Hanno Böck commited on 2015-02-21 12:00:56
Zeige 3 geänderte Dateien mit 982 Einfügungen und 0 Löschungen.
... | ... |
@@ -0,0 +1,611 @@ |
1 |
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest |
|
2 |
+ |
|
3 |
+--- openssl-1.0.2/apps/s_apps.h |
|
4 |
++++ openssl-1.0.2/apps/s_apps.h |
|
5 |
+@@ -154,7 +154,7 @@ |
|
6 |
+ int do_server(int port, int type, int *ret, |
|
7 |
+ int (*cb) (char *hostname, int s, int stype, |
|
8 |
+ unsigned char *context), unsigned char *context, |
|
9 |
+- int naccept); |
|
10 |
++ int naccept, int use_ipv4, int use_ipv6); |
|
11 |
+ #ifdef HEADER_X509_H |
|
12 |
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
|
13 |
+ #endif |
|
14 |
+@@ -167,7 +167,8 @@ |
|
15 |
+ int ssl_print_curves(BIO *out, SSL *s, int noshared); |
|
16 |
+ #endif |
|
17 |
+ int ssl_print_tmp_key(BIO *out, SSL *s); |
|
18 |
+-int init_client(int *sock, char *server, int port, int type); |
|
19 |
++int init_client(int *sock, char *server, int port, int type, |
|
20 |
++ int use_ipv4, int use_ipv6); |
|
21 |
+ int should_retry(int i); |
|
22 |
+ int extract_port(char *str, short *port_ptr); |
|
23 |
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip, |
|
24 |
+--- openssl-1.0.2/apps/s_client.c |
|
25 |
++++ openssl-1.0.2/apps/s_client.c |
|
26 |
+@@ -302,6 +302,10 @@ |
|
27 |
+ { |
|
28 |
+ BIO_printf(bio_err, "usage: s_client args\n"); |
|
29 |
+ BIO_printf(bio_err, "\n"); |
|
30 |
++ BIO_printf(bio_err, " -4 - use IPv4 only\n"); |
|
31 |
++#if OPENSSL_USE_IPV6 |
|
32 |
++ BIO_printf(bio_err, " -6 - use IPv6 only\n"); |
|
33 |
++#endif |
|
34 |
+ BIO_printf(bio_err, " -host host - use -connect instead\n"); |
|
35 |
+ BIO_printf(bio_err, " -port port - use -connect instead\n"); |
|
36 |
+ BIO_printf(bio_err, |
|
37 |
+@@ -658,6 +662,7 @@ |
|
38 |
+ int sbuf_len, sbuf_off; |
|
39 |
+ fd_set readfds, writefds; |
|
40 |
+ short port = PORT; |
|
41 |
++ int use_ipv4, use_ipv6; |
|
42 |
+ int full_log = 1; |
|
43 |
+ char *host = SSL_HOST_NAME; |
|
44 |
+ char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; |
|
45 |
+@@ -709,7 +714,11 @@ |
|
46 |
+ #endif |
|
47 |
+ char *sess_in = NULL; |
|
48 |
+ char *sess_out = NULL; |
|
49 |
+- struct sockaddr peer; |
|
50 |
++#if OPENSSL_USE_IPV6 |
|
51 |
++ struct sockaddr_storage peer; |
|
52 |
++#else |
|
53 |
++ struct sockaddr_in peer; |
|
54 |
++#endif |
|
55 |
+ int peerlen = sizeof(peer); |
|
56 |
+ int fallback_scsv = 0; |
|
57 |
+ int enable_timeouts = 0; |
|
58 |
+@@ -737,6 +746,12 @@ |
|
59 |
+ |
|
60 |
+ meth = SSLv23_client_method(); |
|
61 |
+ |
|
62 |
++ use_ipv4 = 1; |
|
63 |
++#if OPENSSL_USE_IPV6 |
|
64 |
++ use_ipv6 = 1; |
|
65 |
++#else |
|
66 |
++ use_ipv6 = 0; |
|
67 |
++#endif |
|
68 |
+ apps_startup(); |
|
69 |
+ c_Pause = 0; |
|
70 |
+ c_quiet = 0; |
|
71 |
+@@ -1096,6 +1111,16 @@ |
|
72 |
+ jpake_secret = *++argv; |
|
73 |
+ } |
|
74 |
+ #endif |
|
75 |
++ else if (strcmp(*argv,"-4") == 0) { |
|
76 |
++ use_ipv4 = 1; |
|
77 |
++ use_ipv6 = 0; |
|
78 |
++ } |
|
79 |
++#if OPENSSL_USE_IPV6 |
|
80 |
++ else if (strcmp(*argv,"-6") == 0) { |
|
81 |
++ use_ipv4 = 0; |
|
82 |
++ use_ipv6 = 1; |
|
83 |
++ } |
|
84 |
++#endif |
|
85 |
+ #ifndef OPENSSL_NO_SRTP |
|
86 |
+ else if (strcmp(*argv, "-use_srtp") == 0) { |
|
87 |
+ if (--argc < 1) |
|
88 |
+@@ -1421,7 +1446,7 @@ |
|
89 |
+ |
|
90 |
+ re_start: |
|
91 |
+ |
|
92 |
+- if (init_client(&s, host, port, socket_type) == 0) { |
|
93 |
++ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) { |
|
94 |
+ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); |
|
95 |
+ SHUTDOWN(s); |
|
96 |
+ goto end; |
|
97 |
+@@ -1444,7 +1469,7 @@ |
|
98 |
+ if (socket_type == SOCK_DGRAM) { |
|
99 |
+ |
|
100 |
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE); |
|
101 |
+- if (getsockname(s, &peer, (void *)&peerlen) < 0) { |
|
102 |
++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) { |
|
103 |
+ BIO_printf(bio_err, "getsockname:errno=%d\n", |
|
104 |
+ get_last_socket_error()); |
|
105 |
+ SHUTDOWN(s); |
|
106 |
+--- openssl-1.0.2/apps/s_server.c |
|
107 |
++++ openssl-1.0.2/apps/s_server.c |
|
108 |
+@@ -643,6 +643,10 @@ |
|
109 |
+ BIO_printf(bio_err, |
|
110 |
+ " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
|
111 |
+ #endif |
|
112 |
++ BIO_printf(bio_err, " -4 - use IPv4 only\n"); |
|
113 |
++#if OPENSSL_USE_IPV6 |
|
114 |
++ BIO_printf(bio_err, " -6 - use IPv6 only\n"); |
|
115 |
++#endif |
|
116 |
+ BIO_printf(bio_err, |
|
117 |
+ " -keymatexport label - Export keying material using label\n"); |
|
118 |
+ BIO_printf(bio_err, |
|
119 |
+@@ -1070,6 +1074,7 @@ |
|
120 |
+ int state = 0; |
|
121 |
+ const SSL_METHOD *meth = NULL; |
|
122 |
+ int socket_type = SOCK_STREAM; |
|
123 |
