[arch-commits] Commit in pgbouncer/repos/extra-x86_64 (13 files)
Levente Polyak
anthraxx at archlinux.org
Wed Jan 24 01:14:58 UTC 2018
Date: Wednesday, January 24, 2018 @ 01:14:54
Author: anthraxx
Revision: 315348
archrelease: copy trunk to extra-x86_64
Added:
pgbouncer/repos/extra-x86_64/PKGBUILD
(from rev 315347, pgbouncer/trunk/PKGBUILD)
pgbouncer/repos/extra-x86_64/pgbouncer.ini
(from rev 315347, pgbouncer/trunk/pgbouncer.ini)
pgbouncer/repos/extra-x86_64/pgbouncer.install
(from rev 315347, pgbouncer/trunk/pgbouncer.install)
pgbouncer/repos/extra-x86_64/pgbouncer.logrotate
(from rev 315347, pgbouncer/trunk/pgbouncer.logrotate)
pgbouncer/repos/extra-x86_64/pgbouncer.service
(from rev 315347, pgbouncer/trunk/pgbouncer.service)
pgbouncer/repos/extra-x86_64/pgbouncer.tmpfiles.conf
(from rev 315347, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
Deleted:
pgbouncer/repos/extra-x86_64/PKGBUILD
pgbouncer/repos/extra-x86_64/pgbouncer.ini
pgbouncer/repos/extra-x86_64/pgbouncer.install
pgbouncer/repos/extra-x86_64/pgbouncer.logrotate
pgbouncer/repos/extra-x86_64/pgbouncer.service
pgbouncer/repos/extra-x86_64/pgbouncer.tmpfiles.conf
pgbouncer/repos/extra-x86_64/usual-openssl.patch
-------------------------+
PKGBUILD | 103 ++++++++++---------
pgbouncer.ini | 104 +++++++++----------
pgbouncer.install | 50 ++++-----
pgbouncer.logrotate | 16 +--
pgbouncer.service | 22 ++--
pgbouncer.tmpfiles.conf | 2
usual-openssl.patch | 242 ----------------------------------------------
7 files changed, 151 insertions(+), 388 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2018-01-24 01:14:35 UTC (rev 315347)
+++ PKGBUILD 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1,49 +0,0 @@
-# Maintainer: Dan McGee <dan at archlinux.org>
-
-pkgname=pgbouncer
-pkgver=1.7.2
-pkgrel=3
-pkgdesc="A lightweight connection pooler for PostgreSQL"
-arch=('i686' 'x86_64')
-url="https://wiki.postgresql.org/wiki/PgBouncer"
-license=('BSD')
-depends=('libevent>=2.0' 'c-ares' 'systemd')
-makedepends=('asciidoc' 'xmlto')
-backup=('etc/pgbouncer/pgbouncer.ini' 'etc/logrotate.d/pgbouncer')
-install=$pkgname.install
-source=("https://pgbouncer.github.io/downloads/files/$pkgver/$pkgname-$pkgver.tar.gz"
- pgbouncer.ini
- pgbouncer.logrotate
- pgbouncer.service
- pgbouncer.tmpfiles.conf
- usual-openssl.patch)
-sha256sums=('de36b318fe4a2f20a5f60d1c5ea62c1ca331f6813d2c484866ecb59265a160ba'
- '4f30e4a3eb76acdd233ebc7dd099dff6976299ba958e40a8429b74112e804b05'
- '8da38746d9c9dfc2433a8cfe22fdaf517e14492672d09e3c48cd4745fc03e9bd'
- '274a3d447c151323f2d297aae881ec69be1477f16e30b0bba469afe68c2d122a'
- '476ea0400ba063e932a58f1f49ae401d65b22add521894872c09ec6985e0960d'
- '46d2d1c421ccd9893af4f6fde28d796b7910d2385efd3e27cca118d8e484ca7b')
-
-prepare() {
- cd "$srcdir/$pkgname-$pkgver/lib"
- patch -Np1 -i ../../usual-openssl.patch
-}
-
-build() {
- cd "$srcdir/$pkgname-$pkgver"
- ./configure --prefix=/usr --disable-debug
- make
-}
-
-package() {
- cd "$srcdir/$pkgname-$pkgver"
- make DESTDIR="$pkgdir/" install
- install -D -m644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
- install -D -m644 ../pgbouncer.ini "$pkgdir/etc/pgbouncer/pgbouncer.ini"
- install -D -m644 ../pgbouncer.logrotate "$pkgdir/etc/logrotate.d/pgbouncer"
- install -D -m644 ../pgbouncer.service "$pkgdir/usr/lib/systemd/system/pgbouncer.service"
- install -D -m644 ../pgbouncer.tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/pgbouncer.conf"
