diff options
Diffstat (limited to 'openssl-1.1.patch')
-rw-r--r-- | openssl-1.1.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/openssl-1.1.patch b/openssl-1.1.patch new file mode 100644 index 000000000000..ea6435cde00f --- /dev/null +++ b/openssl-1.1.patch @@ -0,0 +1,60 @@ +diff -aur dnssec-trigger-0.14/riggerd/cfg.c dnssec-trigger-0.14-patched/riggerd/cfg.c +--- dnssec-trigger-0.14/riggerd/cfg.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/cfg.c 2017-11-18 11:21:50.477359449 +0100 +@@ -540,9 +540,11 @@ + if(!ctx) + return ctx_err_ret(ctx, err, errlen, + "could not allocate SSL_CTX pointer"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) + return ctx_err_ret(ctx, err, errlen, + "could not set SSL_OP_NO_SSLv2"); ++#endif + if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || + !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) + || !SSL_CTX_check_private_key(ctx)) +diff -aur dnssec-trigger-0.14/riggerd/net_help.c dnssec-trigger-0.14-patched/riggerd/net_help.c +--- dnssec-trigger-0.14/riggerd/net_help.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/net_help.c 2017-11-18 11:22:40.546960367 +0100 +@@ -447,11 +447,13 @@ + return NULL; + } + /* no SSLv2 because has defects */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + log_crypto_err("could not set SSL_OP_NO_SSLv2"); + SSL_CTX_free(ctx); + return NULL; + } ++#endif + if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { + log_err("error for cert file: %s", pem); + log_crypto_err("error in SSL_CTX use_certificate_file"); +diff -aur dnssec-trigger-0.14/riggerd/reshook.c dnssec-trigger-0.14-patched/riggerd/reshook.c +--- dnssec-trigger-0.14/riggerd/reshook.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/reshook.c 2017-11-18 11:23:54.853034153 +0100 +@@ -256,7 +256,7 @@ + win_set_resolv("127.0.0.1"); + #else /* not on windows */ + # ifndef HOOKS_OSX /* on Linux/BSD */ +- if (system("/usr/libexec/dnssec-trigger-script --setup") == 0) ++ if (system(LIBEXEC_DIR "/dnssec-trigger-script --setup") == 0) + return; + + if(really_set_to_localhost(cfg)) { +diff -aur dnssec-trigger-0.14/riggerd/svr.c dnssec-trigger-0.14-patched/riggerd/svr.c +--- dnssec-trigger-0.14/riggerd/svr.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/svr.c 2017-11-18 11:23:10.156724197 +0100 +@@ -162,10 +162,12 @@ + return 0; + } + /* no SSLv2 because has defects */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + log_crypto_err("could not set SSL_OP_NO_SSLv2"); + return 0; + } ++#endif + s_cert = s->cfg->server_cert_file; + s_key = s->cfg->server_key_file; + verbose(VERB_ALGO, "setup SSL certificates"); |