++ int use_ipv4, use_ipv6; |
|
124 |
+ ENGINE *e = NULL; |
|
125 |
+ char *inrand = NULL; |
|
126 |
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; |
|
127 |
+@@ -1111,6 +1116,12 @@ |
|
128 |
+ |
|
129 |
+ meth = SSLv23_server_method(); |
|
130 |
+ |
|
131 |
++ use_ipv4 = 1; |
|
132 |
++#if OPENSSL_USE_IPV6 |
|
133 |
++ use_ipv6 = 1; |
|
134 |
++#else |
|
135 |
++ use_ipv6 = 0; |
|
136 |
++#endif |
|
137 |
+ local_argc = argc; |
|
138 |
+ local_argv = argv; |
|
139 |
+ |
|
140 |
+@@ -1503,6 +1514,16 @@ |
|
141 |
+ jpake_secret = *(++argv); |
|
142 |
+ } |
|
143 |
+ #endif |
|
144 |
++ else if (strcmp(*argv,"-4") == 0) { |
|
145 |
++ use_ipv4 = 1; |
|
146 |
++ use_ipv6 = 0; |
|
147 |
++ } |
|
148 |
++#if OPENSSL_USE_IPV6 |
|
149 |
++ else if (strcmp(*argv,"-6") == 0) { |
|
150 |
++ use_ipv4 = 0; |
|
151 |
++ use_ipv6 = 1; |
|
152 |
++ } |
|
153 |
++#endif |
|
154 |
+ #ifndef OPENSSL_NO_SRTP |
|
155 |
+ else if (strcmp(*argv, "-use_srtp") == 0) { |
|
156 |
+ if (--argc < 1) |
|
157 |
+@@ -2023,13 +2044,13 @@ |
|
158 |
+ (void)BIO_flush(bio_s_out); |
|
159 |
+ if (rev) |
|
160 |
+ do_server(port, socket_type, &accept_socket, rev_body, context, |
|
161 |
+- naccept); |
|
162 |
++ naccept, use_ipv4, use_ipv6); |
|
163 |
+ else if (www) |
|
164 |
+ do_server(port, socket_type, &accept_socket, www_body, context, |
|
165 |
+- naccept); |
|
166 |
++ naccept, use_ipv4, use_ipv6); |
|
167 |
+ else |
|
168 |
+ do_server(port, socket_type, &accept_socket, sv_body, context, |
|
169 |
+- naccept); |
|
170 |
++ naccept, use_ipv4, use_ipv6); |
|
171 |
+ print_stats(bio_s_out, ctx); |
|
172 |
+ ret = 0; |
|
173 |
+ end: |
|
174 |
+--- openssl-1.0.2/apps/s_socket.c |
|
175 |
++++ openssl-1.0.2/apps/s_socket.c |
|
176 |
+@@ -101,16 +101,16 @@ |
|
177 |
+ # include "netdb.h" |
|
178 |
+ # endif |
|
179 |
+ |
|
180 |
+-static struct hostent *GetHostByName(char *name); |
|
181 |
++static struct hostent *GetHostByName(char *name, int domain); |
|
182 |
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
|
183 |
+ static void ssl_sock_cleanup(void); |
|
184 |
+ # endif |
|
185 |
+ static int ssl_sock_init(void); |
|
186 |
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); |
|
187 |
+-static int init_server(int *sock, int port, int type); |
|
188 |
+-static int init_server_long(int *sock, int port, char *ip, int type); |
|
189 |
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); |
|
190 |
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); |
|
191 |
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); |
|
192 |
+ static int do_accept(int acc_sock, int *sock, char **host); |
|
193 |
+-static int host_ip(char *str, unsigned char ip[4]); |
|
194 |
++static int host_ip(char *str, unsigned char *ip, int domain); |
|
195 |
+ |
|
196 |
+ # ifdef OPENSSL_SYS_WIN16 |
|
197 |
+ # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
|
198 |
+@@ -231,38 +231,68 @@ |
|
199 |
+ return (1); |
|
200 |
+ } |
|
201 |
+ |
|
202 |
+-int init_client(int *sock, char *host, int port, int type) |
|
203 |
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) |
|
204 |
+ { |
|
205 |
++# if OPENSSL_USE_IPV6 |
|
206 |
++ unsigned char ip[16]; |
|
207 |
++# else |
|
208 |
+ unsigned char ip[4]; |
|
209 |
++# endif |
|
210 |
+ |
|
211 |
+- memset(ip, '\0', sizeof ip); |
|
212 |
+- if (!host_ip(host, &(ip[0]))) |
|
213 |
+- return 0; |
|
214 |
+- return init_client_ip(sock, ip, port, type); |
|
215 |
+-} |
|
216 |
+- |
|
217 |
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
|
218 |
+-{ |
|
219 |
+- unsigned long addr; |
|
220 |
++ if (use_ipv4) |
|
221 |
++ if (host_ip(host, ip, AF_INET)) |
|
222 |
++ return(init_client_ip(sock, ip, port, type, AF_INET)); |
|
223 |
++# if OPENSSL_USE_IPV6 |
|
224 |
++ if (use_ipv6) |
|
225 |
++ if (host_ip(host, ip, AF_INET6)) |
|
226 |
++ return(init_client_ip(sock, ip, port, type, AF_INET6)); |
|
227 |
++# endif |
|
228 |
++ return 0; |
|
229 |
++} |
|
230 |
++ |
|
231 |
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) |
|
232 |
++{ |
|
233 |
++# if OPENSSL_USE_IPV6 |
|
234 |
++ struct sockaddr_storage them; |
|
235 |
++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; |
|
236 |
++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; |
|
237 |
++# else |
|
238 |
+ struct sockaddr_in them; |
|
239 |
++ struct sockaddr_in *them_in = &them; |
|
240 |
++# endif |
|
241 |
++ socklen_t addr_len; |
|
242 |
+ int s, i; |
|
243 |
+ |
|
244 |
+ if (!ssl_sock_init()) |
|
245 |
+ return (0); |
|
246 |
+ |
|
247 |
+ memset((char *)&them, 0, sizeof(them)); |
|
248 |
+- them.sin_family = AF_INET; |
|
249 |
+- them.sin_port = htons((unsigned short)port); |
|
250 |
+- addr = (unsigned long) |
|
251 |
+- ((unsigned long)ip[0] << 24L) | |
|
