Use accessors instead of reaching inside the SSL_CTX struct.

ok jturner (maintainer)
2021-04-28 19:43:54 +00:00 · 2021-04-28 19:43:54 +00:00 · 44902beeb9
commit 44902beeb9
parent c85a77f1bb
2 changed files with 56 additions and 2 deletions
--- a/mail/pop3d/Makefile
+++ b/mail/pop3d/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.9 2019/07/12 20:47:36 sthen Exp $
+# $OpenBSD: Makefile,v 1.10 2021/04/28 19:43:54 tb Exp $

 COMMENT =		POP3 daemon with POP3S and STARTTLS extensions

@ -8,7 +8,7 @@ GH_PROJECT =		pop3d
 GH_TAGNAME =		v${VERSION}
 DISTNAME =		${GH_PROJECT}-${VERSION}
 CATEGORIES =		mail
-REVISION =		0
+REVISION =		1

 MAINTAINER =		James Turner <james@calminferno.net>

--- a/mail/pop3d/patches/patch-ssl_privsep_c
+++ b/mail/pop3d/patches/patch-ssl_privsep_c
@ -0,0 +1,54 @@
+$OpenBSD: patch-ssl_privsep_c,v 1.1 2021/04/28 19:43:54 tb Exp $
+
+Index: ssl_privsep.c
+--- ssl_privsep.c.orig
+++ ssl_privsep.c
+@@ -111,8 +111,8 @@ ssl_ctx_use_private_key(SSL_CTX *ctx, char *buf, off_t
+ 	}
+ 
+ 	pkey = PEM_read_bio_PrivateKey(in, NULL,
+-	    ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata);
+	    SSL_CTX_get_default_passwd_cb(ctx),
+	    SSL_CTX_get_default_passwd_cb_userdata(ctx));
+ 
+ 	if (pkey == NULL) {
+ 		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB);
+@@ -145,8 +145,8 @@ ssl_ctx_use_certificate_chain(SSL_CTX *ctx, char *buf,
+ 	}
+ 
+ 	if ((x = PEM_read_bio_X509(in, NULL,
+-	    ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata)) == NULL) {
+	    SSL_CTX_get_default_passwd_cb(ctx),
+	    SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) {
+ 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+ 		goto end;
+ 	}
+@@ -158,14 +158,11 @@ ssl_ctx_use_certificate_chain(SSL_CTX *ctx, char *buf,
+ 	 * the CA certificates.
+ 	 */
+ 
+-	if (ctx->extra_certs != NULL) {
+-		sk_X509_pop_free(ctx->extra_certs, X509_free);
+-		ctx->extra_certs = NULL;
+-	}
+	SSL_CTX_clear_extra_chain_certs(ctx);
+ 
+ 	while ((ca = PEM_read_bio_X509(in, NULL,
+-	    ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata)) != NULL) {
+	    SSL_CTX_get_default_passwd_cb(ctx),
+	    SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
+ 
+ 		if (!SSL_CTX_add_extra_chain_cert(ctx, ca))
+ 			goto end;
+@@ -195,7 +192,7 @@ ssl_ctx_load_verify_memory(SSL_CTX *ctx, char *buf, of
+ 	X509_LOOKUP		*lu;
+ 	struct iovec		 iov;
+ 
+-	if ((lu = X509_STORE_add_lookup(ctx->cert_store,
+	if ((lu = X509_STORE_add_lookup(SSL_CTX_get_cert_store(ctx),
+ 	    &x509_mem_lookup)) == NULL)
+ 		return (0);
+