From befa250b4d620fab40ee5509b1d06d1ff20f2e0c Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Wed, 28 Jul 2021 14:48:06 +0200 Subject: [PATCH] Stunnel cannot use an encrypted private key being built against OpenSSL 3.0 Resolves: rhbz#1976854 --- stunnel-5.58-openssl30.patch | 19 +++++++++++++++++++ stunnel.spec | 8 +++++++- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 stunnel-5.58-openssl30.patch diff --git a/stunnel-5.58-openssl30.patch b/stunnel-5.58-openssl30.patch new file mode 100644 index 0000000..26cb588 --- /dev/null +++ b/stunnel-5.58-openssl30.patch @@ -0,0 +1,19 @@ +diff -up stunnel-5.58/src/ctx.c.openssl30 stunnel-5.58/src/ctx.c +--- stunnel-5.58/src/ctx.c.openssl30 2021-07-28 11:12:05.743832246 +0200 ++++ stunnel-5.58/src/ctx.c 2021-07-28 11:18:19.318021120 +0200 +@@ -1015,6 +1015,15 @@ NOEXPORT int ui_retry() { + default: + return 0; + } ++#ifdef ERR_LIB_OSSL_DECODER ++ case ERR_LIB_OSSL_DECODER: ++ switch(ERR_GET_REASON(err)) { ++ case ERR_R_UNSUPPORTED: ++ return 1; ++ default: ++ return 0; ++ } ++#endif + case ERR_LIB_USER: /* PKCS#11 hacks */ + switch(ERR_GET_REASON(err)) { + case 7UL: /* CKR_ARGUMENTS_BAD */ diff --git a/stunnel.spec b/stunnel.spec index 3ca3318..85a8548 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -10,7 +10,7 @@ Summary: A TLS-encrypting socket wrapper Name: stunnel Version: 5.58 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 URL: http://www.stunnel.org/ Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz @@ -27,6 +27,7 @@ Patch3: stunnel-5.56-system-ciphers.patch Patch4: stunnel-5.56-coverity.patch Patch5: stunnel-5.56-default-tls-version.patch Patch6: stunnel-5.56-curves-doc-update.patch +Patch7: stunnel-5.58-openssl30.patch # util-linux is needed for rename BuildRequires: make BuildRequires: gcc @@ -56,6 +57,7 @@ conjunction with imapd to create a TLS secure IMAP server. %patch4 -p1 -b .coverity %patch5 -p1 -b .default-tls-version %patch6 -p1 -b .curves-doc-update +%patch7 -p1 -b .openssl30 # Fix the configure script output for FIPS mode and stack protector flag sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure @@ -141,6 +143,10 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done) %systemd_postun_with_restart %{name}.service %changelog +* Wed Jul 28 2021 Dmitry Belyavskiy - 5.58-4 +- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0 +- Resolves: rhbz#1976854 + * Wed Jun 16 2021 Mohan Boddu - 5.58-3 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065