summarylogtreecommitdiffstats
path: root/netcpp-openssl110.patch
diff options
context:
space:
mode:
Diffstat (limited to 'netcpp-openssl110.patch')
-rw-r--r--netcpp-openssl110.patch90
1 files changed, 90 insertions, 0 deletions
diff --git a/netcpp-openssl110.patch b/netcpp-openssl110.patch
new file mode 100644
index 000000000000..69359515d915
--- /dev/null
+++ b/netcpp-openssl110.patch
@@ -0,0 +1,90 @@
+--- net.cpp.old 2017-04-25 12:21:37.489622598 +0200
++++ net.cpp 2017-04-25 12:24:13.356284078 +0200
+@@ -2213,6 +2258,46 @@
+ return CURLE_OK;
+ }
+
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++ #define X509_STORE_CTX_get0_cert(ctx) (ctx->cert)
++ #define X509_STORE_CTX_get0_untrusted(ctx) (ctx->untrusted)
++ #define EVP_PKEY_get0_DSA(_pkey_) ((_pkey_)->pkey.dsa)
++ #define EVP_PKEY_get0_RSA(_pkey_) ((_pkey_)->pkey.rsa)
++#endif
++
++const BIGNUM *RSA_get0_n(const RSA *rsa)
++{
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++ return rsa->n;
++#else
++ const BIGNUM *result;
++ RSA_get0_key(rsa, &result, NULL, NULL);
++ return result;
++#endif
++}
++
++const BIGNUM *RSA_get0_e(const RSA *rsa)
++{
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++ return rsa->e;
++#else
++ const BIGNUM *result;
++ RSA_get0_key(rsa, NULL, &result, NULL);
++ return result;
++#endif
++}
++
++const BIGNUM *RSA_get0_d(const RSA *rsa)
++{
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++ return rsa->d;
++#else
++ const BIGNUM *result;
++ RSA_get0_key(rsa, NULL, NULL, &result);
++ return result;
++#endif
++}
++
+ // SSL public key pinning
+ int CurlHttpIO::cert_verify_callback(X509_STORE_CTX* ctx, void* req)
+ {
+@@ -2228,17 +2313,17 @@
+ return 1;
+ }
+
+- if ((evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(ctx->cert))))
++ if ((evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(X509_STORE_CTX_get0_cert(ctx)))))
+ {
+- if (BN_num_bytes(evp->pkey.rsa->n) == sizeof APISSLMODULUS1 - 1
+- && BN_num_bytes(evp->pkey.rsa->e) == sizeof APISSLEXPONENT - 1)
++ if (BN_num_bytes(RSA_get0_n(EVP_PKEY_get0_RSA(evp))) == sizeof APISSLMODULUS1 - 1
++ && BN_num_bytes(RSA_get0_e(EVP_PKEY_get0_RSA(evp))) == sizeof APISSLEXPONENT - 1)
+ {
+- BN_bn2bin(evp->pkey.rsa->n, buf);
++ BN_bn2bin(RSA_get0_n(EVP_PKEY_get0_RSA(evp)), buf);
+
+ if (!memcmp(request->posturl.data(), MegaClient::APIURL.data(), MegaClient::APIURL.size()) &&
+ (!memcmp(buf, APISSLMODULUS1, sizeof APISSLMODULUS1 - 1) || !memcmp(buf, APISSLMODULUS2, sizeof APISSLMODULUS2 - 1)))
+ {
+- BN_bn2bin(evp->pkey.rsa->e, buf);
++ BN_bn2bin(RSA_get0_e(EVP_PKEY_get0_RSA(evp)), buf);
+
+ if (!memcmp(buf, APISSLEXPONENT, sizeof APISSLEXPONENT - 1))
+ {
+@@ -2253,7 +2338,7 @@
+ }
+ else
+ {
+- LOG_warn << "Public key size mismatch " << BN_num_bytes(evp->pkey.rsa->n) << " " << BN_num_bytes(evp->pkey.rsa->e);
++ LOG_warn << "Public key size mismatch " << BN_num_bytes(RSA_get0_n(EVP_PKEY_get0_RSA(evp))) << " " << BN_num_bytes(RSA_get0_e(EVP_PKEY_get0_RSA(evp)));
+ }
+
+ EVP_PKEY_free(evp);
+@@ -2275,7 +2360,7 @@
+ LOG_err << "Invalid public key. Possible MITM attack!!";
+ request->sslcheckfailed = true;
+ request->sslfakeissuer.resize(256);
+- int len = X509_NAME_get_text_by_NID (X509_get_issuer_name (ctx->cert),
++ int len = X509_NAME_get_text_by_NID (X509_get_issuer_name (X509_STORE_CTX_get0_cert(ctx)),
+ NID_commonName,
+ (char *)request->sslfakeissuer.data(),
+ request->sslfakeissuer.size());