From 5f593b4d2a3fcdc2e49f3cb3710fd0c188c380ca Mon Sep 17 00:00:00 2001 From: John Date: Mon, 1 Feb 2021 15:41:58 +0100 Subject: [PATCH] sssd: update patch to work for both LibreSSL and OpenSSL --- srcpkgs/sssd/patches/libressl.patch | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/srcpkgs/sssd/patches/libressl.patch b/srcpkgs/sssd/patches/libressl.patch index 8c3a3aa18d..495a1066be 100644 --- a/srcpkgs/sssd/patches/libressl.patch +++ b/srcpkgs/sssd/patches/libressl.patch @@ -1,11 +1,3 @@ -diff -Naurp0 a/lib/certmap/sss_cert_content_crypto.c b/lib/certmap/sss_cert_content_crypto.c ---- src/lib/certmap/sss_cert_content_crypto.c 2020-09-06 16:39:47.669132066 +0200 -+++ src/lib/certmap/sss_cert_content_crypto.c 2020-09-06 16:39:51.923060279 +0200 -@@ -774,2 +774,2 @@ int sss_cert_get_content(TALLOC_CTX *mem -- if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) { -- cont->key_usage = X509_get_key_usage(cert); -+ if (cert->ex_flags & EXFLAG_KUSAGE) { -+ cont->key_usage = cert->ex_kusage; diff -Naurp0 a/p11_child/p11_child_openssl.c b/p11_child/p11_child_openssl.c --- src/p11_child/p11_child_openssl.c 2020-09-06 16:39:47.663132167 +0200 +++ src/p11_child/p11_child_openssl.c 2020-09-06 16:39:51.887060887 +0200 @@ -16,3 +8,19 @@ diff -Naurp0 a/util/crypto/libcrypto/crypto_hmac_sha1.c b/util/crypto/libcrypto/ +++ src/util/crypto/libcrypto/crypto_hmac_sha1.c 2020-09-06 16:39:51.870061174 +0200 @@ -19,0 +20 @@ +#include +--- src/lib/certmap/sss_cert_content_crypto.c 2020-10-12 12:16:19.000000000 +0200 ++++ - 2021-02-01 15:35:14.968899293 +0100 +@@ -771,8 +771,13 @@ + ret = EIO; + goto done; + } ++#ifdef LIBRESSL_VERSION_NUMBER ++ if (cert->ex_flags & EXFLAG_KUSAGE) { ++ cont->key_usage = cert->ex_kusage; ++#else + if ((X509_get_extension_flags(cert) & EXFLAG_KUSAGE)) { + cont->key_usage = X509_get_key_usage(cert); ++#endif + } else { + /* According to X.509 https://www.itu.int/rec/T-REC-X.509-201610-I + * section 13.3.2 "Certificate match" "keyUsage matches if all of the