458d858 
       return IO_CLOSED;
458d858 
     case SSL_ERROR_WANT_READ:
458d858 
       err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
458d858 
@@ -461,7 +467,7 @@ static int meth_getpeercertificate(lua_State *L)
458d858 
   /* In a server-context, the stack doesn't contain the peer cert,
458d858 
    * so adjust accordingly.
458d858 
    */
458d858 
-  if (ssl->ssl->server)
458d858 
+  if (SSL_is_server(ssl->ssl))
458d858 
     --n;
458d858 
   certs = SSL_get_peer_cert_chain(ssl->ssl);
458d858 
   if (n >= sk_X509_num(certs)) {
458d858 
@@ -471,7 +477,7 @@ static int meth_getpeercertificate(lua_State *L)
458d858 
   cert = sk_X509_value(certs, n);
458d858 
   /* Increment the reference counting of the object. */
458d858 
   /* See SSL_get_peer_certificate() source code.     */
458d858 
-  CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
458d858 
+  X509_up_ref(cert);
458d858 
   lsec_pushx509(L, cert);
458d858 
   return 1;
458d858 
 }
458d858 
@@ -493,7 +499,7 @@ static int meth_getpeerchain(lua_State *L)
458d858 
     return 2;
458d858 
   }
458d858 
   lua_newtable(L);
458d858 
-  if (ssl->ssl->server) {
458d858 
+  if (SSL_is_server(ssl->ssl)) {
458d858 
     lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
458d858 
     lua_rawseti(L, -2, idx++);
458d858 
   }
458d858 
@@ -503,7 +509,7 @@ static int meth_getpeerchain(lua_State *L)
458d858 
     cert = sk_X509_value(certs, i);
458d858 
     /* Increment the reference counting of the object. */
458d858 
     /* See SSL_get_peer_certificate() source code.     */
458d858 
-    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
458d858 
+    X509_up_ref(cert);
458d858 
     lsec_pushx509(L, cert);
458d858 
     lua_rawseti(L, -2, idx++);
458d858 
   }
458d858 
diff --git a/src/x509.c b/src/x509.c
458d858 
index 49f9a5f..0042fc4 100644
458d858 
--- a/src/x509.c
458d858 
+++ b/src/x509.c
458d858 
@@ -32,6 +32,17 @@
458d858
458d858 
 #include "x509.h"
458d858
458d858 
+
458d858 
+/*
458d858 
+ * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
458d858 
+ */
458d858 
+#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
458d858 
+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
458d858 
+#else
458d858 
+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
458d858 
+#endif
458d858 
+
458d858 
+
458d858 
 static const char* hex_tab = "0123456789abcdef";
458d858
458d858 
 /**
458d858 
@@ -146,7 +157,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
458d858 
   }
458d858 
   switch (encode) {
458d858 
   case LSEC_AI5_STRING:
458d858 
-    lua_pushlstring(L, (char*)ASN1_STRING_data(string),
458d858 
+    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
458d858 
                        ASN1_STRING_length(string));
458d858 
     break;
458d858 
   case LSEC_UTF8_STRING:
458d858 
@@ -182,7 +193,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
458d858 
 {
458d858 
   int af;
458d858 
   char dst[INET6_ADDRSTRLEN];
458d858 
-  unsigned char *ip = ASN1_STRING_data(string);
458d858 
+  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
458d858 
   switch(ASN1_STRING_length(string)) {
458d858 
   case 4:
458d858 
     af = AF_INET;
458d858 
@@ -293,11 +304,11 @@ int meth_extensions(lua_State* L)
458d858 
       break;
458d858
458d858 
     /* Push ret[oid] */
458d858 
-    push_asn1_objname(L, extension->object, 1);
458d858 
+    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
458d858 
     push_subtable(L, -2);
458d858
458d858 
     /* Set ret[oid].name = name */
458d858 
-    push_asn1_objname(L, extension->object, 0);
458d858 
+    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
458d858 
     lua_setfield(L, -2, "name");
458d858
458d858 
     n_general_names = sk_GENERAL_NAME_num(values);
458d858 
@@ -404,7 +415,7 @@ static int meth_pubkey(lua_State* L)
458d858 
     bytes = BIO_get_mem_data(bio, &data);
458d858 
     if (bytes > 0) {
458d858 
       lua_pushlstring(L, data, bytes);
458d858 
-      switch(EVP_PKEY_type(pkey->type)) {
458d858 
+      switch(EVP_PKEY_base_id(pkey)) {
458d858 
         case EVP_PKEY_RSA:
458d858 
           lua_pushstring(L, "RSA");
458d858 
           break;
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.