252 |
+- ((unsigned long)ip[1] << 16L) | |
|
253 |
+- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); |
|
254 |
+- them.sin_addr.s_addr = htonl(addr); |
|
255 |
++ if (domain == AF_INET) { |
|
256 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
|
257 |
++ them_in->sin_family=AF_INET; |
|
258 |
++ them_in->sin_port=htons((unsigned short)port); |
|
259 |
++# ifndef BIT_FIELD_LIMITS |
|
260 |
++ memcpy(&them_in->sin_addr.s_addr, ip, 4); |
|
261 |
++# else |
|
262 |
++ memcpy(&them_in->sin_addr, ip, 4); |
|
263 |
++# endif |
|
264 |
++ } |
|
265 |
++ else |
|
266 |
++# if OPENSSL_USE_IPV6 |
|
267 |
++ { |
|
268 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
|
269 |
++ them_in6->sin6_family=AF_INET6; |
|
270 |
++ them_in6->sin6_port=htons((unsigned short)port); |
|
271 |
++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); |
|
272 |
++ } |
|
273 |
++# else |
|
274 |
++ return(0); |
|
275 |
++# endif |
|
276 |
+ |
|
277 |
+ if (type == SOCK_STREAM) |
|
278 |
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
|
279 |
++ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); |
|
280 |
+ else /* ( type == SOCK_DGRAM) */ |
|
281 |
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
|
282 |
++ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); |
|
283 |
+ |
|
284 |
+ if (s == INVALID_SOCKET) { |
|
285 |
+ perror("socket"); |
|
286 |
+@@ -280,7 +310,7 @@ |
|
287 |
+ } |
|
288 |
+ # endif |
|
289 |
+ |
|
290 |
+- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { |
|
291 |
++ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) { |
|
292 |
+ closesocket(s); |
|
293 |
+ perror("connect"); |
|
294 |
+ return (0); |
|
295 |
+@@ -292,14 +322,14 @@ |
|
296 |
+ int do_server(int port, int type, int *ret, |
|
297 |
+ int (*cb) (char *hostname, int s, int stype, |
|
298 |
+ unsigned char *context), unsigned char *context, |
|
299 |
+- int naccept) |
|
300 |
++ int naccept, int use_ipv4, int use_ipv6) |
|
301 |
+ { |
|
302 |
+ int sock; |
|
303 |
+ char *name = NULL; |
|
304 |
+ int accept_socket = 0; |
|
305 |
+ int i; |
|
306 |
+ |
|
307 |
+- if (!init_server(&accept_socket, port, type)) |
|
308 |
++ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6)) |
|
309 |
+ return (0); |
|
310 |
+ |
|
311 |
+ if (ret != NULL) { |
|
312 |
+@@ -328,32 +358,41 @@ |
|
313 |
+ } |
|
314 |
+ } |
|
315 |
+ |
|
316 |
+-static int init_server_long(int *sock, int port, char *ip, int type) |
|
317 |
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) |
|
318 |
+ { |
|
319 |
+ int ret = 0; |
|
320 |
++ int domain; |
|
321 |
++# if OPENSSL_USE_IPV6 |
|
322 |
++ struct sockaddr_storage server; |
|
323 |
++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; |
|
324 |
++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; |
|
325 |
++# else |
|
326 |
+ struct sockaddr_in server; |
|
327 |
++ struct sockaddr_in *server_in = &server; |
|
328 |
++# endif |
|
329 |
++ socklen_t addr_len; |
|
330 |
+ int s = -1; |
|
331 |
+ |
|
332 |
++ if (!use_ipv4 && !use_ipv6) |
|
333 |
++ goto err; |
|
334 |
++# if OPENSSL_USE_IPV6 |
|
335 |
++ /* we are fine here */ |
|
336 |
++# else |
|
337 |
++ if (use_ipv6) |
|
338 |
++ goto err; |
|
339 |
++# endif |
|
340 |
+ if (!ssl_sock_init()) |
|
341 |
+ return (0); |
|
342 |
+ |
|
343 |
+- memset((char *)&server, 0, sizeof(server)); |
|
344 |
+- server.sin_family = AF_INET; |
|
345 |
+- server.sin_port = htons((unsigned short)port); |
|
346 |
+- if (ip == NULL) |
|
347 |
+- server.sin_addr.s_addr = INADDR_ANY; |
|
348 |
+- else |
|
349 |
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ |
|
350 |
+-# ifndef BIT_FIELD_LIMITS |
|
351 |
+- memcpy(&server.sin_addr.s_addr, ip, 4); |
|
352 |
++#if OPENSSL_USE_IPV6 |
|
353 |
++ domain = use_ipv6 ? AF_INET6 : AF_INET; |
|
354 |
+ # else |
|
355 |
+- memcpy(&server.sin_addr, ip, 4); |
|
356 |
++ domain = AF_INET; |
|
357 |
+ # endif |
|
358 |
+- |
|
359 |
+ if (type == SOCK_STREAM) |
|
360 |
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); |
|
361 |
+- else /* type == SOCK_DGRAM */ |
|
362 |
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); |
|
363 |
++ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); |
|
364 |
++ else /* type == SOCK_DGRAM */ |
|
365 |
++ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP); |
|
366 |
+ |
|
367 |
+ if (s == INVALID_SOCKET) |
|
368 |
+ goto err; |
|
369 |
+@@ -363,7 +402,42 @@ |
|
370 |
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); |
|
371 |
+ } |
|
372 |
+ # endif |
|
373 |
+- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { |
|
374 |
++# if OPENSSL_USE_IPV6 |
|
375 |
++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) { |
|
376 |
++ const int on = 1; |
|
377 |
++ |
|
378 |
