[haiku-commits] haiku: hrev49800 - build/jam/repositories/HaikuPorts src/kits/network/libnetapi

  • From: pulkomandy@xxxxxxxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Tue, 10 Nov 2015 09:22:44 +0100 (CET)

hrev49800 adds 2 changesets to branch 'master'
old head: 93c0a5d7902c4f71f18930da38769b18a2e47653
new head: d3b6b9e5f7114eecc9dd67532b58d5b78b8dc4e9
overview:
http://cgit.haiku-os.org/haiku/log/?qt=range&q=d3b6b9e5f711+%5E93c0a5d7902c

----------------------------------------------------------------------------

5d9674b2f8c3: Update OpenSSL to 1.0.2.

* The dependency declarations were broken in previous versions, so all
packages depending on OpenSSL need to be rebuilt with the proper
dependency on the libs (1.0.0 and not 1.0.0r or similar).
* I have confirmed that this version works fine in a running Haiku
install (so the problems affecting the initial 1.0.1 port are fixed).
* OpensSL 1.0.2 can be used with a current ca_root_certificates package,
so also update that.

d3b6b9e5f711: BSecureSocket: use "trusted first" validation algorithm.

* This makes it work with the new ca_root_certificates package.

Fixes #12004.

[ Adrien Destugues <pulkomandy@xxxxxxxxxxxxx> ]

----------------------------------------------------------------------------

2 files changed, 29 insertions(+), 17 deletions(-)
build/jam/repositories/HaikuPorts/x86_gcc2 | 34 ++++++++++++-------------
src/kits/network/libnetapi/SecureSocket.cpp | 12 +++++++++

############################################################################

Commit: 5d9674b2f8c36ea1377df0a064e5e37c72963574
URL: http://cgit.haiku-os.org/haiku/commit/?id=5d9674b2f8c3
Author: Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
Date: Tue Nov 10 07:43:47 2015 UTC

Update OpenSSL to 1.0.2.

* The dependency declarations were broken in previous versions, so all
packages depending on OpenSSL need to be rebuilt with the proper
dependency on the libs (1.0.0 and not 1.0.0r or similar).
* I have confirmed that this version works fine in a running Haiku
install (so the problems affecting the initial 1.0.1 port are fixed).
* OpensSL 1.0.2 can be used with a current ca_root_certificates package,
so also update that.