- mkdir -p "$pkgdir/var/log/pgbouncer"
-}
-
-# vim:set ts=2 sw=2 et:
Copied: pgbouncer/repos/extra-x86_64/PKGBUILD (from rev 315347, pgbouncer/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2018-01-24 01:14:54 UTC (rev 315348)
@@ -0,0 +1,54 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Dan McGee <dan at archlinux.org>
+
+pkgname=pgbouncer
+pkgver=1.8.1
+pkgrel=1
+pkgdesc='Lightweight connection pooler for PostgreSQL'
+url='https://pgbouncer.github.io/'
+arch=('x86_64')
+license=('BSD')
+depends=('libevent>=2.0' 'c-ares' 'systemd' 'pam')
+makedepends=('asciidoc' 'xmlto')
+checkdepends=('postgresql-libs')
+backup=('etc/pgbouncer/pgbouncer.ini'
+ 'etc/logrotate.d/pgbouncer')
+install=${pkgname}.install
+source=(https://pgbouncer.github.io/downloads/files/${pkgver}/pgbouncer-${pkgver}.tar.gz
+ pgbouncer.ini
+ pgbouncer.logrotate
+ pgbouncer.service
+ pgbouncer.tmpfiles.conf)
+sha256sums=('fa8bde2a2d2c8c80d53a859f8e48bc6713cf127e31c77d8f787bbc1d673e8dc8'
+ '4f30e4a3eb76acdd233ebc7dd099dff6976299ba958e40a8429b74112e804b05'
+ '8da38746d9c9dfc2433a8cfe22fdaf517e14492672d09e3c48cd4745fc03e9bd'
+ '274a3d447c151323f2d297aae881ec69be1477f16e30b0bba469afe68c2d122a'
+ '476ea0400ba063e932a58f1f49ae401d65b22add521894872c09ec6985e0960d')
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure \
+ --prefix=/usr \
+ --disable-debug \
+ --with-pam
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ make -C test run_test
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -Dm 644 NEWS.rst -t "${pkgdir}/usr/share/doc/${pkgname}"
+ install -Dm 644 COPYRIGHT -t "${pkgdir}/usr/share/licenses/${pkgname}"
+ install -Dm 644 ../pgbouncer.ini "${pkgdir}/etc/pgbouncer/pgbouncer.ini"
+ install -Dm 644 ../pgbouncer.logrotate "${pkgdir}/etc/logrotate.d/pgbouncer"
+ install -Dm 644 ../pgbouncer.service "${pkgdir}/usr/lib/systemd/system/pgbouncer.service"
+ install -Dm 644 ../pgbouncer.tmpfiles.conf "${pkgdir}/usr/lib/tmpfiles.d/pgbouncer.conf"
+ install -d "${pkgdir}/var/log/pgbouncer"
+}
+
+# vim: ts=2 sw=2 et:
Deleted: pgbouncer.ini
===================================================================
--- pgbouncer.ini 2018-01-24 01:14:35 UTC (rev 315347)
+++ pgbouncer.ini 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1,52 +0,0 @@
-[pgbouncer]
-logfile = /var/log/pgbouncer/pgbouncer.log
-pidfile = /run/pgbouncer/pgbouncer.pid
-
-;; ip address or * which means all ip-s
-;listen_addr = 127.0.0.1
-;listen_port = 6432
-
-unix_socket_dir = /run/postgresql
-unix_socket_mode = 0777
-
-; any, trust, plain, crypt, md5
-auth_type = trust
-auth_file = /etc/pgbouncer/userlist.txt
-
-; comma-separated list of users, who are allowed to change settings
-admin_users = postgres
-
-; comma-separated list of users who are just allowed to use SHOW command
-stats_users = stats, postgres
-
-; total number of clients that can connect
-max_client_conn = 100
-
-; default pool size. 20 is good number when transaction pooling
-; is in use, in session pooling it needs to be the number of
-; max clients you want to handle at any moment
-default_pool_size = 20
-
-
-;; database name = connect string
-;;
-;; connect string params:
-;; dbname= host= port= user= password=
-;; client_encoding= datestyle= timezone=
-;; pool_size= connect_query=
-[databases]
-
-; foodb over unix socket
-;foodb =
-
-; redirect bardb to bazdb on localhost
-;bardb = host=localhost dbname=bazdb