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, |
|
379 |
++ (const void *) &on, sizeof(int)); |
|
380 |
++ } |
|
381 |
++# endif |
|
382 |
++ if (domain == AF_INET) { |
|
383 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
|
384 |
++ memset(server_in, 0, sizeof(struct sockaddr_in)); |
|
385 |
++ server_in->sin_family=AF_INET; |
|
386 |
++ server_in->sin_port = htons((unsigned short)port); |
|
387 |
++ if (ip == NULL) |
|
388 |
++ server_in->sin_addr.s_addr = htonl(INADDR_ANY); |
|
389 |
++ else |
|
390 |
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ |
|
391 |
++# ifndef BIT_FIELD_LIMITS |
|
392 |
++ memcpy(&server_in->sin_addr.s_addr, ip, 4); |
|
393 |
++# else |
|
394 |
++ memcpy(&server_in->sin_addr, ip, 4); |
|
395 |
++# endif |
|
396 |
++ } |
|
397 |
++# if OPENSSL_USE_IPV6 |
|
398 |
++ else { |
|
399 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
|
400 |
++ memset(server_in6, 0, sizeof(struct sockaddr_in6)); |
|
401 |
++ server_in6->sin6_family = AF_INET6; |
|
402 |
++ server_in6->sin6_port = htons((unsigned short)port); |
|
403 |
++ if (ip == NULL) |
|
404 |
++ server_in6->sin6_addr = in6addr_any; |
|
405 |
++ else |
|
406 |
++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); |
|
407 |
++ } |
|
408 |
++# endif |
|
409 |
++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) { |
|
410 |
+ # ifndef OPENSSL_SYS_WINDOWS |
|
411 |
+ perror("bind"); |
|
412 |
+ # endif |
|
413 |
+@@ -381,16 +455,23 @@ |
|
414 |
+ return (ret); |
|
415 |
+ } |
|
416 |
+ |
|
417 |
+-static int init_server(int *sock, int port, int type) |
|
418 |
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) |
|
419 |
+ { |
|
420 |
+- return (init_server_long(sock, port, NULL, type)); |
|
421 |
++ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); |
|
422 |
+ } |
|
423 |
+ |
|
424 |
+ static int do_accept(int acc_sock, int *sock, char **host) |
|
425 |
+ { |
|
426 |
+ int ret; |
|
427 |
+ struct hostent *h1, *h2; |
|
428 |
+- static struct sockaddr_in from; |
|
429 |
++#if OPENSSL_USE_IPV6 |
|
430 |
++ struct sockaddr_storage from; |
|
431 |
++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; |
|
432 |
++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; |
|
433 |
++#else |
|
434 |
++ struct sockaddr_in from; |
|
435 |
++ struct sockaddr_in *from_in = &from; |
|
436 |
++#endif |
|
437 |
+ int len; |
|
438 |
+ /* struct linger ling; */ |
|
439 |
+ |
|
440 |
+@@ -440,14 +521,25 @@ |
|
441 |
+ |
|
442 |
+ if (host == NULL) |
|
443 |
+ goto end; |
|
444 |
++# if OPENSSL_USE_IPV6 |
|
445 |
++ if (from.ss_family == AF_INET) |
|
446 |
++# else |
|
447 |
++ if (from.sin_family == AF_INET) |
|
448 |
++# endif |
|
449 |
+ # ifndef BIT_FIELD_LIMITS |
|
450 |
+- /* I should use WSAAsyncGetHostByName() under windows */ |
|
451 |
+- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, |
|
452 |
+- sizeof(from.sin_addr.s_addr), AF_INET); |
|
453 |
++ /* I should use WSAAsyncGetHostByName() under windows */ |
|
454 |
++ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, |
|
455 |
++ sizeof(from_in->sin_addr.s_addr), AF_INET); |
|
456 |
+ # else |
|
457 |
+- h1 = gethostbyaddr((char *)&from.sin_addr, |
|
458 |
+- sizeof(struct in_addr), AF_INET); |
|
459 |
++ h1 = gethostbyaddr((char *)&from_in->sin_addr, |
|
460 |
++ sizeof(struct in_addr), AF_INET); |
|
461 |
++# endif |
|
462 |
++# if OPENSSL_USE_IPV6 |
|
463 |
++ else |
|
464 |
++ h1 = gethostbyaddr((char *)&from_in6->sin6_addr, |
|
465 |
++ sizeof(struct in6_addr), AF_INET6); |
|
466 |
+ # endif |
|
467 |
++ |
|
468 |
+ if (h1 == NULL) { |
|
469 |
+ BIO_printf(bio_err, "bad gethostbyaddr\n"); |
|
470 |
+ *host = NULL; |
|
471 |
+@@ -460,14 +552,22 @@ |
|
472 |
+ } |
|
473 |
+ BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); |
|
474 |
+ |
|
475 |
+- h2 = GetHostByName(*host); |
|
476 |
++# if OPENSSL_USE_IPV6 |
|
477 |
++ h2=GetHostByName(*host, from.ss_family); |
|
478 |
++# else |
|
479 |
++ h2=GetHostByName(*host, from.sin_family); |
|
480 |
++# endif |
|
481 |
+ if (h2 == NULL) { |
|
482 |
+ BIO_printf(bio_err, "gethostbyname failure\n"); |
|
483 |
+ closesocket(ret); |
|
484 |
+ return (0); |
|
485 |
+ } |
|
486 |
+- if (h2->h_addrtype != AF_INET) { |
|
487 |
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
|
488 |
++# if OPENSSL_USE_IPV6 |
|
489 |
++ if (h2->h_addrtype != from.ss_family) { |
|
490 |
++# else |
|
491 |
++ if (h2->h_addrtype != from.sin_family) { |
|
492 |
++# endif |
|
493 |
++ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); |
|
494 |
+ closesocket(ret); |
|
495 |
+ return (0); |
|
496 |
+ } |
|
497 |
+@@ -483,14 +583,14 @@ |
|
498 |
+ char *h, *p; |
|
499 |
+ |
|
500 |
+ h = str; |
|
501 |
+- p = strchr(str, ':'); |
|
502 |
++ p = strrchr(str, ':'); |
