From d5679cb6248d0142f3c246f6ff2a7241a3f0ffde Mon Sep 17 00:00:00 2001 From: Robert Scheck Date: Aug 25 2017 23:50:12 +0000 Subject: Added patch to build with OpenSSL >= 1.1.0 (#1423847) --- diff --git a/libeXosip2-3.6.0-openssl_110.patch b/libeXosip2-3.6.0-openssl_110.patch new file mode 100644 index 0000000..4ce2181 --- /dev/null +++ b/libeXosip2-3.6.0-openssl_110.patch @@ -0,0 +1,128 @@ +Patch to add support for building with OpenSSL >= 1.1.0, somehow more or less based on: + + - https://github.com/openssl/openssl/commit/009e9d99a325992096b6112c16b190e47fd1d166 + - https://mta.openssl.org/pipermail/openssl-commits/2015-November/002076.html + - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828395 + +--- libeXosip2-3.6.0/src/eXtl_dtls.c 2011-10-04 09:56:59.000000000 +0200 ++++ libeXosip2-3.6.0/src/eXtl_dtls.c.openssl_110 2017-08-26 01:42:58.038757323 +0200 +@@ -214,7 +214,11 @@ + + BIO_dgram_set_peer(rbio, &addr); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + (dtls_socket_tab[pos].ssl_conn)->rbio = rbio; ++#else ++ SSL_set0_rbio((dtls_socket_tab[pos].ssl_conn), rbio); ++#endif + + i = SSL_shutdown(dtls_socket_tab[pos].ssl_conn); + +@@ -599,13 +603,21 @@ + rbio = BIO_new_mem_buf(enc_buf, enc_buf_len); + BIO_set_mem_eof_return(rbio, -1); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + dtls_socket_tab[pos].ssl_conn->rbio = rbio; ++#else ++ SSL_set0_rbio(dtls_socket_tab[pos].ssl_conn, rbio); ++#endif + + i = SSL_read(dtls_socket_tab[pos].ssl_conn, dec_buf, + SIP_MESSAGE_MAX_LENGTH); + /* done with the rbio */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BIO_free(dtls_socket_tab[pos].ssl_conn->rbio); + dtls_socket_tab[pos].ssl_conn->rbio = BIO_new(BIO_s_mem()); ++#else ++ SSL_set0_rbio(dtls_socket_tab[pos].ssl_conn, BIO_new(BIO_s_mem())); ++#endif + + if (i > 5) { + dec_buf[i] = '\0'; +@@ -941,7 +953,11 @@ + socket_tab_used = &dtls_socket_tab[pos]; + rbio = BIO_new_dgram(dtls_socket, BIO_NOCLOSE); + BIO_dgram_set_peer(rbio, &addr); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + dtls_socket_tab[pos].ssl_conn->rbio = rbio; ++#else ++ SSL_set0_rbio(dtls_socket_tab[pos].ssl_conn, rbio); ++#endif + break; + } + } +@@ -956,7 +972,11 @@ + socket_tab_used = &dtls_socket_tab[pos]; + rbio = BIO_new_dgram(dtls_socket, BIO_NOCLOSE); + BIO_dgram_set_peer(rbio, &addr); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + dtls_socket_tab[pos].ssl_conn->rbio = rbio; ++#else ++ SSL_set0_rbio(dtls_socket_tab[pos].ssl_conn, rbio); ++#endif + break; + } + } +@@ -1012,7 +1032,11 @@ + SSL_set_mtu(dtls_socket_tab[pos].ssl_conn, 2000); + SSL_set_connect_state(dtls_socket_tab[pos].ssl_conn); + sbio = BIO_new_dgram(dtls_socket, BIO_NOCLOSE); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BIO_ctrl_set_connected(sbio, 1, (struct sockaddr *) &addr); ++#else ++ BIO_ctrl_set_connected(sbio, (struct sockaddr *) &addr); ++#endif + SSL_set_bio(dtls_socket_tab[pos].ssl_conn, sbio, sbio); + + dtls_socket_tab[pos].ssl_type = 2; +--- libeXosip2-3.6.0/src/eXtl_tls.c 2011-10-05 16:36:48.000000000 +0200 ++++ libeXosip2-3.6.0/src/eXtl_tls.c.openssl_110 2017-08-26 01:23:53.678803454 +0200 +@@ -754,7 +754,11 @@ + * it for something special + */ + if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_NAME_oneline(X509_get_issuer_name(store->current_cert), buf, 256); ++#else ++ X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(store)), buf, 256); ++#endif + OSIP_TRACE(osip_trace + (__FILE__, __LINE__, OSIP_ERROR, NULL, "issuer= %s\n", buf)); + } +@@ -763,7 +767,11 @@ + return preverify_ok; + + if (!preverify_ok && (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_NAME_oneline(X509_get_issuer_name(store->current_cert), buf, 256); ++#else ++ X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(store)), buf, 256); ++#endif + OSIP_TRACE(osip_trace + (__FILE__, __LINE__, OSIP_ERROR, NULL, "issuer= %s\n", buf)); + preverify_ok = 1; +@@ -771,7 +779,11 @@ + } + + if (!preverify_ok && (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_NAME_oneline(X509_get_issuer_name(store->current_cert), buf, 256); ++#else ++ X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(store)), buf, 256); ++#endif + OSIP_TRACE(osip_trace + (__FILE__, __LINE__, OSIP_ERROR, NULL, "issuer= %s\n", buf)); + preverify_ok = 1; +@@ -779,7 +791,11 @@ + } + + if (!preverify_ok && (err == X509_V_ERR_CERT_HAS_EXPIRED)) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_NAME_oneline(X509_get_issuer_name(store->current_cert), buf, 256); ++#else ++ X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(store)), buf, 256); ++#endif + OSIP_TRACE(osip_trace + (__FILE__, __LINE__, OSIP_ERROR, NULL, "issuer= %s\n", buf)); + preverify_ok = 1; diff --git a/libeXosip2.spec b/libeXosip2.spec index 2e679ea..8683f75 100644 --- a/libeXosip2.spec +++ b/libeXosip2.spec @@ -1,12 +1,13 @@ Summary: A library that hides the complexity of using the SIP protocol Name: libeXosip2 Version: 3.6.0 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2+ Group: System Environment/Libraries URL: http://savannah.nongnu.org/projects/eXosip Source0: http://download.savannah.nongnu.org/releases/exosip/libeXosip2-%{version}.tar.gz Patch0: libeXosip2-aarch64.patch +Patch1: libeXosip2-3.6.0-openssl_110.patch BuildRequires: c-ares-devel BuildRequires: ortp-devel >= 0.14.2 @@ -33,6 +34,7 @@ Development files for libeXosip2. %prep %setup -q %patch0 -p1 -b .aarch64 +%patch1 -p1 -b .openssl_110 %build @@ -67,6 +69,9 @@ cp help/doxygen/doc/man/man3/*.3* %{buildroot}%{_mandir}/man3 %{_mandir}/man3/*.3* %changelog +* Sat Aug 26 2017 Robert Scheck - 3.6.0-15 +- Added patch to build with OpenSSL >= 1.1.0 (#1423847) + * Thu Aug 03 2017 Fedora Release Engineering - 3.6.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild