summaryrefslogtreecommitdiff
path: root/package/stunnel/patches/patch-src_verify_c
diff options
context:
space:
mode:
Diffstat (limited to 'package/stunnel/patches/patch-src_verify_c')
-rw-r--r--package/stunnel/patches/patch-src_verify_c75
1 files changed, 0 insertions, 75 deletions
diff --git a/package/stunnel/patches/patch-src_verify_c b/package/stunnel/patches/patch-src_verify_c
deleted file mode 100644
index f64f03950..000000000
--- a/package/stunnel/patches/patch-src_verify_c
+++ /dev/null
@@ -1,75 +0,0 @@
---- stunnel-5.31.orig/src/verify.c 2016-02-19 20:18:43.000000000 +0100
-+++ stunnel-5.31/src/verify.c 2016-03-13 13:30:11.000000000 +0100
-@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE *
- NOEXPORT int verify_callback(int, X509_STORE_CTX *);
- NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
- NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
--NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
--#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
- NOEXPORT int cert_check_local(X509_STORE_CTX *);
- NOEXPORT int compare_pubkeys(X509 *, X509 *);
- #ifndef OPENSSL_NO_OCSP
-@@ -274,10 +271,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
- }
-
- if(depth==0) { /* additional peer certificate checks */
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-- if(!cert_check_subject(c, callback_ctx))
-- return 0; /* reject */
--#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
- if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx))
- return 0; /* reject */
- }
-@@ -285,51 +278,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
- return 1; /* accept */
- }
-
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
--NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
-- X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-- NAME_LIST *ptr;
-- char *peername=NULL;
--
-- if(c->opt->check_host) {
-- for(ptr=c->opt->check_host; ptr; ptr=ptr->next)
-- if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0)
-- break;
-- if(!ptr) {
-- s_log(LOG_WARNING, "CERT: No matching host name found");
-- return 0; /* reject */
-- }
-- s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"",
-- ptr->name, peername);
-- OPENSSL_free(peername);
-- }
--
-- if(c->opt->check_email) {
-- for(ptr=c->opt->check_email; ptr; ptr=ptr->next)
-- if(X509_check_email(cert, ptr->name, 0, 0)>0)
-- break;
-- if(!ptr) {
-- s_log(LOG_WARNING, "CERT: No matching email address found");
-- return 0; /* reject */
-- }
-- s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name);
-- }
--
-- if(c->opt->check_ip) {
-- for(ptr=c->opt->check_ip; ptr; ptr=ptr->next)
-- if(X509_check_ip_asc(cert, ptr->name, 0)>0)
-- break;
-- if(!ptr) {
-- s_log(LOG_WARNING, "CERT: No matching IP address found");
-- return 0; /* reject */
-- }
-- s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name);
-- }
--
-- return 1; /* accept */
--}
--#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
--
- NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
- X509 *cert;
- X509_NAME *subject;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 22:47:05 +0000