|
503 |
+ if (p == NULL) { |
|
504 |
+ BIO_printf(bio_err, "no port defined\n"); |
|
505 |
+ return (0); |
|
506 |
+ } |
|
507 |
+ *(p++) = '\0'; |
|
508 |
+ |
|
509 |
+- if ((ip != NULL) && !host_ip(str, ip)) |
|
510 |
++ if ((ip != NULL) && !host_ip(str, ip, AF_INET)) |
|
511 |
+ goto err; |
|
512 |
+ if (host_ptr != NULL) |
|
513 |
+ *host_ptr = h; |
|
514 |
+@@ -502,44 +602,51 @@ |
|
515 |
+ return (0); |
|
516 |
+ } |
|
517 |
+ |
|
518 |
+-static int host_ip(char *str, unsigned char ip[4]) |
|
519 |
++static int host_ip(char *str, unsigned char *ip, int domain) |
|
520 |
+ { |
|
521 |
+ unsigned int in[4]; |
|
522 |
++ unsigned long l; |
|
523 |
+ int i; |
|
524 |
+ |
|
525 |
+- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == |
|
526 |
+- 4) { |
|
527 |
++ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) { |
|
528 |
+ for (i = 0; i < 4; i++) |
|
529 |
+ if (in[i] > 255) { |
|
530 |
+ BIO_printf(bio_err, "invalid IP address\n"); |
|
531 |
+ goto err; |
|
532 |
+ } |
|
533 |
+- ip[0] = in[0]; |
|
534 |
+- ip[1] = in[1]; |
|
535 |
+- ip[2] = in[2]; |
|
536 |
+- ip[3] = in[3]; |
|
537 |
+- } else { /* do a gethostbyname */ |
|
538 |
++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); |
|
539 |
++ memcpy(ip, &l, 4); |
|
540 |
++ return 1; |
|
541 |
++ } |
|
542 |
++# if OPENSSL_USE_IPV6 |
|
543 |
++ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1)) |
|
544 |
++ return 1; |
|
545 |
++# endif |
|
546 |
++ else { /* do a gethostbyname */ |
|
547 |
+ struct hostent *he; |
|
548 |
+ |
|
549 |
+ if (!ssl_sock_init()) |
|
550 |
+ return (0); |
|
551 |
+ |
|
552 |
+- he = GetHostByName(str); |
|
553 |
++ he = GetHostByName(str, domain); |
|
554 |
+ if (he == NULL) { |
|
555 |
+ BIO_printf(bio_err, "gethostbyname failure\n"); |
|
556 |
+ goto err; |
|
557 |
+ } |
|
558 |
+ /* cast to short because of win16 winsock definition */ |
|
559 |
+- if ((short)he->h_addrtype != AF_INET) { |
|
560 |
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); |
|
561 |
++ if ((short)he->h_addrtype != domain) { |
|
562 |
++ BIO_printf(bio_err, "gethostbyname addr is not correct\n"); |
|
563 |
+ return (0); |
|
564 |
+ } |
|
565 |
+- ip[0] = he->h_addr_list[0][0]; |
|
566 |
+- ip[1] = he->h_addr_list[0][1]; |
|
567 |
+- ip[2] = he->h_addr_list[0][2]; |
|
568 |
+- ip[3] = he->h_addr_list[0][3]; |
|
569 |
++ if (domain == AF_INET) |
|
570 |
++ memset(ip, 0, 4); |
|
571 |
++# if OPENSSL_USE_IPV6 |
|
572 |
++ else |
|
573 |
++ memset(ip, 0, 16); |
|
574 |
++# endif |
|
575 |
++ memcpy(ip, he->h_addr_list[0], he->h_length); |
|
576 |
++ return 1; |
|
577 |
+ } |
|
578 |
+- return (1); |
|
579 |
+ err: |
|
580 |
+ return (0); |
|
581 |
+ } |
|
582 |
+@@ -573,7 +680,7 @@ |
|
583 |
+ static unsigned long ghbn_hits = 0L; |
|
584 |
+ static unsigned long ghbn_miss = 0L; |
|
585 |
+ |
|
586 |
+-static struct hostent *GetHostByName(char *name) |
|
587 |
++static struct hostent *GetHostByName(char *name, int domain) |
|
588 |
+ { |
|
589 |
+ struct hostent *ret; |
|
590 |
+ int i, lowi = 0; |
|
591 |
+@@ -585,13 +692,18 @@ |
|
592 |
+ lowi = i; |
|
593 |
+ } |
|
594 |
+ if (ghbn_cache[i].order > 0) { |
|
595 |
+- if (strncmp(name, ghbn_cache[i].name, 128) == 0) |
|
596 |
++ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain)) |
|
597 |
+ break; |
|
598 |
+ } |
|
599 |
+ } |
|
600 |
+ if (i == GHBN_NUM) { /* no hit */ |
|
601 |
+ ghbn_miss++; |
|
602 |
+- ret = gethostbyname(name); |
|
603 |
++ if (domain == AF_INET) |
|
604 |
++ ret = gethostbyname(name); |
|
605 |
++# if OPENSSL_USE_IPV6 |
|
606 |
++ else |
|
607 |
++ ret = gethostbyname2(name, AF_INET6); |
|
608 |
++# endif |
|
609 |
+ if (ret == NULL) |
|
610 |
+ return (NULL); |
|
611 |
+ /* else add to cache */ |
... | ... |
@@ -0,0 +1,354 @@ |
1 |
+http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest |
|
2 |
+ |
|
3 |
+--- a/Makefile.org |
|
4 |
++++ b/Makefile.org |
|
5 |
+@@ -247,17 +247,17 @@ |
|
6 |
+ build_libs: build_crypto build_ssl build_engines |
|
7 |
+ |
|
8 |
+ build_crypto: |
|
9 |
+- @dir=crypto; target=all; $(BUILD_ONE_CMD) |
|
10 |
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) |
|
11 |
+-build_ssl: |
|
12 |
++build_ssl: build_crypto |
|
13 |
+- @dir=ssl; target=all; $(BUILD_ONE_CMD) |
|
14 |
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) |
|
15 |
+-build_engines: |
|
16 |
++build_engines: build_crypto |
|
17 |
+- @dir=engines; target=all; $(BUILD_ONE_CMD) |
|
18 |
++ +@dir=engines; target=all; $(BUILD_ONE_CMD) |
|
19 |
+-build_apps: |
|
20 |
++build_apps: build_libs |
|
21 |
+- @dir=apps; target=all; $(BUILD_ONE_CMD) |
|
22 |
++ +@dir=apps; target=all; $(BUILD_ONE_CMD) |
|
23 |
+-build_tests: |
|
24 |
++build_tests: build_libs |
|
25 |
