Fix FTBFS because of openssl-1.1

This commit is contained in:
Vitezslav Crhonek 2017-03-01 13:06:42 +01:00
parent 603253e6f8
commit 842134a1f4
2 changed files with 104 additions and 1 deletions

View File

@ -0,0 +1,96 @@
diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100
+++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100
@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
//initialize the CRL store
- X509_STORE_CTX crlStoreCtx;
- X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
+ X509_STORE_CTX* crlStoreCtx;
+ crlStoreCtx = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"---> SSL: Initialized CRL store");
//attempt to get a CRL issued by the certificate's issuer
- X509_OBJECT obj;
+ X509_OBJECT* obj;
+ obj = X509_OBJECT_new();
if (X509_STORE_get_by_subject(
- &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
+ crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
{
- X509_STORE_CTX_cleanup(&crlStoreCtx);
+ X509_OBJECT_free(obj);
+ X509_STORE_CTX_cleanup(crlStoreCtx);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
"---> SSL: No CRL by that issuer");
PEG_METHOD_EXIT();
return 0;
}
- X509_STORE_CTX_cleanup(&crlStoreCtx);
+ X509_STORE_CTX_cleanup(crlStoreCtx);
//get CRL
- X509_CRL* crl = obj.data.crl;
+ X509_CRL* crl;
+ crl = X509_OBJECT_get0_X509_CRL(obj);
if (crl == NULL)
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
{
revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
//a matching serial number indicates revocation
- if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
"---> SSL: Certificate is revoked");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
- X509_CRL_free(crl);
+ X509_OBJECT_free(obj);
PEG_METHOD_EXIT();
return 1;
}
}
- X509_CRL_free(crl);
+ X509_OBJECT_free(obj);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"---> SSL: Certificate is not revoked at this level");
diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100
+++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100
@@ -104,7 +104,11 @@ public:
//important as per following site for
//http://www.openssl.org/support/faq.html#PROG
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init();
+#else
+ OPENSSL_malloc_init();
+#endif
SSL_library_init();
SSL_load_error_strings();
}
diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100
+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100
@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
for (int i = 0; i < numRevoked; i++)
{
r = sk_X509_REVOKED_value(revoked, i);
- rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
+ rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
revokedSerialNumbers.append(String(serial));
- revocationDate = getDateTime(r->revocationDate);
+ revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
revocationDates.append(revocationDate);
}

View File

@ -8,7 +8,7 @@
Name: tog-pegasus Name: tog-pegasus
Version: %{major_ver}.1 Version: %{major_ver}.1
Release: 38%{?dist} Release: 39%{?dist}
Epoch: 2 Epoch: 2
Summary: OpenPegasus WBEM Services for Linux Summary: OpenPegasus WBEM Services for Linux
@ -96,6 +96,8 @@ Patch39: pegasus-2.14.1-fix-setup-sdk-ppc64le.patch
Patch40: pegasus-2.14.1-tesid.patch Patch40: pegasus-2.14.1-tesid.patch
# 41: moves SSL certificates to /etc/pki/Pegasus # 41: moves SSL certificates to /etc/pki/Pegasus
Patch41: pegasus-2.14.1-ssl-cert-path.patch Patch41: pegasus-2.14.1-ssl-cert-path.patch
# 42: port to openssl-1.1
Patch42: pegasus-2.14.1-openssl-1.1-fix.patch
BuildRequires: procps, libstdc++, pam-devel BuildRequires: procps, libstdc++, pam-devel
BuildRequires: openssl, openssl-devel BuildRequires: openssl, openssl-devel
@ -248,6 +250,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
%patch39 -p1 -b .fix-setup-sdk-ppc64le %patch39 -p1 -b .fix-setup-sdk-ppc64le
%patch40 -p1 -b .testid %patch40 -p1 -b .testid
%patch41 -p1 -b .ssl-cert-path %patch41 -p1 -b .ssl-cert-path
%patch42 -p1 -b .openssl-1.1-fix
%build %build
@ -543,6 +546,10 @@ fi
%changelog %changelog
* Wed Mar 01 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-39
- Fix FTBFS because of openssl-1.1
Resolves: #1424141
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-38 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-38
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild