[arch-commits] Commit in sslsplit/repos (3 files)
Jan de Groot
jgc at archlinux.org
Tue Mar 21 23:24:11 UTC 2017
Date: Tuesday, March 21, 2017 @ 23:24:11
Author: jgc
Revision: 218242
archrelease: copy trunk to community-staging-x86_64
Added:
sslsplit/repos/community-staging-x86_64/
sslsplit/repos/community-staging-x86_64/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch
(from rev 218241, sslsplit/trunk/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch)
sslsplit/repos/community-staging-x86_64/PKGBUILD
(from rev 218241, sslsplit/trunk/PKGBUILD)
-----------------------------------------------------------------+
0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch | 510 ++++++++++
PKGBUILD | 42
2 files changed, 552 insertions(+)
Copied: sslsplit/repos/community-staging-x86_64/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch (from rev 218241, sslsplit/trunk/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch)
===================================================================
--- community-staging-x86_64/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch (rev 0)
+++ community-staging-x86_64/0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch 2017-03-21 23:24:11 UTC (rev 218242)
@@ -0,0 +1,510 @@
+From: Hilko Bengen <bengen at debian.org>
+Date: Tue, 8 Nov 2016 00:30:42 +0100
+Subject: Add fixes for OpenSSL 1.1 while retaining 1.0 compatibility
+
+---
+ cachedsess.t.c | 4 ++
+ cachefkcrt.t.c | 4 ++
+ cachemgr.h | 21 ++++++----
+ cachessess.t.c | 24 ++++++++++--
+ extra/pki/GNUmakefile | 4 +-
+ ssl.c | 105 +++++++++++++++++++++++++++++++++++---------------
+ ssl.t.c | 11 ++++--
+ 7 files changed, 125 insertions(+), 48 deletions(-)
+
+diff --git a/cachedsess.t.c b/cachedsess.t.c
+index 7daa472..49fb9e0 100644
+--- a/cachedsess.t.c
++++ b/cachedsess.t.c
+@@ -120,6 +120,7 @@ START_TEST(cache_dsess_03)
+ }
+ END_TEST
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ START_TEST(cache_dsess_04)
+ {
+ SSL_SESSION *s1, *s2;
+@@ -145,6 +146,7 @@ START_TEST(cache_dsess_04)
+ SSL_SESSION_free(s2);
+ }
+ END_TEST
++#endif
+
+ Suite *
+ cachedsess_suite(void)
+@@ -159,7 +161,9 @@ cachedsess_suite(void)
+ tcase_add_test(tc, cache_dsess_01);
+ tcase_add_test(tc, cache_dsess_02);
+ tcase_add_test(tc, cache_dsess_03);
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ tcase_add_test(tc, cache_dsess_04);
++#endif
+ suite_add_tcase(s, tc);
+
+ return s;
+diff --git a/cachefkcrt.t.c b/cachefkcrt.t.c
+index db5e365..d79fb77 100644
+--- a/cachefkcrt.t.c
++++ b/cachefkcrt.t.c
+@@ -89,6 +89,7 @@ START_TEST(cache_fkcrt_03)
+ }
+ END_TEST
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ START_TEST(cache_fkcrt_04)
+ {
+ X509 *c1, *c2;
+@@ -116,6 +117,7 @@ START_TEST(cache_fkcrt_04)
+ fail_unless(cachemgr_preinit() != -1, "reinit");
+ }
+ END_TEST
++#endif
+
+ Suite *
+ cachefkcrt_suite(void)
