diff options
author | lioux <lioux@FreeBSD.org> | 2002-08-13 01:34:11 +0000 |
---|---|---|
committer | lioux <lioux@FreeBSD.org> | 2002-08-13 01:34:11 +0000 |
commit | 898990789d11f11bf2a15a1754f7140222758ecd (patch) | |
tree | 213b59c9bbbed08c5c2d577e4c527209c2e892b8 /x11/kdelibs4/files | |
parent | cc8d86b3e383423bd76451b00eb0e1c9d3d32b2b (diff) | |
download | FreeBSD-ports-898990789d11f11bf2a15a1754f7140222758ecd.zip FreeBSD-ports-898990789d11f11bf2a15a1754f7140222758ecd.tar.gz |
o Security fix: "Konqueror (kssl to be precisely) fails to detect
certificates as invalid that have been signed by an issuer who
is not allowed to do so. A patch for this problem has been commited
to both the CVS HEAD branch and the KDE_3_0_BRANCH" from message
by [1]
o Bump PORTREVISION
Submitted by: Andy Fawcett <andy@athame.co.uk>,
Waldo Bastian <bastian@kde.org> [1]
Reviewed by: kde
Approved by: kde
Obtained from: KDE CVS HEAD
Diffstat (limited to 'x11/kdelibs4/files')
-rw-r--r-- | x11/kdelibs4/files/patch-kopenssl.cc | 35 | ||||
-rw-r--r-- | x11/kdelibs4/files/patch-kopenssl.h | 19 | ||||
-rw-r--r-- | x11/kdelibs4/files/patch-ksslcertificate.cc | 10 |
3 files changed, 64 insertions, 0 deletions
diff --git a/x11/kdelibs4/files/patch-kopenssl.cc b/x11/kdelibs4/files/patch-kopenssl.cc new file mode 100644 index 0000000..42339a3 --- /dev/null +++ b/x11/kdelibs4/files/patch-kopenssl.cc @@ -0,0 +1,35 @@ +Index: kio/kssl/kopenssl.cc +=================================================================== +RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.cc,v +retrieving revision 1.58.2.1 +retrieving revision 1.58.2.2 +diff -u -3 -p -r1.58.2.1 -r1.58.2.2 +--- kio/kssl/kopenssl.cc 2002/04/10 22:00:44 1.58.2.1 ++++ kio/kssl/kopenssl.cc 2002/08/12 16:45:14 1.58.2.2 +@@ -105,6 +105,7 @@ static int (*K_SSL_CTX_use_certificate) + static int (*K_SSL_get_error) (SSL*, int) = NULL; + static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = NULL; + static void (*K_X509_STORE_CTX_set_chain) (X509_STORE_CTX *, STACK_OF(X509)*) = NULL; ++static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = NULL; + static void (*K_sk_free) (STACK*) = NULL; + static int (*K_sk_num) (STACK*) = NULL; + static char* (*K_sk_pop) (STACK*) = NULL; +@@ -348,6 +349,7 @@ KConfig *cfg; + K_X509_REQ_free = (void (*)(X509_REQ*)) _cryptoLib->symbol("X509_REQ_free"); + K_X509_REQ_new = (X509_REQ* (*)()) _cryptoLib->symbol("X509_REQ_new"); + K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set_chain"); ++ K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) _cryptoLib->symbol("X509_STORE_CTX_set_purpose"); + K_sk_free = (void (*) (STACK *)) _cryptoLib->symbol("sk_free"); + K_sk_num = (int (*) (STACK *)) _cryptoLib->symbol("sk_num"); + K_sk_pop = (char* (*) (STACK *)) _cryptoLib->symbol("sk_pop"); +@@ -930,6 +932,10 @@ char *KOpenSSLProxy::sk_value(STACK *s, + + void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) { + if (K_X509_STORE_CTX_set_chain) (K_X509_STORE_CTX_set_chain)(v,x); ++} ++ ++void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) { ++ if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose); + } + + diff --git a/x11/kdelibs4/files/patch-kopenssl.h b/x11/kdelibs4/files/patch-kopenssl.h new file mode 100644 index 0000000..b123b5b --- /dev/null +++ b/x11/kdelibs4/files/patch-kopenssl.h @@ -0,0 +1,19 @@ +Index: kio/kssl/kopenssl.h +=================================================================== +RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.h,v +retrieving revision 1.37.2.1 +retrieving revision 1.37.2.2 +diff -u -3 -p -r1.37.2.1 -r1.37.2.2 +--- kio/kssl/kopenssl.h 2002/04/10 22:00:44 1.37.2.1 ++++ kio/kssl/kopenssl.h 2002/08/12 16:45:14 1.37.2.2 +@@ -309,6 +309,10 @@ public: + */ + void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x); + ++ /* ++ * X509_STORE_CTX_set_purpose - set the purpose of the certificate ++ */ ++ void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); + + /* + * X509_verify_cert - verify the certificate diff --git a/x11/kdelibs4/files/patch-ksslcertificate.cc b/x11/kdelibs4/files/patch-ksslcertificate.cc new file mode 100644 index 0000000..0c05382 --- /dev/null +++ b/x11/kdelibs4/files/patch-ksslcertificate.cc @@ -0,0 +1,10 @@ +--- kio/kssl/ksslcertificate.cc.orig Sat Dec 1 01:30:03 2001 ++++ kio/kssl/ksslcertificate.cc Mon Aug 12 22:28:40 2002 +@@ -544,6 +544,7 @@ + // + + // int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); ++ d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, X509_PURPOSE_SSL_SERVER); + + //kdDebug(7029) << "KSSL verifying.............." << endl; + certStoreCTX->error = X509_V_OK; |