-
-; acceess to dest database will go with single user
-;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
-
-; use custom pool sizes
-;nondefaultdb = pool_size=50 reserve_pool=10
-
-; fallback connect string
-;* = host=testserver
Copied: pgbouncer/repos/extra-x86_64/pgbouncer.ini (from rev 315347, pgbouncer/trunk/pgbouncer.ini)
===================================================================
--- pgbouncer.ini (rev 0)
+++ pgbouncer.ini 2018-01-24 01:14:54 UTC (rev 315348)
@@ -0,0 +1,52 @@
+[pgbouncer]
+logfile = /var/log/pgbouncer/pgbouncer.log
+pidfile = /run/pgbouncer/pgbouncer.pid
+
+;; ip address or * which means all ip-s
+;listen_addr = 127.0.0.1
+;listen_port = 6432
+
+unix_socket_dir = /run/postgresql
+unix_socket_mode = 0777
+
+; any, trust, plain, crypt, md5
+auth_type = trust
+auth_file = /etc/pgbouncer/userlist.txt
+
+; comma-separated list of users, who are allowed to change settings
+admin_users = postgres
+
+; comma-separated list of users who are just allowed to use SHOW command
+stats_users = stats, postgres
+
+; total number of clients that can connect
+max_client_conn = 100
+
+; default pool size. 20 is good number when transaction pooling
+; is in use, in session pooling it needs to be the number of
+; max clients you want to handle at any moment
+default_pool_size = 20
+
+
+;; database name = connect string
+;;
+;; connect string params:
+;; dbname= host= port= user= password=
+;; client_encoding= datestyle= timezone=
+;; pool_size= connect_query=
+[databases]
+
+; foodb over unix socket
+;foodb =
+
+; redirect bardb to bazdb on localhost
+;bardb = host=localhost dbname=bazdb
+
+; acceess to dest database will go with single user
+;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
+
+; use custom pool sizes
+;nondefaultdb = pool_size=50 reserve_pool=10
+
+; fallback connect string
+;* = host=testserver
Deleted: pgbouncer.install
===================================================================
--- pgbouncer.install 2018-01-24 01:14:35 UTC (rev 315347)
+++ pgbouncer.install 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1,25 +0,0 @@
-post_install() {
- if [ ! -d '/var/lib/postgres' ]; then
- mkdir -p '/var/lib/postgres'
- fi
- if ! getent group postgres >/dev/null; then
- groupadd -g 88 postgres
- fi
- if ! getent passwd postgres >/dev/null; then
- useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
- passwd -l postgres >/dev/null
- fi
- if ! getent group pgbouncer >/dev/null; then
- groupadd -r pgbouncer
- fi
- if ! getent passwd pgbouncer >/dev/null; then
- useradd -c 'PGBouncer user' -r -g pgbouncer -d '/etc/pgbouncer' -s /bin/bash pgbouncer
- passwd -l pgbouncer >/dev/null
- fi
- chown pgbouncer:pgbouncer /var/log/pgbouncer
- gpasswd -a pgbouncer postgres
-}
-
-post_upgrade() {
- post_install $1
-}
Copied: pgbouncer/repos/extra-x86_64/pgbouncer.install (from rev 315347, pgbouncer/trunk/pgbouncer.install)
===================================================================
--- pgbouncer.install (rev 0)
+++ pgbouncer.install 2018-01-24 01:14:54 UTC (rev 315348)
@@ -0,0 +1,25 @@
+post_install() {
+ if [ ! -d '/var/lib/postgres' ]; then
+ mkdir -p '/var/lib/postgres'
+ fi
+ if ! getent group postgres >/dev/null; then
+ groupadd -g 88 postgres
+ fi
+ if ! getent passwd postgres >/dev/null; then
+ useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
+ passwd -l postgres >/dev/null