+@@ -130,7 +132,9 @@ cachefkcrt_suite(void)
+ tcase_add_test(tc, cache_fkcrt_01);
+ tcase_add_test(tc, cache_fkcrt_02);
+ tcase_add_test(tc, cache_fkcrt_03);
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ tcase_add_test(tc, cache_fkcrt_04);
++#endif
+ suite_add_tcase(s, tc);
+
+ return s;
+diff --git a/cachemgr.h b/cachemgr.h
+index 8ec7306..2a0fb0e 100644
+--- a/cachemgr.h
++++ b/cachemgr.h
+@@ -61,15 +61,20 @@ void cachemgr_gc(void);
+ #define cachemgr_ssess_get(key, keysz) \
+ cache_get(cachemgr_ssess, cachessess_mkkey((key), (keysz)))
+ #define cachemgr_ssess_set(val) \
+- cache_set(cachemgr_ssess, \
+- cachessess_mkkey((val)->session_id, \
+- (val)->session_id_length), \
+- cachessess_mkval(val))
++ { \
++ unsigned int len; \
++ const unsigned char* id = SSL_SESSION_get_id(val, &len); \
++ cache_set(cachemgr_ssess, \
++ cachessess_mkkey(id, len), \
++ cachessess_mkval(val)); \
++ }
+ #define cachemgr_ssess_del(val) \
+- cache_del(cachemgr_ssess, \
+- cachessess_mkkey((val)->session_id, \
+- (val)->session_id_length))
+-
++ { \
++ unsigned int len; \
++ const unsigned char* id = SSL_SESSION_get_id(val, &len); \
++ cache_del(cachemgr_ssess, \
++ cachessess_mkkey(id, len)); \
++ }
+ #define cachemgr_dsess_get(addr, addrlen, sni) \
+ cache_get(cachemgr_dsess, cachedsess_mkkey((addr), (addrlen), (sni)))
+ #define cachemgr_dsess_set(addr, addrlen, sni, val) \
+diff --git a/cachessess.t.c b/cachessess.t.c
+index 8da5287..b23b661 100644
+--- a/cachessess.t.c
++++ b/cachessess.t.c
+@@ -68,13 +68,16 @@ cachemgr_teardown(void)
+ START_TEST(cache_ssess_01)
+ {
+ SSL_SESSION *s1, *s2;
++ char* session_id;
++ unsigned int len;
+
+ s1 = ssl_session_from_file(TMP_SESS_FILE);
+ fail_unless(!!s1, "creating session failed");
+ fail_unless(ssl_session_is_valid(s1), "session invalid");
+
+ cachemgr_ssess_set(s1);
+- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length);
++ session_id = SSL_SESSION_get_id(s1, &len);
++ s2 = cachemgr_ssess_get(session_id, len);
+ fail_unless(!!s2, "cache returned no session");
+ fail_unless(s2 != s1, "cache returned same pointer");
+ SSL_SESSION_free(s1);
+@@ -85,12 +88,15 @@ END_TEST
+ START_TEST(cache_ssess_02)
+ {
+ SSL_SESSION *s1, *s2;
++ char* session_id;
++ unsigned int len;
+
+ s1 = ssl_session_from_file(TMP_SESS_FILE);
+ fail_unless(!!s1, "creating session failed");
+ fail_unless(ssl_session_is_valid(s1), "session invalid");
+
+- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length);
++ session_id = SSL_SESSION_get_id(s1, &len);
++ s2 = cachemgr_ssess_get(session_id, len);
+ fail_unless(s2 == NULL, "session was already in empty cache");
+ SSL_SESSION_free(s1);
+ }
+@@ -99,6 +105,8 @@ END_TEST
+ START_TEST(cache_ssess_03)
+ {
+ SSL_SESSION *s1, *s2;
++ char* session_id;
++ unsigned int len;
+
+ s1 = ssl_session_from_file(TMP_SESS_FILE);
+ fail_unless(!!s1, "creating session failed");
