Switch open62541 crypto library from Mbed TLS to LibreSSL. Use
newer OpenSSL API that LibreSSL also provides. Use X509_check_issued instead of missing API until LibreSSL developers implement a more compatible solution. OK tb@
This commit is contained in:
parent
9d17f4c8fc
commit
744abf77d8
|
@ -1,10 +1,11 @@
|
|||
COMMENT = library implementation of OPC UA
|
||||
|
||||
VERSION = 1.3.4
|
||||
REVISION = 0
|
||||
DISTNAME = open62541-${VERSION}
|
||||
PKGNAME = open62541-${VERSION}
|
||||
|
||||
SHARED_LIBS = open62541 2.1
|
||||
SHARED_LIBS = open62541 3.0
|
||||
|
||||
CATEGORIES = misc
|
||||
|
||||
|
@ -15,7 +16,7 @@ MAINTAINER = Alexander Bluhm <bluhm@openbsd.org>
|
|||
# Mozilla Public License v2.0
|
||||
PERMIT_PACKAGE = Yes
|
||||
|
||||
WANTLIB = c m mbedcrypto mbedtls mbedx509 pthread
|
||||
WANTLIB = c crypto m pthread ssl tls
|
||||
|
||||
MASTER_SITES = https://github.com/open62541/open62541/
|
||||
MASTER_SITES0 = https://github.com/OPCFoundation/UA-Nodeset/archive/
|
||||
|
@ -32,13 +33,11 @@ BUILD_DEPENDS = devel/check \
|
|||
print/texlive/texmf,-full \
|
||||
textproc/py-sphinx,python3 \
|
||||
textproc/py-sphinx_rtd_theme,python3
|
||||
# needed to build with encryption
|
||||
LIB_DEPENDS = security/polarssl
|
||||
|
||||
CONFIGURE_ARGS = -DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
||||
-DOPEN62541_VERSION=v${VERSION} \
|
||||
-DBUILD_SHARED_LIBS=ON \
|
||||
-DUA_ENABLE_ENCRYPTION=ON \
|
||||
-DUA_ENABLE_ENCRYPTION=LIBRESSL \
|
||||
-DUA_ENABLE_AMALGAMATION=OFF \
|
||||
-DUA_PACK_DEBIAN=ON \
|
||||
-DUA_BUILD_TOOLS=ON \
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
Index: plugins/crypto/openssl/ua_openssl_version_abstraction.h
|
||||
--- plugins/crypto/openssl/ua_openssl_version_abstraction.h.orig
|
||||
+++ plugins/crypto/openssl/ua_openssl_version_abstraction.h
|
||||
@@ -17,15 +17,11 @@
|
||||
#error "OPENSSL_VERSION_NUMBER is not defined."
|
||||
#endif
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#define X509_STORE_CTX_set0_trusted_stack(STORE_CTX, CTX_SKTRUSTED) X509_STORE_CTX_trusted_stack(STORE_CTX, CTX_SKTRUSTED)
|
||||
#endif
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER)
|
||||
-#define X509_STORE_CTX_get_check_issued(STORE_CTX) STORE_CTX->check_issued
|
||||
-#endif
|
||||
-
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
|
||||
#define get_pkey_rsa(evp) ((evp)->pkey.rsa)
|
||||
#else
|
||||
#define get_pkey_rsa(evp) EVP_PKEY_get0_RSA(evp)
|
|
@ -0,0 +1,24 @@
|
|||
Replace X509_STORE_CTX_get_check_issued with X509_check_issued.
|
||||
https://github.com/libressl-portable/portable/issues/748
|
||||
|
||||
Index: plugins/crypto/openssl/ua_pki_openssl.c
|
||||
--- plugins/crypto/openssl/ua_pki_openssl.c.orig
|
||||
+++ plugins/crypto/openssl/ua_pki_openssl.c
|
||||
@@ -485,7 +485,7 @@ UA_CertificateVerification_Verify (void *
|
||||
/* Set flag to check if the certificate has an invalid signature */
|
||||
X509_STORE_CTX_set_flags (storeCtx, X509_V_FLAG_CHECK_SS_SIGNATURE);
|
||||
|
||||
- if (X509_STORE_CTX_get_check_issued(storeCtx) (storeCtx,certificateX509, certificateX509) != 1) {
|
||||
+ if (X509_check_issued (certificateX509, certificateX509) != X509_V_OK) {
|
||||
X509_STORE_CTX_set_flags (storeCtx, X509_V_FLAG_CRL_CHECK);
|
||||
}
|
||||
|
||||
@@ -505,7 +505,7 @@ UA_CertificateVerification_Verify (void *
|
||||
/* Check if the not trusted certificate has a CRL file. If there is no CRL file available for the corresponding
|
||||
* parent certificate then return status code UA_STATUSCODE_BADCERTIFICATEISSUERREVOCATIONUNKNOWN. Refer the test
|
||||
* case CTT/Security/Security Certificate Validation/002.js */
|
||||
- if (X509_STORE_CTX_get_check_issued (storeCtx) (storeCtx,certificateX509, certificateX509) != 1) {
|
||||
+ if (X509_check_issued (certificateX509, certificateX509) != X509_V_OK) {
|
||||
/* Free X509_STORE_CTX and reuse it for certification verification */
|
||||
if (storeCtx != NULL) {
|
||||
X509_STORE_CTX_free(storeCtx);
|
|
@ -40,7 +40,6 @@ include/open62541/util.h
|
|||
@comment include/ziptree.h
|
||||
lib/cmake/
|
||||
lib/cmake/open62541/
|
||||
lib/cmake/open62541/FindMbedTLS.cmake
|
||||
lib/cmake/open62541/open62541Config.cmake
|
||||
lib/cmake/open62541/open62541ConfigVersion.cmake
|
||||
lib/cmake/open62541/open62541Macros.cmake
|
||||
|
|
Loading…
Reference in New Issue