+ fi
+ if ! getent group pgbouncer >/dev/null; then
+ groupadd -r pgbouncer
+ fi
+ if ! getent passwd pgbouncer >/dev/null; then
+ useradd -c 'PGBouncer user' -r -g pgbouncer -d '/etc/pgbouncer' -s /bin/bash pgbouncer
+ passwd -l pgbouncer >/dev/null
+ fi
+ chown pgbouncer:pgbouncer /var/log/pgbouncer
+ gpasswd -a pgbouncer postgres
+}
+
+post_upgrade() {
+ post_install $1
+}
Deleted: pgbouncer.logrotate
===================================================================
--- pgbouncer.logrotate 2018-01-24 01:14:35 UTC (rev 315347)
+++ pgbouncer.logrotate 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1,8 +0,0 @@
-/var/log/pgbouncer/pgbouncer.log {
- copytruncate
- missingok
- notifempty
- postrotate
- /bin/kill -HUP $(cat /run/pgbouncer/pgbouncer.pid 2>/dev/null) 2> /dev/null || true
- endscript
-}
Copied: pgbouncer/repos/extra-x86_64/pgbouncer.logrotate (from rev 315347, pgbouncer/trunk/pgbouncer.logrotate)
===================================================================
--- pgbouncer.logrotate (rev 0)
+++ pgbouncer.logrotate 2018-01-24 01:14:54 UTC (rev 315348)
@@ -0,0 +1,8 @@
+/var/log/pgbouncer/pgbouncer.log {
+ copytruncate
+ missingok
+ notifempty
+ postrotate
+ /bin/kill -HUP $(cat /run/pgbouncer/pgbouncer.pid 2>/dev/null) 2> /dev/null || true
+ endscript
+}
Deleted: pgbouncer.service
===================================================================
--- pgbouncer.service 2018-01-24 01:14:35 UTC (rev 315347)
+++ pgbouncer.service 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1,11 +0,0 @@
-[Unit]
-Description=A lightweight connection pooler for PostgreSQL
-After=network.target
-
-[Service]
-User=pgbouncer
-ExecStart=/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
Copied: pgbouncer/repos/extra-x86_64/pgbouncer.service (from rev 315347, pgbouncer/trunk/pgbouncer.service)
===================================================================
--- pgbouncer.service (rev 0)
+++ pgbouncer.service 2018-01-24 01:14:54 UTC (rev 315348)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A lightweight connection pooler for PostgreSQL
+After=network.target
+
+[Service]
+User=pgbouncer
+ExecStart=/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
Deleted: pgbouncer.tmpfiles.conf
===================================================================
--- pgbouncer.tmpfiles.conf 2018-01-24 01:14:35 UTC (rev 315347)
+++ pgbouncer.tmpfiles.conf 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1 +0,0 @@
-d /run/pgbouncer 0755 pgbouncer pgbouncer -
Copied: pgbouncer/repos/extra-x86_64/pgbouncer.tmpfiles.conf (from rev 315347, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
===================================================================
--- pgbouncer.tmpfiles.conf (rev 0)
+++ pgbouncer.tmpfiles.conf 2018-01-24 01:14:54 UTC (rev 315348)
@@ -0,0 +1 @@
+d /run/pgbouncer 0755 pgbouncer pgbouncer -
Deleted: usual-openssl.patch
===================================================================
--- usual-openssl.patch 2018-01-24 01:14:35 UTC (rev 315347)
+++ usual-openssl.patch 2018-01-24 01:14:54 UTC (rev 315348)
@@ -1,242 +0,0 @@
-From 0e56f729d74e4af6c19fe60f6e2b47f5e717dcac Mon Sep 17 00:00:00 2001
-From: Marko Kreen <markokr at gmail.com>
-Date: Tue, 6 Dec 2016 20:05:17 +0200
-Subject: [PATCH] tls: additional openssl 1.1 compat
-
-Fixes: #15
----
- test/connect-tls.c | 2 +-
- usual/tls/tls.c | 2 ++