+@@ -106,15 +114,19 @@ START_TEST(cache_ssess_03)
+
+ cachemgr_ssess_set(s1);
+ cachemgr_ssess_del(s1);
+- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length);
++ session_id = SSL_SESSION_get_id(s1, &len);
++ s2 = cachemgr_ssess_get(session_id, len);
+ fail_unless(s2 == NULL, "cache returned deleted session");
+ SSL_SESSION_free(s1);
+ }
+ END_TEST
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ START_TEST(cache_ssess_04)
+ {
+ SSL_SESSION *s1, *s2;
++ char* session_id;
++ unsigned int len;
+
+ s1 = ssl_session_from_file(TMP_SESS_FILE);
+ fail_unless(!!s1, "creating session failed");
+@@ -123,7 +135,8 @@ START_TEST(cache_ssess_04)
+ fail_unless(s1->references == 1, "refcount != 1");
+ cachemgr_ssess_set(s1);
+ fail_unless(s1->references == 1, "refcount != 1");
+- s2 = cachemgr_ssess_get(s1->session_id, s1->session_id_length);
++ session_id = SSL_SESSION_get_id(s1, &len);
++ s2 = cachemgr_ssess_get(session_id, len);
+ fail_unless(s1->references == 1, "refcount != 1");
+ fail_unless(!!s2, "cache returned no session");
+ fail_unless(s2->references == 1, "refcount != 1");
+@@ -137,6 +150,7 @@ START_TEST(cache_ssess_04)
+ SSL_SESSION_free(s2);
+ }
+ END_TEST
++#endif
+
+ Suite *
+ cachessess_suite(void)
+@@ -151,7 +165,9 @@ cachessess_suite(void)
+ tcase_add_test(tc, cache_ssess_01);
+ tcase_add_test(tc, cache_ssess_02);
+ tcase_add_test(tc, cache_ssess_03);
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ tcase_add_test(tc, cache_ssess_04);
++#endif
+ suite_add_tcase(s, tc);
+
+ return s;
+diff --git a/extra/pki/GNUmakefile b/extra/pki/GNUmakefile
+index bd7b8d6..d0300fe 100644
+--- a/extra/pki/GNUmakefile
++++ b/extra/pki/GNUmakefile
+@@ -63,7 +63,7 @@ ec.key:
+ $(OPENSSL) req -new -nodes -x509 $(DIGEST) -out $@ -key $< \
+ -config $(CONFIG) -extensions $(CA_EXT) \
+ -subj $(CA_SUBJECT) \
+- -set_serial 0 -days $(CA_DAYS)
++ -set_serial 1 -days $(CA_DAYS)
+
+ server.key:
+ $(OPENSSL) genrsa -out $@ 2048
+@@ -112,7 +112,7 @@ targets/wildcard.roe.ch.pem: rsa.crt
+
+ # localhost network connectivity is required
+ session.pem:
+- openssl s_server -accept 46143 -cert server.pem -quiet -no_ssl2 & \
++ openssl s_server -accept 46143 -cert server.pem -quiet & \
+ pid=$$! ; \
+ sleep 1 ; \
+ echo q | $(OPENSSL) s_client -connect localhost:46143 \
+diff --git a/ssl.c b/ssl.c
+index ca19263..417d57d 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -88,6 +88,39 @@ ssl_ssl_cert_get(SSL *s)
+ }
+ #endif /* OpenSSL 0.9.8y, 1.0.0k or 1.0.1e */
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define SSL_is_server(ssl) (ssl->type != SSL_ST_CONNECT)
++#define X509_get_signature_nid(x509) (OBJ_obj2nid(x509->sig_alg->algorithm))
++static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ /* If the fields p and g in d are NULL, the corresponding input
++ * parameters MUST be non-NULL. q may remain NULL.