+- @dir=test; target=all; $(BUILD_ONE_CMD) |
|
26 |
++ +@dir=test; target=all; $(BUILD_ONE_CMD) |
|
27 |
+-build_tools: |
|
28 |
++build_tools: build_libs |
|
29 |
+- @dir=tools; target=all; $(BUILD_ONE_CMD) |
|
30 |
++ +@dir=tools; target=all; $(BUILD_ONE_CMD) |
|
31 |
+ |
|
32 |
+ all_testapps: build_libs build_testapps |
|
33 |
+ build_testapps: |
|
34 |
+@@ -497,9 +497,9 @@ |
|
35 |
+ dist_pem_h: |
|
36 |
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) |
|
37 |
+ |
|
38 |
+-install: all install_docs install_sw |
|
39 |
++install: install_docs install_sw |
|
40 |
+ |
|
41 |
+-install_sw: |
|
42 |
++install_dirs: |
|
43 |
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ |
|
44 |
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ |
|
45 |
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ |
|
46 |
+@@ -508,6 +508,13 @@ |
|
47 |
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ |
|
48 |
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ |
|
49 |
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private |
|
50 |
++ @$(PERL) $(TOP)/util/mkdir-p.pl \ |
|
51 |
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ |
|
52 |
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ |
|
53 |
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ |
|
54 |
++ $(INSTALL_PREFIX)$(MANDIR)/man7 |
|
55 |
++ |
|
56 |
++install_sw: install_dirs |
|
57 |
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ |
|
58 |
+ do \ |
|
59 |
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
|
60 |
+@@ -511,7 +511,7 @@ |
|
61 |
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
|
62 |
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
|
63 |
+ done; |
|
64 |
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD) |
|
65 |
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) |
|
66 |
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ |
|
67 |
+ do \ |
|
68 |
+ if [ -f "$$i" ]; then \ |
|
69 |
+@@ -593,12 +600,7 @@ |
|
70 |
+ done; \ |
|
71 |
+ done |
|
72 |
+ |
|
73 |
+-install_docs: |
|
74 |
+- @$(PERL) $(TOP)/util/mkdir-p.pl \ |
|
75 |
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \ |
|
76 |
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \ |
|
77 |
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \ |
|
78 |
+- $(INSTALL_PREFIX)$(MANDIR)/man7 |
|
79 |
++install_docs: install_dirs |
|
80 |
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ |
|
81 |
+ here="`pwd`"; \ |
|
82 |
+ filecase=; \ |
|
83 |
+--- a/Makefile.shared |
|
84 |
++++ b/Makefile.shared |
|
85 |
+@@ -105,6 +105,7 @@ LINK_SO= \ |
|
86 |
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ |
|
87 |
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ |
|
88 |
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ |
|
89 |
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ |
|
90 |
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ |
|
91 |
+ $${SHAREDCMD} $${SHAREDFLAGS} \ |
|
92 |
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ |
|
93 |
+@@ -122,6 +124,7 @@ SYMLINK_SO= \ |
|
94 |
+ done; \ |
|
95 |
+ fi; \ |
|
96 |
+ if [ -n "$$SHLIB_SOVER" ]; then \ |
|
97 |
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ |
|
98 |
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ |
|
99 |
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ |
|
100 |
+ fi; \ |
|
101 |
+--- a/crypto/Makefile |
|
102 |
++++ b/crypto/Makefile |
|
103 |
+@@ -85,11 +85,11 @@ |
|
104 |
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi |
|
105 |
+ |
|
106 |
+ subdirs: |
|
107 |
+- @target=all; $(RECURSIVE_MAKE) |
|
108 |
++ +@target=all; $(RECURSIVE_MAKE) |
|
109 |
+ |
|
110 |
+ files: |
|
111 |
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO |
|
112 |
+- @target=files; $(RECURSIVE_MAKE) |
|
113 |
++ +@target=files; $(RECURSIVE_MAKE) |
|
114 |
+ |
|
115 |
+ links: |
|
116 |
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) |
|
117 |
+@@ -100,7 +100,7 @@ |
|
118 |
+ # lib: $(LIB): are splitted to avoid end-less loop |
|
119 |
+ lib: $(LIB) |
|
120 |
+ @touch lib |
|
121 |
+-$(LIB): $(LIBOBJ) |
|
122 |
++$(LIB): $(LIBOBJ) | subdirs |
|
123 |
+ $(AR) $(LIB) $(LIBOBJ) |
|
124 |
+ $(RANLIB) $(LIB) || echo Never mind. |
|
125 |
+ |
|
126 |
+@@ -110,7 +110,7 @@ |
|
127 |
+ fi |
|
128 |
+ |
|
129 |
+ libs: |
|
130 |
+- @target=lib; $(RECURSIVE_MAKE) |
|
131 |
++ +@target=lib; $(RECURSIVE_MAKE) |
|
132 |
+ |
|
133 |
+ install: |
|
134 |
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... |
|
135 |
+@@ -119,7 +119,7 @@ |
|
136 |
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ |
|
137 |
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ |
|
138 |
+ done; |
|
139 |
+- @target=install; $(RECURSIVE_MAKE) |
|
140 |
++ +@target=install; $(RECURSIVE_MAKE) |