----------------------------------------------------------------------------

diff --git a/build/jam/repositories/HaikuPorts/x86_gcc2
b/build/jam/repositories/HaikuPorts/x86_gcc2
index f7bc01d..a732517 100644
--- a/build/jam/repositories/HaikuPorts/x86_gcc2
+++ b/build/jam/repositories/HaikuPorts/x86_gcc2
@@ -5,7 +5,7 @@ RemotePackageRepository HaikuPorts
# architecture "any" packages
avr_libc_x86-1.8.0-2
be_book-2008_10_26-1
- ca_root_certificates-2014_08_13-1
+ ca_root_certificates-2015_10_28-1
caladea-20130214-3
carlito-20130920-1
colormake-0.9.20140503-1
@@ -82,8 +82,8 @@ RemotePackageRepository HaikuPorts
ctags-5.8-3
colors-2.3-1
coreutils-8.24-1
- curl-7.44.0-1
- curl_devel-7.44.0-1
+ curl-7.45.0-2
+ curl_devel-7.45.0-2
cvs-1.12.13.1-6
d52-3.4.1-1
desknotes-1.1-4
@@ -146,12 +146,12 @@ RemotePackageRepository HaikuPorts
giddy3-1.4-1
giflib-5.0.5-2
giflib_devel-5.0.5-2
- git-2.2.2-1
- git_arch-2.2.2-1
- git_cvs-2.2.2-1
- git_daemon-2.2.2-1
- git_email-2.2.2-1
- git_svn-2.2.2-1
+ git-2.2.2-2
+ git_arch-2.2.2-2
+ git_cvs-2.2.2-2
+ git_daemon-2.2.2-2
+ git_email-2.2.2-2
+ git_svn-2.2.2-2
glew-1.11.0-1
glew_devel-1.11.0-1
glew_util-1.11.0-1
@@ -376,8 +376,8 @@ RemotePackageRepository HaikuPorts
opensound-4.2_git-2
openssh-6.9p1-1
# sync openssl with secondary architecture (x86)
- openssl-1.0.0s-1
- openssl_devel-1.0.0s-1
+ openssl-1.0.2d-4
+ openssl_devel-1.0.2d-4
p7zip-9.20.1-4
paladin-git-5
paragui-1.1.8-1
@@ -403,7 +403,7 @@ RemotePackageRepository HaikuPorts
psiconv_devel-0.9.8-1
psqlodbc-09.03.0400-1
psqlodbc_devel-09.03.0400-1
- python-2.7.9-1
+ python-2.7.10-1
python_dateutil-1.5-2
python_imaging-1.1.7-1
python_lxml-3.3.5-2
@@ -506,7 +506,7 @@ RemotePackageRepository HaikuPorts
vmware_addons-1.1.1-3
vncserver-1.26-1
weather-0.1.1_git-1
- wget-1.16.3-1
+ wget-1.16.3-2
which-2.21-1
wonderbrush-2.1.2-4
wpa_supplicant-2.0-3
@@ -575,8 +575,8 @@ RemotePackageRepository HaikuPorts
confuse_x86-2.7-2
confuse_x86_devel-2.7-2
copynametoclipboard-1.0.1-2
- curl_x86-7.44.0-1
- curl_x86_devel-7.44.0-1
+ curl_x86-7.45.0-1
+ curl_x86_devel-7.45.0-1
cvsps_x86-2.2b1-1
dbus_x86-1.8.6-1
dbus_x86_devel-1.8.6-1
@@ -812,8 +812,8 @@ RemotePackageRepository HaikuPorts
openjdk_x86_devel-1.7.u80_b32-3
openjpeg_x86-2.1.0-2
openjpeg_x86_devel-2.1.0-2
- openssl_x86-1.0.0s-1
- openssl_x86_devel-1.0.0s-1
+ openssl_x86-1.0.2d-2
+ openssl_x86_devel-1.0.2d-2
openttd_x86-1.3.3-1
pango_x86-1.37.0-1
pango_x86_devel-1.37.0-1

############################################################################

Revision: hrev49800
Commit: d3b6b9e5f7114eecc9dd67532b58d5b78b8dc4e9
URL: http://cgit.haiku-os.org/haiku/commit/?id=d3b6b9e5f711
Author: Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
Date: Tue Nov 10 07:59:02 2015 UTC

Ticket: https://dev.haiku-os.org/ticket/12004

BSecureSocket: use "trusted first" validation algorithm.

* This makes it work with the new ca_root_certificates package.

Fixes #12004.

----------------------------------------------------------------------------

diff --git a/src/kits/network/libnetapi/SecureSocket.cpp
b/src/kits/network/libnetapi/SecureSocket.cpp
index 52d7edf..1e3beaa 100644
--- a/src/kits/network/libnetapi/SecureSocket.cpp
+++ b/src/kits/network/libnetapi/SecureSocket.cpp
@@ -193,6 +193,18 @@ BSecureSocket::Private::_CreateContext()
SSL_CTX_load_verify_locations(sContext, certificateStore.Path(), NULL);
SSL_CTX_set_verify(sContext, SSL_VERIFY_PEER, VerifyCallback);

+ // OpenSSL 1.0.2 and later: use the alternate "trusted first" algorithm
to validate certificate
+ // chains. This makes the validation stop as soon as a recognized
certificate is found in the
+ // chain, instead of validating the whole chain, then seeing if the
root certificate is known.
+#ifdef X509_V_FLAG_TRUSTED_FIRST
+ X509_VERIFY_PARAM* verifyParam = X509_VERIFY_PARAM_new();
+ X509_VERIFY_PARAM_set_flags(verifyParam, X509_V_FLAG_TRUSTED_FIRST);
+ SSL_CTX_set1_param(sContext, verifyParam);
+
+ // TODO we need to free this after freeing the SSL context (which we
currently never do)
+ // X509_VERIFY_PARAM_free(verifyParam);
+#endif
+
// Get an unique index number for storing application data in SSL
// structs. We will store a pointer to the BSecureSocket class there.
sDataIndex = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);


Other related posts:

  • » [haiku-commits] haiku: hrev49800 - build/jam/repositories/HaikuPorts src/kits/network/libnetapi - pulkomandy