++ */
++ if ((dh->p == NULL && p == NULL)
++ || (dh->g == NULL && g == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(dh->p);
++ dh->p = p;
++ }
++ if (q != NULL) {
++ BN_free(dh->q);
++ dh->q = q;
++ }
++ if (g != NULL) {
++ BN_free(dh->g);
++ dh->g = g;
++ }
++
++ if (q != NULL) {
++ dh->length = BN_num_bits(q);
++ }
++
++ return 1;
++}
++#endif
++
+
+ /*
+ * Print OpenSSL version and build-time configuration to standard error and
+@@ -226,7 +259,7 @@ ssl_openssl_version(void)
+ */
+ static int ssl_initialized = 0;
+
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ struct CRYPTO_dynlock_value {
+ pthread_mutex_t mutex;
+ };
+@@ -331,7 +364,7 @@ ssl_init(void)
+ OpenSSL_add_all_algorithms();
+
+ /* thread-safety */
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ ssl_mutex_num = CRYPTO_num_locks();
+ ssl_mutex = malloc(ssl_mutex_num * sizeof(*ssl_mutex));
+ for (int i = 0; i < ssl_mutex_num; i++) {
+@@ -397,7 +430,7 @@ ssl_reinit(void)
+ if (!ssl_initialized)
+ return;
+
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ for (int i = 0; i < ssl_mutex_num; i++) {
+ pthread_mutex_init(&ssl_mutex[i], NULL);
+ }
+@@ -416,7 +449,7 @@ ssl_fini(void)
+
+ ERR_remove_state(0); /* current thread */
+
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ CRYPTO_set_locking_callback(NULL);
+ CRYPTO_set_dynlock_create_callback(NULL);
+ CRYPTO_set_dynlock_lock_callback(NULL);
+@@ -476,16 +509,14 @@ ssl_ssl_state_to_str(SSL *ssl)
+ char *str = NULL;
+ int rv;
+
+- rv = asprintf(&str, "%08x = %s%s%s%04x = %s (%s) [%s]",
+- ssl->state,
+- (ssl->state & SSL_ST_CONNECT) ? "SSL_ST_CONNECT|" : "",
+- (ssl->state & SSL_ST_ACCEPT) ? "SSL_ST_ACCEPT|" : "",
+- (ssl->state & SSL_ST_BEFORE) ? "SSL_ST_BEFORE|" : "",
+- ssl->state & SSL_ST_MASK,
++ rv = asprintf(&str, "%08x = %s%s%04x = %s (%s) [%s]",
++ SSL_get_state(ssl),
++ (SSL_get_state(ssl) & SSL_ST_CONNECT) ? "SSL_ST_CONNECT|" : "",
++ (SSL_get_state(ssl) & SSL_ST_ACCEPT) ? "SSL_ST_ACCEPT|" : "",
++ SSL_get_state(ssl) & SSL_ST_MASK,
+ SSL_state_string(ssl),
+ SSL_state_string_long(ssl),
+- (ssl->type == SSL_ST_CONNECT) ? "connect socket"
+- : "accept socket");
++ SSL_is_server(ssl) ? "accept socket" : "connect socket");
+
+ return (rv < 0) ? NULL : str;
+ }
+@@ -587,6 +618,7 @@ DH *
+ ssl_tmp_dh_callback(UNUSED SSL *s, int is_export, int keylength)
+ {
+ DH *dh;
++ int success = 0;
+
+ if (!(dh = DH_new())) {
+ log_err_printf("DH_new() failed\n");
+@@ -594,16 +626,20 @@ ssl_tmp_dh_callback(UNUSED SSL *s, int is_export, int keylength)
+ }
+ switch (keylength) {
+ case 512:
+- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
++ success = DH_set0_pqg(dh, BN_bin2bn(dh512_p, sizeof(dh512_p), NULL), NULL,
++ BN_bin2bn(dh_g, sizeof(dh_g), NULL));
+ break;
+ case 1024:
+- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
++ success = DH_set0_pqg(dh, BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL), NULL,
++ BN_bin2bn(dh_g, sizeof(dh_g), NULL));
+ break;
+ case 2048:
+- dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
++ success = DH_set0_pqg(dh, BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL), NULL,