|
141 |
+ |
|
142 |
+ lint: |
|
143 |
+ @target=lint; $(RECURSIVE_MAKE) |
|
144 |
+--- a/engines/Makefile |
|
145 |
++++ b/engines/Makefile |
|
146 |
+@@ -72,7 +72,7 @@ |
|
147 |
+ |
|
148 |
+ all: lib subdirs |
|
149 |
+ |
|
150 |
+-lib: $(LIBOBJ) |
|
151 |
++lib: $(LIBOBJ) | subdirs |
|
152 |
+ @if [ -n "$(SHARED_LIBS)" ]; then \ |
|
153 |
+ set -e; \ |
|
154 |
+ for l in $(LIBNAMES); do \ |
|
155 |
+@@ -89,7 +89,7 @@ |
|
156 |
+ |
|
157 |
+ subdirs: |
|
158 |
+ echo $(EDIRS) |
|
159 |
+- @target=all; $(RECURSIVE_MAKE) |
|
160 |
++ +@target=all; $(RECURSIVE_MAKE) |
|
161 |
+ |
|
162 |
+ files: |
|
163 |
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO |
|
164 |
+@@ -128,7 +128,7 @@ |
|
165 |
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ |
|
166 |
+ done; \ |
|
167 |
+ fi |
|
168 |
+- @target=install; $(RECURSIVE_MAKE) |
|
169 |
++ +@target=install; $(RECURSIVE_MAKE) |
|
170 |
+ |
|
171 |
+ tags: |
|
172 |
+ ctags $(SRC) |
|
173 |
+--- a/test/Makefile |
|
174 |
++++ b/test/Makefile |
|
175 |
+@@ -123,7 +123,7 @@ |
|
176 |
+ tags: |
|
177 |
+ ctags $(SRC) |
|
178 |
+ |
|
179 |
+-tests: exe apps $(TESTS) |
|
180 |
++tests: exe $(TESTS) |
|
181 |
+ |
|
182 |
+ apps: |
|
183 |
+ @(cd ..; $(MAKE) DIRS=apps all) |
|
184 |
+@@ -365,109 +365,109 @@ |
|
185 |
+ link_app.$${shlib_target} |
|
186 |
+ |
|
187 |
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) |
|
188 |
+- @target=$(RSATEST); $(BUILD_CMD) |
|
189 |
++ +@target=$(RSATEST); $(BUILD_CMD) |
|
190 |
+ |
|
191 |
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) |
|
192 |
+- @target=$(BNTEST); $(BUILD_CMD) |
|
193 |
++ +@target=$(BNTEST); $(BUILD_CMD) |
|
194 |
+ |
|
195 |
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) |
|
196 |
+- @target=$(ECTEST); $(BUILD_CMD) |
|
197 |
++ +@target=$(ECTEST); $(BUILD_CMD) |
|
198 |
+ |
|
199 |
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) |
|
200 |
+- @target=$(EXPTEST); $(BUILD_CMD) |
|
201 |
++ +@target=$(EXPTEST); $(BUILD_CMD) |
|
202 |
+ |
|
203 |
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) |
|
204 |
+- @target=$(IDEATEST); $(BUILD_CMD) |
|
205 |
++ +@target=$(IDEATEST); $(BUILD_CMD) |
|
206 |
+ |
|
207 |
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) |
|
208 |
+- @target=$(MD2TEST); $(BUILD_CMD) |
|
209 |
++ +@target=$(MD2TEST); $(BUILD_CMD) |
|
210 |
+ |
|
211 |
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) |
|
212 |
+- @target=$(SHATEST); $(BUILD_CMD) |
|
213 |
++ +@target=$(SHATEST); $(BUILD_CMD) |
|
214 |
+ |
|
215 |
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) |
|
216 |
+- @target=$(SHA1TEST); $(BUILD_CMD) |
|
217 |
++ +@target=$(SHA1TEST); $(BUILD_CMD) |
|
218 |
+ |
|
219 |
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) |
|
220 |
+- @target=$(SHA256TEST); $(BUILD_CMD) |
|
221 |
++ +@target=$(SHA256TEST); $(BUILD_CMD) |
|
222 |
+ |
|
223 |
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) |
|
224 |
+- @target=$(SHA512TEST); $(BUILD_CMD) |
|
225 |
++ +@target=$(SHA512TEST); $(BUILD_CMD) |
|
226 |
+ |
|
227 |
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) |
|
228 |
+- @target=$(RMDTEST); $(BUILD_CMD) |
|
229 |
++ +@target=$(RMDTEST); $(BUILD_CMD) |
|
230 |
+ |
|
231 |
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) |
|
232 |
+- @target=$(MDC2TEST); $(BUILD_CMD) |
|
233 |
++ +@target=$(MDC2TEST); $(BUILD_CMD) |
|
234 |
+ |
|
235 |
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) |
|
236 |
+- @target=$(MD4TEST); $(BUILD_CMD) |
|
237 |
++ +@target=$(MD4TEST); $(BUILD_CMD) |
|
238 |
+ |
|
239 |
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) |
|
240 |
+- @target=$(MD5TEST); $(BUILD_CMD) |
|
241 |
++ +@target=$(MD5TEST); $(BUILD_CMD) |
|
242 |
+ |
|
243 |
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) |
|
244 |
+- @target=$(HMACTEST); $(BUILD_CMD) |
|
245 |
++ +@target=$(HMACTEST); $(BUILD_CMD) |
|
246 |
+ |
|
247 |
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) |
|
248 |
+- @target=$(WPTEST); $(BUILD_CMD) |
|
249 |
++ +@target=$(WPTEST); $(BUILD_CMD) |
|
250 |
+ |
|
251 |
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) |
|
252 |
+- @target=$(RC2TEST); $(BUILD_CMD) |
|
253 |
++ +@target=$(RC2TEST); $(BUILD_CMD) |
|
254 |
+ |
|
255 |
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) |
|
256 |
+- @target=$(BFTEST); $(BUILD_CMD) |
|
257 |
++ +@target=$(BFTEST); $(BUILD_CMD) |
|
258 |
+ |
|
259 |
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) |
|
260 |
+- @target=$(CASTTEST); $(BUILD_CMD) |
|
261 |
++ +@target=$(CASTTEST); $(BUILD_CMD) |
|
262 |
+ |
|
263 |
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) |
|
264 |
+- @target=$(RC4TEST); $(BUILD_CMD) |
|
265 |
