[arch-commits] Commit in mono/trunk (PKGBUILD tls_fix.patch)
Daniel Isenmann
daniel at archlinux.org
Mon Mar 28 12:40:22 UTC 2016
Date: Monday, March 28, 2016 @ 14:40:22
Author: daniel
Revision: 263206
upgpkg: mono 4.4.0.40-2
Fix for TLS in mono which broke nuget
Added:
mono/trunk/tls_fix.patch
Modified:
mono/trunk/PKGBUILD
---------------+
PKGBUILD | 9 +++--
tls_fix.patch | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 97 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-03-28 12:37:16 UTC (rev 263205)
+++ PKGBUILD 2016-03-28 12:40:22 UTC (rev 263206)
@@ -5,7 +5,7 @@
pkgname=mono
pkgver=4.4.0.40
_pkgver=4.4.0
-pkgrel=1
+pkgrel=2
pkgdesc="Free implementation of the .NET platform including runtime and compiler"
arch=(i686 x86_64)
license=('GPL' 'LGPL2.1' 'MPL' 'custom:MITX11')
@@ -16,10 +16,12 @@
install="${pkgname}.install"
source=(http://download.mono-project.com/sources/mono/${pkgname}-${pkgver}.tar.bz2
mono.binfmt.d
- mono_context.patch)
+ mono_context.patch
+ tls_fix.patch)
md5sums=('f9765c947421ec96ab30aa73f0f4659f'
'b9ef8a65fea497acf176cca16c1e2402'
- '9325e50a3fde354229c507801622b64b')
+ '9325e50a3fde354229c507801622b64b'
+ 'f354f332a66014743e1dfd0bde058ba7')
build() {
cd "${srcdir}"/${pkgname}-${_pkgver}
@@ -31,6 +33,7 @@
--bindir=/usr/bin \
--sbindir=/usr/bin \
--with-mcs-docs=no
+ patch -p1 < ../tls_fix.patch
make
# build jay
Added: tls_fix.patch
===================================================================
--- tls_fix.patch (rev 0)
+++ tls_fix.patch 2016-03-28 12:40:22 UTC (rev 263206)
@@ -0,0 +1,91 @@
+From 04eb667e1bc4282a22f291b39099b23611793851 Mon Sep 17 00:00:00 2001
+From: Martin Baulig <martin.baulig at xamarin.com>
+Date: Tue, 15 Mar 2016 18:50:08 -0400
+Subject: [PATCH] [System]: Fix certificate validation on Linux. Bug #39307.
+
+(cherry picked from commit 37b2b9fbc25a2199aba1d794117924d4828360a7)
+---
+ .../System/Mono.Net.Security/ChainValidationHelper.cs | 3 ---
+ .../Mono.Net.Security/SystemCertificateValidator.cs | 16 +++++++++++-----
+ 2 files changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
+index 70c6996..63a781d 100644
+--- a/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
++++ b/mcs/class/System/Mono.Net.Security/ChainValidationHelper.cs
+@@ -292,9 +292,6 @@ ValidationResult ValidateChain (string host, bool server, XX509CertificateCollec
+ if (wantsChain)
+ chain = SystemCertificateValidator.CreateX509Chain (certs);
+
+- if (wantsChain || SystemCertificateValidator.NeedsChain (settings))
+- SystemCertificateValidator.BuildX509Chain (certs, chain, ref errors, ref status11);
+-
+ bool providerValidated = false;
+ if (provider != null && provider.HasCustomSystemCertificateValidator) {
+ var xerrors = (MonoSslPolicyErrors)errors;
+diff --git a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
+index f0a0be3..dd67b66 100644
+--- a/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
++++ b/mcs/class/System/Mono.Net.Security/SystemCertificateValidator.cs
+@@ -86,13 +86,13 @@ public static X509Chain CreateX509Chain (XX509CertificateCollection certs)
+ return chain;
+ }
+
+- public static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
++ static bool BuildX509Chain (XX509CertificateCollection certs, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+ {
+ #if MOBILE
+- return true;
++ return false;
+ #else
+ if (is_macosx)
+- return true;
++ return false;
+
+ var leaf = (X509Certificate2)certs [0];
+
+@@ -130,7 +130,7 @@ static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPo
+ return false;
+ }
+
+- if (host != null && !CheckServerIdentity (leaf, host)) {
++ if (!string.IsNullOrEmpty (host) && !CheckServerIdentity (leaf, host)) {
+ errors |= SslPolicyErrors.RemoteCertificateNameMismatch;
+ status11 = -2146762481; // CERT_E_CN_NO_MATCH 0x800B010F
+ return false;
+@@ -143,7 +143,7 @@ static bool CheckUsage (XX509CertificateCollection certs, string host, ref SslPo
+ static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCollection anchors, string host, X509Chain chain, ref SslPolicyErrors errors, ref int status11)
+ {
+ var leaf = certs [0];
+- var result = false;
++ bool result;
+
+ #if MONODROID
+ result = AndroidPlatform.TrustEvaluateSsl (certs);
+@@ -166,6 +166,8 @@ static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCo
+ result = (trustResult == OSX509Certificates.SecTrustResult.Proceed ||
+ trustResult == OSX509Certificates.SecTrustResult.Unspecified);
+ } catch {
++ result = false;
++ errors |= SslPolicyErrors.RemoteCertificateChainErrors;
+ // Ignore
+ }
+
+@@ -178,6 +180,8 @@ static bool EvaluateSystem (XX509CertificateCollection certs, XX509CertificateCo
+ status11 = (int)trustResult;
+ errors |= SslPolicyErrors.RemoteCertificateChainErrors;
+ }
++ } else {
++ result = BuildX509Chain (certs, chain, ref errors, ref status11);
+ }
+ #endif
+
+@@ -203,6 +207,8 @@ internal static bool NeedsChain (MonoTlsSettings settings)
+ #if MOBILE
+ return false;
+ #else
++ if (!is_macosx)
++ return true;
+ if (!CertificateValidationHelper.SupportsX509Chain)
+ return false;
+ if (settings != null)
More information about the arch-commits
mailing list