++ BN_bin2bn(dh_g, sizeof(dh_g), NULL));
+ break;
+ case 4096:
+- dh->p = BN_bin2bn(dh4096_p, sizeof(dh4096_p), NULL);
++ success = DH_set0_pqg(dh, BN_bin2bn(dh4096_p, sizeof(dh4096_p), NULL), NULL,
++ BN_bin2bn(dh_g, sizeof(dh_g), NULL));
+ break;
+ default:
+ log_err_printf("Unhandled DH keylength %i%s\n",
+@@ -612,8 +648,7 @@ ssl_tmp_dh_callback(UNUSED SSL *s, int is_export, int keylength)
+ DH_free(dh);
+ return NULL;
+ }
+- dh->g = BN_bin2bn(dh_g, sizeof(dh_g), NULL);
+- if (!dh->p || !dh->g) {
++ if (!success) {
+ log_err_printf("Failed to load DH p and g from memory\n");
+ DH_free(dh);
+ return NULL;
+@@ -841,7 +876,7 @@ ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt,
+ if (!gn)
+ goto errout2;
+ gn->type = GEN_DNS;
+- gn->d.dNSName = M_ASN1_IA5STRING_new();
++ gn->d.dNSName = ASN1_IA5STRING_new();
+ if (!gn->d.dNSName)
+ goto errout3;
+ ASN1_STRING_set(gn->d.dNSName,
+@@ -865,10 +900,10 @@ ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt,
+ #endif /* DEBUG_CERTIFICATE */
+
+ const EVP_MD *md;
+- switch (EVP_PKEY_type(cakey->type)) {
++ switch (EVP_PKEY_type(EVP_PKEY_base_id(cakey))) {
+ #ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+- switch (OBJ_obj2nid(origcrt->sig_alg->algorithm)) {
++ switch (X509_get_signature_nid(origcrt)) {
+ case NID_md5WithRSAEncryption:
+ md = EVP_md5();
+ break;
+@@ -897,12 +932,20 @@ ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt,
+ #endif /* !OPENSSL_NO_RSA */
+ #ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ md = EVP_dss1();
++#else
++ md = EVP_sha1();
++#endif
+ break;
+ #endif /* !OPENSSL_NO_DSA */
+ #ifndef OPENSSL_NO_ECDSA
+ case EVP_PKEY_EC:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ md = EVP_ecdsa();
++#else
++ md = EVP_sha1();
++#endif
+ break;
+ #endif /* !OPENSSL_NO_ECDSA */
+ default:
+@@ -1015,7 +1058,6 @@ ssl_x509chain_use(SSL_CTX *sslctx, X509 *crt, STACK_OF(X509) *chain)
+
+ tmpcrt = sk_X509_value(chain, i);
+ ssl_x509_refcount_inc(tmpcrt);
+- sk_X509_push(sslctx->extra_certs, tmpcrt);
+ SSL_CTX_add_extra_chain_cert(sslctx, tmpcrt);
+ }
+ }
+@@ -1117,14 +1159,15 @@ int
+ ssl_key_identifier_sha1(EVP_PKEY *key, unsigned char *keyid)
+ {
+ X509_PUBKEY *pubkey = NULL;
+- ASN1_BIT_STRING *pk;
++ const unsigned char *pk;
++ int length;
+
+ /* X509_PUBKEY_set() will attempt to free pubkey if != NULL */
+ if (X509_PUBKEY_set(&pubkey, key) != 1 || !pubkey)
+ return -1;
+- if (!(pk = pubkey->public_key))
++ if (!X509_PUBKEY_get0_param(NULL, &pk, &length, NULL, pubkey))
+ goto errout;
+- if (!EVP_Digest(pk->data, pk->length, keyid, NULL, EVP_sha1(), NULL))
++ if (!EVP_Digest(pk, length, keyid, NULL, EVP_sha1(), NULL))
+ goto errout;
+ X509_PUBKEY_free(pubkey);
+ return 0;
+@@ -1221,10 +1264,10 @@ ssl_x509_fingerprint(X509 *crt, int colons)
+ void
+ ssl_dh_refcount_inc(DH *dh)
+ {
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ CRYPTO_add(&dh->references, 1, CRYPTO_LOCK_DH);
+ #else /* !OPENSSL_THREADS */
+- dh->references++;
++ DH_up_ref(dh);
+ #endif /* !OPENSSL_THREADS */
+ }
+ #endif /* !OPENSSL_NO_DH */
+@@ -1236,10 +1279,10 @@ ssl_dh_refcount_inc(DH *dh)
+ void
+ ssl_key_refcount_inc(EVP_PKEY *key)