++ +@target=$(RC4TEST); $(BUILD_CMD) |
|
266 |
+ |
|
267 |
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) |
|
268 |
+- @target=$(RC5TEST); $(BUILD_CMD) |
|
269 |
++ +@target=$(RC5TEST); $(BUILD_CMD) |
|
270 |
+ |
|
271 |
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) |
|
272 |
+- @target=$(DESTEST); $(BUILD_CMD) |
|
273 |
++ +@target=$(DESTEST); $(BUILD_CMD) |
|
274 |
+ |
|
275 |
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) |
|
276 |
+- @target=$(RANDTEST); $(BUILD_CMD) |
|
277 |
++ +@target=$(RANDTEST); $(BUILD_CMD) |
|
278 |
+ |
|
279 |
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) |
|
280 |
+- @target=$(DHTEST); $(BUILD_CMD) |
|
281 |
++ +@target=$(DHTEST); $(BUILD_CMD) |
|
282 |
+ |
|
283 |
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) |
|
284 |
+- @target=$(DSATEST); $(BUILD_CMD) |
|
285 |
++ +@target=$(DSATEST); $(BUILD_CMD) |
|
286 |
+ |
|
287 |
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) |
|
288 |
+- @target=$(METHTEST); $(BUILD_CMD) |
|
289 |
++ +@target=$(METHTEST); $(BUILD_CMD) |
|
290 |
+ |
|
291 |
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) |
|
292 |
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD) |
|
293 |
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) |
|
294 |
+ |
|
295 |
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) |
|
296 |
+- @target=$(ENGINETEST); $(BUILD_CMD) |
|
297 |
++ +@target=$(ENGINETEST); $(BUILD_CMD) |
|
298 |
+ |
|
299 |
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) |
|
300 |
+- @target=$(EVPTEST); $(BUILD_CMD) |
|
301 |
++ +@target=$(EVPTEST); $(BUILD_CMD) |
|
302 |
+ |
|
303 |
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) |
|
304 |
+- @target=$(ECDSATEST); $(BUILD_CMD) |
|
305 |
++ +@target=$(ECDSATEST); $(BUILD_CMD) |
|
306 |
+ |
|
307 |
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) |
|
308 |
+- @target=$(ECDHTEST); $(BUILD_CMD) |
|
309 |
++ +@target=$(ECDHTEST); $(BUILD_CMD) |
|
310 |
+ |
|
311 |
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) |
|
312 |
+- @target=$(IGETEST); $(BUILD_CMD) |
|
313 |
++ +@target=$(IGETEST); $(BUILD_CMD) |
|
314 |
+ |
|
315 |
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) |
|
316 |
+- @target=$(JPAKETEST); $(BUILD_CMD) |
|
317 |
++ +@target=$(JPAKETEST); $(BUILD_CMD) |
|
318 |
+ |
|
319 |
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) |
|
320 |
+- @target=$(ASN1TEST); $(BUILD_CMD) |
|
321 |
++ +@target=$(ASN1TEST); $(BUILD_CMD) |
|
322 |
+ |
|
323 |
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) |
|
324 |
+- @target=$(SRPTEST); $(BUILD_CMD) |
|
325 |
++ +@target=$(SRPTEST); $(BUILD_CMD) |
|
326 |
+ |
|
327 |
+ #$(AESTEST).o: $(AESTEST).c |
|
328 |
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c |
|
329 |
+@@ -480,7 +480,7 @@ |
|
330 |
+ # fi |
|
331 |
+ |
|
332 |
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) |
|
333 |
+- @target=dummytest; $(BUILD_CMD) |
|
334 |
++ +@target=dummytest; $(BUILD_CMD) |
|
335 |
+ |
|
336 |
+ # DO NOT DELETE THIS LINE -- make depend depends on it. |
|
337 |
+ |
|
338 |
+--- a/crypto/objects/Makefile |
|
339 |
++++ b/crypto/objects/Makefile |
|
340 |
+@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h |
|
341 |
+ # objects.pl both reads and writes obj_mac.num |
|
342 |
+ obj_mac.h: objects.pl objects.txt obj_mac.num |
|
343 |
+ $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h |
|
344 |
+- @sleep 1; touch obj_mac.h; sleep 1 |
|
345 |
+ |
|
346 |
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num |
|
347 |
++# This doesn't really need obj_mac.h, but since that rule reads & writes |
|
348 |
++# obj_mac.num, we can't run in parallel with it. |
|
349 |
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h |
|
350 |
+ $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h |
|
351 |
+- @sleep 1; touch obj_xref.h; sleep 1 |
|
352 |
+ |
|
353 |
+ files: |
|
354 |
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO |
... | ... |
@@ -0,0 +1,17 @@ |
1 |
+https://bugs.gentoo.org/472584 |
|
2 |
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest |
|
3 |
+ |
|
4 |
+fix verification handling in s_client. when loading paths, make sure |
|
5 |
+we properly fallback to setting the default paths. |
|
6 |
+ |
|
7 |
+--- openssl-1.0.2/apps/s_client.c |
|
8 |
++++ openssl-1.0.2/apps/s_client.c |
|
9 |
+@@ -1337,7 +1337,7 @@ |
|
10 |
+ |
|
11 |
+ SSL_CTX_set_verify(ctx, verify, verify_callback); |
|
12 |
+ |
|
13 |
+- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || |
|
14 |
++ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) && |
|
15 |
+ (!SSL_CTX_set_default_verify_paths(ctx))) { |
|
16 |
+ /* |
|
17 |
+ * BIO_printf(bio_err,"error setting default verify locations\n"); |
|
0 | 18 |