diff options
Diffstat (limited to 'sys-cluster/csync2')
-rw-r--r-- | sys-cluster/csync2/files/csync2-1.34-gnutls.patch | 279 |
1 files changed, 0 insertions, 279 deletions
diff --git a/sys-cluster/csync2/files/csync2-1.34-gnutls.patch b/sys-cluster/csync2/files/csync2-1.34-gnutls.patch deleted file mode 100644 index 64af5229be74..000000000000 --- a/sys-cluster/csync2/files/csync2-1.34-gnutls.patch +++ /dev/null @@ -1,279 +0,0 @@ -Fixes build with >=net-libs/gnutls-2.7.1 - -http://bugs.gentoo.org/show_bug.cgi?id=274213 - ---- conn.c -+++ conn.c -@@ -32,7 +32,7 @@ - - #ifdef HAVE_LIBGNUTLS_OPENSSL - # include <gnutls/gnutls.h> --# include <gnutls/openssl.h> -+# include <gnutls/x509.h> - #endif - - int conn_fd_in = -1; -@@ -42,9 +42,8 @@ - #ifdef HAVE_LIBGNUTLS_OPENSSL - int csync_conn_usessl = 0; - --SSL_METHOD *conn_ssl_meth; --SSL_CTX *conn_ssl_ctx; --SSL *conn_ssl; -+static gnutls_session_t conn_tls_session; -+static gnutls_certificate_credentials_t conn_x509_cred; - #endif - - int conn_open(const char *peername) -@@ -112,41 +111,104 @@ - - #ifdef HAVE_LIBGNUTLS_OPENSSL - --char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem"; --char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem"; -+static void ssl_log(int level, const char* msg) -+{ csync_debug(level, "%s", msg); } -+ -+static const char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem"; -+static const char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem"; - - int conn_activate_ssl(int server_role) - { -- static int sslinit = 0; -+ gnutls_alert_description_t alrt; -+ int err; - - if (csync_conn_usessl) - return 0; - -- if (!sslinit) { -- SSL_load_error_strings(); -- SSL_library_init(); -- sslinit=1; -+ gnutls_global_init(); -+ gnutls_global_set_log_function(ssl_log); -+ gnutls_global_set_log_level(10); -+ -+ gnutls_certificate_allocate_credentials(&conn_x509_cred); -+ -+ err = gnutls_certificate_set_x509_key_file(conn_x509_cred, ssl_certfile, ssl_keyfile, GNUTLS_X509_FMT_PEM); -+ if(err != GNUTLS_E_SUCCESS) { -+ gnutls_certificate_free_credentials(conn_x509_cred); -+ gnutls_global_deinit(); -+ -+ csync_fatal( -+ "SSL: failed to use key file %s and/or certificate file %s: %s (%s)\n", -+ ssl_keyfile, -+ ssl_certfile, -+ gnutls_strerror(err), -+ gnutls_strerror_name(err) -+ ); - } - -- conn_ssl_meth = (server_role ? SSLv23_server_method : SSLv23_client_method)(); -- conn_ssl_ctx = SSL_CTX_new(conn_ssl_meth); -- -- if (SSL_CTX_use_PrivateKey_file(conn_ssl_ctx, ssl_keyfile, SSL_FILETYPE_PEM) <= 0) -- csync_fatal("SSL: failed to use key file %s.\n", ssl_keyfile); -- -- if (SSL_CTX_use_certificate_file(conn_ssl_ctx, ssl_certfile, SSL_FILETYPE_PEM) <= 0) -- csync_fatal("SSL: failed to use certificate file %s.\n", ssl_certfile); -+ if(server_role) { -+ gnutls_certificate_free_cas(conn_x509_cred); - -- if (! (conn_ssl = SSL_new(conn_ssl_ctx)) ) -- csync_fatal("Creating a new SSL handle failed.