+ {
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ #else /* !OPENSSL_THREADS */
+- key->references++;
++ EVP_PKEY_up_ref(key);
+ #endif /* !OPENSSL_THREADS */
+ }
+
+@@ -1251,10 +1294,10 @@ ssl_key_refcount_inc(EVP_PKEY *key)
+ void
+ ssl_x509_refcount_inc(X509 *crt)
+ {
+-#ifdef OPENSSL_THREADS
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+ CRYPTO_add(&crt->references, 1, CRYPTO_LOCK_X509);
+ #else /* !OPENSSL_THREADS */
+- crt->references++;
++ X509_up_ref(crt);
+ #endif /* !OPENSSL_THREADS */
+ }
+
+diff --git a/ssl.t.c b/ssl.t.c
+index 997794f..9705976 100644
+--- a/ssl.t.c
++++ b/ssl.t.c
+@@ -498,6 +498,10 @@ START_TEST(ssl_tls_clienthello_parse_10)
+ }
+ END_TEST
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define ASN1_STRING_get0_data(value) ASN1_STRING_data(value)
++#endif
++
+ START_TEST(ssl_key_identifier_sha1_01)
+ {
+ X509 *c;
+@@ -515,9 +519,10 @@ START_TEST(ssl_key_identifier_sha1_01)
+ int loc = X509_get_ext_by_NID(c, NID_subject_key_identifier, -1);
+ X509_EXTENSION *ext = X509_get_ext(c, loc);
+ fail_unless(!!ext, "loading ext failed");
+- fail_unless(ext->value->length - 2 == SSL_KEY_IDSZ,
+- "extension length mismatch");
+- fail_unless(!memcmp(ext->value->data + 2, keyid, SSL_KEY_IDSZ),
++ ASN1_STRING *value = X509_EXTENSION_get_data(ext);
++ fail_unless(ASN1_STRING_length(value) - 2 == SSL_KEY_IDSZ,
++ "extension length mismatch");
++ fail_unless(!memcmp(ASN1_STRING_get0_data(value) + 2, keyid, SSL_KEY_IDSZ),
+ "key id mismatch");
+ }
+ END_TEST
Copied: sslsplit/repos/community-staging-x86_64/PKGBUILD (from rev 218241, sslsplit/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2017-03-21 23:24:11 UTC (rev 218242)
@@ -0,0 +1,42 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+
+pkgname=sslsplit
+pkgver=0.5.0
+pkgrel=2
+pkgdesc="Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections"
+url="https://www.roe.ch/SSLsplit"
+arch=('i686' 'x86_64')
+license=('BSD')
+depends=('libevent' 'openssl')
+checkdepends=('check')
+source=(https://mirror.roe.ch/rel/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.asc}
+ 0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch)
+sha512sums=('d8d4f294018a7a28b6e5cdec4690c5078118e1fc9c8b78d626290cdb5f2c8d2ecdbbee776a50666a99c522e9e22a15e85b5a602c412e242ec4cce64327555862'
+ 'SKIP'
+ 'b3fbde26b992c40adb15d218ce067ecc53707ed9746b3a7e166d0333543283368a0c439903d36dedfb6fd9d33599abbf0554b731a68bd2524824319e1970de56')
+validpgpkeys=('BFF9C7D7EA0EAC7F1AA55B3EFABE3324B5D3397E') # Daniel Roethlisberger <daniel at roe.ch>
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ patch -Np1 -i ../0003-Add-fixes-for-OpenSSL-1.1-while-retaining-1.0-compat.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ make -j1 test
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make PREFIX="${pkgdir}/usr" install
+ install -Dm 644 LICENSE.md "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+ install -Dm 644 README.md "${pkgdir}/usr/share/doc/${pkgname}/README.md"
+ install -Dm 644 NEWS.md "${pkgdir}/usr/share/doc/${pkgname}/NEWS.md"
+}
+
+# vim: ts=2 sw=2 et:
More information about the arch-commits
mailing list