o Security fix: "Konqueror (kssl to be precisely) fails to detect

certificates as invalid that have been signed by an issuer who is not allowed to do so. A patch for this problem has been commited to both the CVS HEAD branch and the KDE_3_0_BRANCH" from message by [1] o Bump PORTREVISION Submitted by: Andy Fawcett <andy@athame.co.uk>, Waldo Bastian <bastian@kde.org> [1] Reviewed by: kde Approved by: kde Obtained from: KDE CVS HEAD
svn path=/head/; revision=64458
2002-08-13 01:34:11 +00:00 · 2002-08-13 01:34:11 +00:00 · 7a3194891b · 2021-03-31 03:12:20 +00:00
commit 7a3194891b
parent 5305a255f0
8 changed files with 130 additions and 0 deletions
--- a/x11/kdelibs3/Makefile
+++ b/x11/kdelibs3/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	kdelibs
 PORTVERSION=	${KDE_VERSION}
+PORTREVISION=	1
 CATEGORIES?=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	stable/${PORTVERSION}/src
--- a/x11/kdelibs3/files/patch-kopenssl.cc
+++ b/x11/kdelibs3/files/patch-kopenssl.cc
@ -0,0 +1,35 @@
+Index: kio/kssl/kopenssl.cc
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.cc,v
+retrieving revision 1.58.2.1
+retrieving revision 1.58.2.2
+diff -u -3 -p -r1.58.2.1 -r1.58.2.2
+--- kio/kssl/kopenssl.cc	2002/04/10 22:00:44	1.58.2.1
+++ kio/kssl/kopenssl.cc	2002/08/12 16:45:14	1.58.2.2
+@@ -105,6 +105,7 @@ static int (*K_SSL_CTX_use_certificate) 
+ static int (*K_SSL_get_error) (SSL*, int) = NULL;
+ static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = NULL;
+ static void (*K_X509_STORE_CTX_set_chain) (X509_STORE_CTX *, STACK_OF(X509)*) = NULL;
+static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = NULL;
+ static void (*K_sk_free) (STACK*) = NULL;
+ static int (*K_sk_num) (STACK*) = NULL;
+ static char* (*K_sk_pop) (STACK*) = NULL;
+@@ -348,6 +349,7 @@ KConfig *cfg;
+       K_X509_REQ_free = (void (*)(X509_REQ*)) _cryptoLib->symbol("X509_REQ_free");
+       K_X509_REQ_new = (X509_REQ* (*)()) _cryptoLib->symbol("X509_REQ_new");
+       K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set_chain");
+      K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) _cryptoLib->symbol("X509_STORE_CTX_set_purpose");
+       K_sk_free = (void (*) (STACK *)) _cryptoLib->symbol("sk_free");
+       K_sk_num = (int (*) (STACK *)) _cryptoLib->symbol("sk_num");
+       K_sk_pop = (char* (*) (STACK *)) _cryptoLib->symbol("sk_pop");
+@@ -930,6 +932,10 @@ char *KOpenSSLProxy::sk_value(STACK *s, 
+ 
+ void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) {
+    if (K_X509_STORE_CTX_set_chain) (K_X509_STORE_CTX_set_chain)(v,x);
+}
+
+void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) {
+   if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose);
+ }
+ 
+ 
--- a/x11/kdelibs3/files/patch-kopenssl.h
+++ b/x11/kdelibs3/files/patch-kopenssl.h
@ -0,0 +1,19 @@
+Index: kio/kssl/kopenssl.h
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.h,v
+retrieving revision 1.37.2.1
+retrieving revision 1.37.2.2
+diff -u -3 -p -r1.37.2.1 -r1.37.2.2
+--- kio/kssl/kopenssl.h	2002/04/10 22:00:44	1.37.2.1
+++ kio/kssl/kopenssl.h	2002/08/12 16:45:14	1.37.2.2
+@@ -309,6 +309,10 @@ public:
+     */
+    void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x);
+ 
+   /*
+    *   X509_STORE_CTX_set_purpose - set the purpose of the certificate 
+    */
+   void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
+ 
+    /*
+     *   X509_verify_cert - verify the certificate
--- a/x11/kdelibs3/files/patch-ksslcertificate.cc
+++ b/x11/kdelibs3/files/patch-ksslcertificate.cc
@ -0,0 +1,10 @@
+--- kio/kssl/ksslcertificate.cc.orig	Sat Dec  1 01:30:03 2001