- usual/tls/tls_cert.c | 12 ++++++------
- usual/tls/tls_compat.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
- usual/tls/tls_ocsp.c | 28 +++++++++++++++++-----------
- usual/tls/tls_util.c | 2 +-
- usual/tls/tls_verify.c | 8 ++++----
- 7 files changed, 76 insertions(+), 23 deletions(-)
-
-diff --git a/usual/tls/tls.c b/usual/tls/tls.c
-index 3377cb4..1843e44 100644
---- a/usual/tls/tls.c
-+++ b/usual/tls/tls.c
-@@ -67,7 +67,9 @@ tls_deinit(void)
- CRYPTO_cleanup_all_ex_data();
- BIO_sock_cleanup();
- ERR_clear_error();
-+#ifdef USE_LIBSSL_INTERNALS
- ERR_remove_thread_state(NULL);
-+#endif
- ERR_free_strings();
-
- tls_initialised = 0;
-diff --git a/usual/tls/tls_cert.c b/usual/tls/tls_cert.c
-index ca6668a..9a81e2f 100644
---- a/usual/tls/tls_cert.c
-+++ b/usual/tls/tls_cert.c
-@@ -86,7 +86,7 @@ tls_parse_bigint(struct tls *ctx, const ASN1_INTEGER *asn1int, const char **dst_
- */
-
- static int
--check_invalid_bytes(struct tls *ctx, unsigned char *data, unsigned int len,
-+check_invalid_bytes(struct tls *ctx, const unsigned char *data, unsigned int len,
- int ascii_only, const char *desc)
- {
- unsigned int i, c;
-@@ -125,7 +125,7 @@ static int
- tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
- {
- int format, len, ret = -1;
-- unsigned char *data;
-+ const unsigned char *data;
- ASN1_STRING *a1utf = NULL;
- int ascii_only = 0;
- char *cstr = NULL;
-@@ -134,7 +134,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
- *dst_p = NULL;
-
- format = ASN1_STRING_type(a1str);
-- data = ASN1_STRING_data(a1str);
-+ data = ASN1_STRING_get0_data(a1str);
- len = ASN1_STRING_length(a1str);
- if (len < minchars) {
- tls_set_errorx(ctx, "invalid %s: string too short", desc);
-@@ -188,7 +188,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
- tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
- goto failed;
- }
-- data = ASN1_STRING_data(a1utf);
-+ data = ASN1_STRING_get0_data(a1utf);
- len = ASN1_STRING_length(a1utf);
- }
-
-@@ -275,12 +275,12 @@ static int
- tls_load_alt_ipaddr(struct tls *ctx, ASN1_OCTET_STRING *bin, struct tls_cert *cert)
- {
- struct tls_cert_general_name *slot;
-- void *data;
-+ const void *data;
- int len;
-
- slot = &cert->subject_alt_names[cert->subject_alt_name_count];
- len = ASN1_STRING_length(bin);
-- data = ASN1_STRING_data(bin);
-+ data = ASN1_STRING_get0_data(bin);
- if (len < 0) {
- tls_set_errorx(ctx, "negative length for ipaddress");
- return -1;
-diff --git a/usual/tls/tls_compat.h b/usual/tls/tls_compat.h
-index 40ca5cf..8305958 100644
---- a/usual/tls/tls_compat.h
-+++ b/usual/tls/tls_compat.h
-@@ -12,6 +12,7 @@
- #include <usual/time.h>
-
- #include <openssl/ssl.h>
-+#include <openssl/err.h>
-
- /* OpenSSL 1.1+ has hidden struct fields */
- #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-@@ -21,6 +22,50 @@
- #define X509_get_key_usage(x509) ((x509)->ex_kusage)
- #define X509_get_extended_key_usage(x509) ((x509)->ex_xkusage)
- #define SSL_CTX_get0_param(ssl_ctx) ((ssl_ctx)->param)
-+#define ASN1_STRING_get0_data(x) ((const unsigned char*)ASN1_STRING_data(x))
-+#define X509_OBJECT_get0_X509(x) ((x)->data.x509)
-+
-+#ifndef OPENSSL_VERSION
-+#define OPENSSL_VERSION SSLEAY_VERSION
-+#define OpenSSL_version(x) SSLeay_version(x)
-+#endif
-+
-+static inline X509_OBJECT *X509_OBJECT_new(void)
-+{
-+ X509_OBJECT *obj = OPENSSL_malloc(sizeof(*obj));
-+ if (obj) {
-+ memset(obj, 0, sizeof(*obj));
-+ } else {
