Adding d/p/11_fallback_for_gnutls from upstream

This commit is contained in:
Jan Wagner 2023-02-10 09:40:01 +00:00
parent 01c9312d4b
commit c1f3ca7ef3
2 changed files with 63 additions and 0 deletions

62
debian/patches/11_fallback_for_gnutls vendored Normal file
View file

@ -0,0 +1,62 @@
From 6f0ce3804a396ce89c09f50123e5f31b5b525b31 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 4 Feb 2023 16:19:46 +0100
Subject: [PATCH 1/2] fallback to SSL_CTX_use_certificate_file for gnutls
---
plugins/sslutils.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 286273f61..d542c499f 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,18 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
return STATE_CRITICAL;
}
if (cert && privkey) {
- SSL_CTX_use_certificate_chain_file(c, cert);
+#ifdef USE_OPENSSL
+ if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#else
+#if USE_GNUTLS
+ if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+#endif
+ printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+ return STATE_CRITICAL;
+ }
SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
#ifdef USE_OPENSSL
if (!SSL_CTX_check_private_key(c)) {
From 28b5a1cc454774474b98037acd283a1da4c3f7ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lorenz=20K=C3=A4stle?=
<12514511+RincewindsHat@users.noreply.github.com>
Date: Thu, 9 Feb 2023 00:35:20 +0100
Subject: [PATCH 2/2] Make preprocessor fallback for gnutls more readable
---
plugins/sslutils.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d542c499f..a7d801963 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -136,12 +136,10 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
if (cert && privkey) {
#ifdef USE_OPENSSL
if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
-#else
-#if USE_GNUTLS
+#elif USE_GNUTLS
if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
#else
#error Unported for unknown SSL library
-#endif
#endif
printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
return STATE_CRITICAL;

View file

@ -2,3 +2,4 @@
03_epn
# commited upstream
10_check_http_chunked_wo_actual_content
11_fallback_for_gnutls