+++ kio/kssl/ksslcertificate.cc	Mon Aug 12 22:28:40 2002
+@@ -544,6 +544,7 @@
+     //
+ 
+     // int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+    d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, X509_PURPOSE_SSL_SERVER);
+ 
+     //kdDebug(7029) << "KSSL verifying.............." << endl;
+     certStoreCTX->error = X509_V_OK;
--- a/x11/kdelibs4/Makefile
+++ b/x11/kdelibs4/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	kdelibs
 PORTVERSION=	${KDE_VERSION}
+PORTREVISION=	1
 CATEGORIES?=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	stable/${PORTVERSION}/src
--- a/x11/kdelibs4/files/patch-kopenssl.cc
+++ b/x11/kdelibs4/files/patch-kopenssl.cc
@ -0,0 +1,35 @@
+Index: kio/kssl/kopenssl.cc
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.cc,v
+retrieving revision 1.58.2.1
+retrieving revision 1.58.2.2
+diff -u -3 -p -r1.58.2.1 -r1.58.2.2
+--- kio/kssl/kopenssl.cc	2002/04/10 22:00:44	1.58.2.1
+++ kio/kssl/kopenssl.cc	2002/08/12 16:45:14	1.58.2.2
+@@ -105,6 +105,7 @@ static int (*K_SSL_CTX_use_certificate) 
+ static int (*K_SSL_get_error) (SSL*, int) = NULL;
+ static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = NULL;
+ static void (*K_X509_STORE_CTX_set_chain) (X509_STORE_CTX *, STACK_OF(X509)*) = NULL;
+static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = NULL;
+ static void (*K_sk_free) (STACK*) = NULL;
+ static int (*K_sk_num) (STACK*) = NULL;
+ static char* (*K_sk_pop) (STACK*) = NULL;
+@@ -348,6 +349,7 @@ KConfig *cfg;
+       K_X509_REQ_free = (void (*)(X509_REQ*)) _cryptoLib->symbol("X509_REQ_free");
+       K_X509_REQ_new = (X509_REQ* (*)()) _cryptoLib->symbol("X509_REQ_new");
+       K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set_chain");
+      K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) _cryptoLib->symbol("X509_STORE_CTX_set_purpose");
+       K_sk_free = (void (*) (STACK *)) _cryptoLib->symbol("sk_free");
+       K_sk_num = (int (*) (STACK *)) _cryptoLib->symbol("sk_num");
+       K_sk_pop = (char* (*) (STACK *)) _cryptoLib->symbol("sk_pop");
+@@ -930,6 +932,10 @@ char *KOpenSSLProxy::sk_value(STACK *s, 
+ 
+ void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) {
+    if (K_X509_STORE_CTX_set_chain) (K_X509_STORE_CTX_set_chain)(v,x);
+}
+
+void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) {
+   if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose);
+ }
+ 
+ 
--- a/x11/kdelibs4/files/patch-kopenssl.h
+++ b/x11/kdelibs4/files/patch-kopenssl.h
@ -0,0 +1,19 @@
+Index: kio/kssl/kopenssl.h
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kssl/kopenssl.h,v
+retrieving revision 1.37.2.1
+retrieving revision 1.37.2.2
+diff -u -3 -p -r1.37.2.1 -r1.37.2.2
+--- kio/kssl/kopenssl.h	2002/04/10 22:00:44	1.37.2.1
+++ kio/kssl/kopenssl.h	2002/08/12 16:45:14	1.37.2.2
+@@ -309,6 +309,10 @@ public:
+     */
+    void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x);
+ 
+   /*
+    *   X509_STORE_CTX_set_purpose - set the purpose of the certificate 
+    */
+   void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
+ 
+    /*
+     *   X509_verify_cert - verify the certificate
--- a/x11/kdelibs4/files/patch-ksslcertificate.cc
+++ b/x11/kdelibs4/files/patch-ksslcertificate.cc
@ -0,0 +1,10 @@
+--- kio/kssl/ksslcertificate.cc.orig	Sat Dec  1 01:30:03 2001
+++ kio/kssl/ksslcertificate.cc	Mon Aug 12 22:28:40 2002
+@@ -544,6 +544,7 @@
+     //
+ 
+     // int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+    d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, X509_PURPOSE_SSL_SERVER);
+ 
+     //kdDebug(7029) << "KSSL verifying.............." << endl;
+     certStoreCTX->error = X509_V_OK;