\n"); -- -- gnutls_certificate_server_set_request(conn_ssl->gnutls_state, GNUTLS_CERT_REQUIRE); -+ if(gnutls_certificate_set_x509_trust_file(conn_x509_cred, ssl_certfile, GNUTLS_X509_FMT_PEM) < 1) { -+ gnutls_certificate_free_credentials(conn_x509_cred); -+ gnutls_global_deinit(); -+ -+ csync_fatal( -+ "SSL: failed to use certificate file %s as CA.\n", -+ ssl_certfile -+ ); -+ } -+ } else -+ gnutls_certificate_free_ca_names(conn_x509_cred); - -- SSL_set_rfd(conn_ssl, conn_fd_in); -- SSL_set_wfd(conn_ssl, conn_fd_out); -+ gnutls_init(&conn_tls_session, (server_role ? GNUTLS_SERVER : GNUTLS_CLIENT)); -+ gnutls_priority_set_direct(conn_tls_session, "PERFORMANCE", NULL); -+ gnutls_credentials_set(conn_tls_session, GNUTLS_CRD_CERTIFICATE, conn_x509_cred); -+ -+ if(server_role) { -+ gnutls_certificate_send_x509_rdn_sequence(conn_tls_session, 0); -+ gnutls_certificate_server_set_request(conn_tls_session, GNUTLS_CERT_REQUIRE); -+ } - -- if ( (server_role ? SSL_accept : SSL_connect)(conn_ssl) < 1 ) -- csync_fatal("Establishing SSL connection failed.\n"); -+ gnutls_transport_set_ptr2( -+ conn_tls_session, -+ (gnutls_transport_ptr_t)conn_fd_in, -+ (gnutls_transport_ptr_t)conn_fd_out -+ ); -+ -+ err = gnutls_handshake(conn_tls_session); -+ switch(err) { -+ case GNUTLS_E_SUCCESS: -+ break; -+ -+ case GNUTLS_E_WARNING_ALERT_RECEIVED: -+ alrt = gnutls_alert_get(conn_tls_session); -+ fprintf( -+ csync_debug_out, -+ "SSL: warning alert received from peer: %d (%s).\n", -+ alrt, gnutls_alert_get_name(alrt) -+ ); -+ break; -+ -+ case GNUTLS_E_FATAL_ALERT_RECEIVED: -+ alrt = gnutls_alert_get(conn_tls_session); -+ fprintf( -+ csync_debug_out, -+ "SSL: fatal alert received from peer: %d (%s).\n", -+ alrt, gnutls_alert_get_name(alrt) -+ ); -+ -+ default: -+ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); -+ gnutls_deinit(conn_tls_session); -+ gnutls_certificate_free_credentials(conn_x509_cred); -+ gnutls_global_deinit(); -+ -+ csync_fatal( -+ "SSL: handshake failed: %s (%s)\n", -+ gnutls_strerror(err), -+ gnutls_strerror_name(err) -+ ); -+ } - - csync_conn_usessl = 1; - -@@ -155,15 +217,15 @@ - - int conn_check_peer_cert(const char *peername, int callfatal) - { -- const X509 *peercert; -+ const gnutls_datum_t *peercerts; -+ unsigned npeercerts; - int i, cert_is_ok = -1; - - if (!csync_conn_usessl) - return 1; - -- peercert = SSL_get_peer_certificate(conn_ssl); -- -- if (!peercert || peercert->size <= 0) { -+ peercerts = gnutls_certificate_get_peers(conn_tls_session, &npeercerts); -+ if(peercerts == NULL || npeercerts == 0) { - if (callfatal) - csync_fatal("Peer did not provide an SSL X509 cetrificate.\n"); - csync_debug(1, "Peer did not provide an SSL X509 cetrificate.