void-packages/srcpkgs/vpn-ws/patches/openssl.patch
Đoàn Trần Công Danh 76acfa2dd2 srcpkgs/v*: convert patches to -Np1
```sh
git grep -l '^patch_args=-Np0' "srcpkgs/$1*/template" |
while read template; do
	for p in ${template%/template}/patches/*; do
		sed -i '
			\,^[+-][+-][+-] /dev/null,b
			/^[*-]\+ [0-9]\+\(,[0-9]\+\)\? [*-]\+$/b
			s,^[*][*][*] ,&a/,
			/^--- /{
				s,\(^--- \)\(./\)*,\1a/,
				s,[.-][Oo][Rr][Ii][Gg]\([	/]\),\1,
				s/[.-][Oo][Rr][Ii][Gg]$//
				s/[.]patched[.]\([^.]\)/.\1/
				h
			}
			/^+++ -/{
				g
				s/^--- a/+++ b/
				b
			}
			s,\(^+++ \)\(./\)*,\1b/,
		' "$p"
	done
	sed -i '/^patch_args=/d' $template
done
```
2021-06-20 13:17:29 +07:00

52 lines
1.7 KiB
Diff

From a9d297969457e4f1a835e7481ddcbb4a2241692b Mon Sep 17 00:00:00 2001
From: Peter Nikolow <peter@mobiliodevelopment.com>
Date: Fri, 29 Jan 2021 13:24:58 +0200
Subject: [PATCH 2/3] Update ssl.c
Fixing OpenSSL 1.1 deprecation of OPENSSL_config
---
src/ssl.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/ssl.c b/src/ssl.c
index 4f0405c..996e9b0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -225,7 +225,11 @@ static SSL_CTX *ssl_ctx = NULL;
void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
if (!ssl_initialized) {
- OPENSSL_config(NULL);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OPENSSL_config(NULL);
+#else
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG,NULL);
+#endif
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
From ec10c3526b115ea32775f495abd449948cc1d807 Mon Sep 17 00:00:00 2001
From: Peter Nikolow <peter@mobiliodevelopment.com>
Date: Fri, 29 Jan 2021 13:30:22 +0200
Subject: [PATCH 3/3] Update ssl.c
Adding default locations for trusted CA certificates.
This helps is your server uses 3rd party certificate like Let's Encrypt.
---
src/ssl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ssl.c b/src/ssl.c
index 996e9b0..3759d5b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -254,6 +254,7 @@ void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
}
else {
+ SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/certs/ca-certificates.crt", "/etc/ssl/certs/");
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
}
ssl_peer_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);