Fix FTBFS because of openssl-1.1
This commit is contained in:
parent
603253e6f8
commit
842134a1f4
96
pegasus-2.14.1-openssl-1.1-fix.patch
Normal file
96
pegasus-2.14.1-openssl-1.1-fix.patch
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
|
||||||
|
--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100
|
||||||
|
+++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100
|
||||||
|
@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
|
||||||
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
|
||||||
|
|
||||||
|
//initialize the CRL store
|
||||||
|
- X509_STORE_CTX crlStoreCtx;
|
||||||
|
- X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
|
||||||
|
+ X509_STORE_CTX* crlStoreCtx;
|
||||||
|
+ crlStoreCtx = X509_STORE_CTX_new();
|
||||||
|
+ X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
|
||||||
|
|
||||||
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
|
||||||
|
"---> SSL: Initialized CRL store");
|
||||||
|
|
||||||
|
//attempt to get a CRL issued by the certificate's issuer
|
||||||
|
- X509_OBJECT obj;
|
||||||
|
+ X509_OBJECT* obj;
|
||||||
|
+ obj = X509_OBJECT_new();
|
||||||
|
if (X509_STORE_get_by_subject(
|
||||||
|
- &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
|
||||||
|
+ crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
|
||||||
|
{
|
||||||
|
- X509_STORE_CTX_cleanup(&crlStoreCtx);
|
||||||
|
+ X509_OBJECT_free(obj);
|
||||||
|
+ X509_STORE_CTX_cleanup(crlStoreCtx);
|
||||||
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
|
||||||
|
"---> SSL: No CRL by that issuer");
|
||||||
|
PEG_METHOD_EXIT();
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
- X509_STORE_CTX_cleanup(&crlStoreCtx);
|
||||||
|
+ X509_STORE_CTX_cleanup(crlStoreCtx);
|
||||||
|
|
||||||
|
//get CRL
|
||||||
|
- X509_CRL* crl = obj.data.crl;
|
||||||
|
+ X509_CRL* crl;
|
||||||
|
+ crl = X509_OBJECT_get0_X509_CRL(obj);
|
||||||
|
if (crl == NULL)
|
||||||
|
{
|
||||||
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
|
||||||
|
@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
|
||||||
|
{
|
||||||
|
revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
|
||||||
|
//a matching serial number indicates revocation
|
||||||
|
- if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
|
||||||
|
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
|
||||||
|
{
|
||||||
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
|
||||||
|
"---> SSL: Certificate is revoked");
|
||||||
|
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
|
||||||
|
- X509_CRL_free(crl);
|
||||||
|
+ X509_OBJECT_free(obj);
|
||||||
|
PEG_METHOD_EXIT();
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- X509_CRL_free(crl);
|
||||||
|
+ X509_OBJECT_free(obj);
|
||||||
|
|
||||||
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
|
||||||
|
"---> SSL: Certificate is not revoked at this level");
|
||||||
|
diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
|
||||||
|
--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100
|
||||||
|
+++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100
|
||||||
|
@@ -104,7 +104,11 @@ public:
|
||||||
|
|
||||||
|
//important as per following site for
|
||||||
|
//http://www.openssl.org/support/faq.html#PROG
|
||||||
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
|
CRYPTO_malloc_init();
|
||||||
|
+#else
|
||||||
|
+ OPENSSL_malloc_init();
|
||||||
|
+#endif
|
||||||
|
SSL_library_init();
|
||||||
|
SSL_load_error_strings();
|
||||||
|
}
|
||||||
|
diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
|
||||||
|
--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100
|
||||||
|
+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100
|
||||||
|
@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
|
||||||
|
for (int i = 0; i < numRevoked; i++)
|
||||||
|
{
|
||||||
|
r = sk_X509_REVOKED_value(revoked, i);
|
||||||
|
- rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
|
||||||
|
+ rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
|
||||||
|
sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
|
||||||
|
revokedSerialNumbers.append(String(serial));
|
||||||
|
|
||||||
|
- revocationDate = getDateTime(r->revocationDate);
|
||||||
|
+ revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
|
||||||
|
revocationDates.append(revocationDate);
|
||||||
|
}
|
||||||
|
|
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
Name: tog-pegasus
|
Name: tog-pegasus
|
||||||
Version: %{major_ver}.1
|
Version: %{major_ver}.1
|
||||||
Release: 38%{?dist}
|
Release: 39%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Summary: OpenPegasus WBEM Services for Linux
|
Summary: OpenPegasus WBEM Services for Linux
|
||||||
|
|
||||||
@ -96,6 +96,8 @@ Patch39: pegasus-2.14.1-fix-setup-sdk-ppc64le.patch
|
|||||||
Patch40: pegasus-2.14.1-tesid.patch
|
Patch40: pegasus-2.14.1-tesid.patch
|
||||||
# 41: moves SSL certificates to /etc/pki/Pegasus
|
# 41: moves SSL certificates to /etc/pki/Pegasus
|
||||||
Patch41: pegasus-2.14.1-ssl-cert-path.patch
|
Patch41: pegasus-2.14.1-ssl-cert-path.patch
|
||||||
|
# 42: port to openssl-1.1
|
||||||
|
Patch42: pegasus-2.14.1-openssl-1.1-fix.patch
|
||||||
|
|
||||||
BuildRequires: procps, libstdc++, pam-devel
|
BuildRequires: procps, libstdc++, pam-devel
|
||||||
BuildRequires: openssl, openssl-devel
|
BuildRequires: openssl, openssl-devel
|
||||||
@ -248,6 +250,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
|
|||||||
%patch39 -p1 -b .fix-setup-sdk-ppc64le
|
%patch39 -p1 -b .fix-setup-sdk-ppc64le
|
||||||
%patch40 -p1 -b .testid
|
%patch40 -p1 -b .testid
|
||||||
%patch41 -p1 -b .ssl-cert-path
|
%patch41 -p1 -b .ssl-cert-path
|
||||||
|
%patch42 -p1 -b .openssl-1.1-fix
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -543,6 +546,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 01 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-39
|
||||||
|
- Fix FTBFS because of openssl-1.1
|
||||||
|
Resolves: #1424141
|
||||||
|
|
||||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-38
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-38
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user