\n"); -@@ -171,11 +233,11 @@ - } - - { -- char certdata[peercert->size*2 + 1]; -+ char certdata[2*peercerts[0].size + 1]; - -- for (i=0; i<peercert->size; i++) -- sprintf(certdata+i*2, "%02X", peercert->data[i]); -- certdata[peercert->size*2] = 0; -+ for (i=0; i<peercerts[0].size; i++) -+ sprintf(&certdata[2*i], "%02X", peercerts[0].data[i]); -+ certdata[2*i] = 0; - - SQL_BEGIN("Checking peer x509 certificate.", - "SELECT certdata FROM x509_cert WHERE peername = '%s'", -@@ -222,7 +284,12 @@ - if ( !conn_clisok ) return -1; - - #ifdef HAVE_LIBGNUTLS_OPENSSL -- if ( csync_conn_usessl ) SSL_free(conn_ssl); -+ if ( csync_conn_usessl ) { -+ gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); -+ gnutls_deinit(conn_tls_session); -+ gnutls_certificate_free_credentials(conn_x509_cred); -+ gnutls_global_deinit(); -+ } - #endif - - if ( conn_fd_in != conn_fd_out) close(conn_fd_in); -@@ -239,7 +306,7 @@ - { - #ifdef HAVE_LIBGNUTLS_OPENSSL - if (csync_conn_usessl) -- return SSL_read(conn_ssl, buf, count); -+ return gnutls_record_recv(conn_tls_session, buf, count); - else - #endif - return read(conn_fd_in, buf, count); -@@ -251,7 +318,7 @@ - - #ifdef HAVE_LIBGNUTLS_OPENSSL - if (csync_conn_usessl) -- return SSL_write(conn_ssl, buf, count); -+ return gnutls_record_send(conn_tls_session, buf, count); - else - #endif - { ---- configure.ac -+++ configure.ac -@@ -17,11 +17,10 @@ - # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - # Process this file with autoconf to produce a configure script. --AC_INIT(csync2, 1.34, clifford@clifford.at) -+AC_INIT([csync2], [1.34], clifford@clifford.at) - AM_INIT_AUTOMAKE - - AC_CONFIG_SRCDIR(csync2.c) --AM_CONFIG_HEADER(config.h) - - # Use /etc and /var instead of $prefix/... - test "$localstatedir" = '${prefix}/var' && localstatedir=/var -@@ -32,6 +31,7 @@ - AC_PROG_INSTALL - AC_PROG_YACC - AM_PROG_LEX -+PKG_PROG_PKG_CONFIG - - # Check for librsync. - AC_ARG_WITH([librsync-source], -@@ -58,19 +58,10 @@ - - if test "$enable_gnutls" != no - then -- -- # Check for gnuTLS. -- AM_PATH_LIBGNUTLS(1.0.0, , [ AC_MSG_ERROR([[gnutls not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]]) ]) -- -- # This is a bloody hack for fedora core -- CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS" -- LIBS="$LIBS $LIBGNUTLS_LIBS -ltasn1" -- -- # Check gnuTLS SSL compatibility lib. -- AC_CHECK_LIB([gnutls-openssl], [SSL_new], , [AC_MSG_ERROR([[gnutls-openssl not found; install gnutls, gnutls-openssl and libtasn1 packages for your system or run configure with --disable-gnutls]])]) -- -+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls] , [AC_DEFINE(HAVE_LIBGNUTLS_OPENSSL, 1, [Define to 1 if GnuTLS is available])]) - fi - -+AM_CONFIG_HEADER([config.h]) - AC_CONFIG_FILES([Makefile]) - AC_OUTPUT - ---- Makefile.am -+++ Makefile.am -@@ -24,6 +24,8 @@ - csync2_SOURCES = action.c cfgfile_parser.y cfgfile_scanner.l check.c \ - checktxt.c csync2.c daemon.c db.c error.c getrealfn.c \ - groups.c rsync.c update.c urlencode.c conn.c prefixsubst.c -+csync2_LDADD = @LIBGNUTLS_LIBS@ -+csync2_CFLAGS = @LIBGNUTLS_CFLAGS@ - - AM_YFLAGS = -d - BUILT_SOURCES = cfgfile_parser.h |