-+ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
-+ }
-+ return obj;
-+}
-+
-+static inline void X509_OBJECT_free(X509_OBJECT *obj)
-+{
-+ if (obj) {
-+ if (obj->type == X509_LU_X509) {
-+ X509_free(obj->data.x509);
-+ } else if (obj->type == X509_LU_CRL) {
-+ X509_CRL_free(obj->data.crl);
-+ }
-+ OPENSSL_free(obj);
-+ }
-+}
-+
-+static inline X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx, int lookup, X509_NAME *name)
-+{
-+ X509_OBJECT *obj = X509_OBJECT_new();
-+ if (obj) {
-+ if (X509_STORE_get_by_subject(ctx, lookup, name, obj)) {
-+ return obj;
-+ }
-+ X509_OBJECT_free(obj);
-+ }
-+ return NULL;
-+}
-+
-+
- #endif
-
- /* ecdh_auto is broken - ignores main EC key */
-diff --git a/usual/tls/tls_ocsp.c b/usual/tls/tls_ocsp.c
-index 1e41d48..0b21e32 100644
---- a/usual/tls/tls_ocsp.c
-+++ b/usual/tls/tls_ocsp.c
-@@ -164,8 +164,8 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
- {
- X509_NAME *issuer_name;
- X509 *issuer;
-- X509_STORE_CTX storectx;
-- X509_OBJECT tmpobj;
-+ X509_STORE_CTX *storectx = NULL;
-+ X509_OBJECT *tmpobj;
- OCSP_CERTID *cid = NULL;
- X509_STORE *store;
- int ok;
-@@ -182,17 +182,23 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
-
- store = SSL_CTX_get_cert_store(ssl_ctx);
- if (!store)
-- return NULL;
-- ok = X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs);
-+ goto error;
-+ ok = X509_STORE_CTX_init(storectx, store, main_cert, extra_certs);
- if (ok != 1)
-- return NULL;
-- ok = X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, &tmpobj);
-- if (ok == 1) {
-- cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
-- X509_free(tmpobj.data.x509);
-- }
-- X509_STORE_CTX_cleanup(&storectx);
-+ goto error;
-+
-+ tmpobj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, issuer_name);
-+ if (!tmpobj)
-+ goto error;
-+ cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj));
-+ X509_OBJECT_free(tmpobj);
-+ X509_STORE_CTX_free(storectx);
- return cid;
-+error:
-+ if (storectx) {
-+ X509_STORE_CTX_free(storectx);
-+ }
-+ return NULL;
- }
-
- static int
-diff --git a/usual/tls/tls_util.c b/usual/tls/tls_util.c
-index 2b91c64..823ccd1 100644
---- a/usual/tls/tls_util.c
-+++ b/usual/tls/tls_util.c
-@@ -30,7 +30,7 @@
- const char *
- tls_backend_version(void)
- {
-- return SSLeay_version(SSLEAY_VERSION);
-+ return OpenSSL_version(OPENSSL_VERSION);
- }
-
- /*
-diff --git a/usual/tls/tls_verify.c b/usual/tls/tls_verify.c
-index 1c94b7c..9e5cce6 100644
---- a/usual/tls/tls_verify.c
-+++ b/usual/tls/tls_verify.c
-@@ -116,12 +116,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
- continue;
-
- if (type == GEN_DNS) {
-- void *data;
-+ const void *data;
- int format, len;
-
- format = ASN1_STRING_type(altname->d.dNSName);
- if (format == V_ASN1_IA5STRING) {
-- data = ASN1_STRING_data(altname->d.dNSName);
-+ data = ASN1_STRING_get0_data(altname->d.dNSName);
- len = ASN1_STRING_length(altname->d.dNSName);
-
- if (len < 0 || len != (int)strlen(data)) {
-@@ -161,11 +161,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
- }
-
- } else if (type == GEN_IPADD) {
-- unsigned char *data;
-+ const unsigned char *data;
- int datalen;
-
- datalen = ASN1_STRING_length(altname->d.iPAddress);
-- data = ASN1_STRING_data(altname->d.iPAddress);
-+ data = ASN1_STRING_get0_data(altname->d.iPAddress);
-
- if (datalen < 0) {
- tls_set_errorx(ctx,
More information about the arch-commits
mailing list