From b8820021c9b1a0e820b2fad3d2c3f352c19b00c0 Mon Sep 17 00:00:00 2001
From: John <me@johnnynator.dev>
Date: Wed, 6 Jan 2021 23:55:17 +0100
Subject: [PATCH] c-client: rebuild against OpenSSL

---
 common/shlibs                                 |  2 +-
 .../patches/1006_openssl1.1_autoverify.patch  | 58 +++++++++++++++++++
 srcpkgs/c-client/template                     |  4 +-
 3 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/c-client/patches/1006_openssl1.1_autoverify.patch

diff --git a/common/shlibs b/common/shlibs
index 04b513078f..edb3aa8735 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -2383,7 +2383,7 @@ libdwarf.so.1 libdwarf-20160613_1
 libmemcached.so.11 libmemcached-1.0.18_1
 libhashkit.so.2 libmemcached-1.0.18_1
 libmemcachedutil.so.2 libmemcached-1.0.18_1
-libc-client.so.1 c-client-2007f_1
+libc-client.so.1 c-client-2007f_4
 libonig.so.5 oniguruma-6.8.1_1
 liblo10k1.so.0 alsa-tools-1.0.29_1
 libgflags.so.2.2 gflags-2.1.2_1
diff --git a/srcpkgs/c-client/patches/1006_openssl1.1_autoverify.patch b/srcpkgs/c-client/patches/1006_openssl1.1_autoverify.patch
new file mode 100644
index 0000000000..a8552ff268
--- /dev/null
+++ b/srcpkgs/c-client/patches/1006_openssl1.1_autoverify.patch
@@ -0,0 +1,58 @@
+Description: Support OpenSSL 1.1
+ When building with OpenSSL 1.1 and newer, use the new built-in
+ hostname verification instead of code that doesn't compile due to
+ structs having been made opaque.
+Bug-Debian: https://bugs.debian.org/828589
+
+--- src/osdep/unix/ssl_unix.c
++++ src/osdep/unix/ssl_unix.c
+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
+ 				/* disable certificate validation? */
+   if (flags & NET_NOVALIDATECERT)
+     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
+-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
++  else {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000      
++      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
++      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++      X509_VERIFY_PARAM_set1_host(param, host, 0);
++#endif
++
++      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ 				/* set default paths to CAs... */
++  }
+   SSL_CTX_set_default_verify_paths (stream->context);
+ 				/* ...unless a non-standard path desired */
+   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
+   if (SSL_write (stream->con,"",0) < 0)
+     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ 				/* need to validate host names? */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+   if (!(flags & NET_NOVALIDATECERT) &&
+       (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
+ 				host))) {
+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
+     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
+     return ssl_last_error = cpystr (tmp);
+   }
++#endif
+   return NIL;
+ }
+ 
+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
+  * Returns: NIL if validated, else string of error message
+  */
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static char *ssl_validate_cert (X509 *cert,char *host)
+ {
+   int i,n;
+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
+   else ret = "Unable to locate common name in certificate";
+   return ret;
+ }
++#endif
+ 
+ /* Case-independent wildcard pattern match
+  * Accepts: base string
diff --git a/srcpkgs/c-client/template b/srcpkgs/c-client/template
index 48bbfcee46..bf65dc7277 100644
--- a/srcpkgs/c-client/template
+++ b/srcpkgs/c-client/template
@@ -1,9 +1,9 @@
 # Template file for 'c-client'
 pkgname=c-client
 version=2007f
-revision=3
+revision=4
 wrksrc="imap-${version}"
-makedepends="pam-devel libressl-devel e2fsprogs-devel"
+makedepends="pam-devel openssl-devel e2fsprogs-devel"
 short_desc="IMAP client library"
 maintainer="John Regan <john@jrjrtech.com>"
 license="Apache-2.0"