From 129370fc1900bc981d529ab7d4a82b6668c72183 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Tue, 20 Feb 2018 22:03:34 -0600
Subject: system/openssl: prepare for a new OpenSSL

---
 .../0004-fix-default-ca-path-for-apps.patch        | 79 ++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 system/openssl/0004-fix-default-ca-path-for-apps.patch

(limited to 'system/openssl/0004-fix-default-ca-path-for-apps.patch')

diff --git a/system/openssl/0004-fix-default-ca-path-for-apps.patch b/system/openssl/0004-fix-default-ca-path-for-apps.patch
new file mode 100644
index 000000000..c2c53184a
--- /dev/null
+++ b/system/openssl/0004-fix-default-ca-path-for-apps.patch
@@ -0,0 +1,79 @@
+From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 08:52:05 +0200
+Subject: [PATCH] fix default ca path for apps
+
+---
+ apps/s_server.c | 22 ++++++++++++++--------
+ apps/s_time.c   | 13 ++++++-------
+ 3 files changed, 26 insertions(+), 22 deletions(-)
+
+diff --git a/apps/s_server.c b/apps/s_server.c
+index baa2455..2d5dc97 100644
+--- a/apps/s_server.c
++++ b/apps/s_server.c
+@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[])
+     }
+ #endif
+ 
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+-        (!SSL_CTX_set_default_verify_paths(ctx))) {
+-        /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+-        ERR_print_errors(bio_err);
+-        /* goto end; */
++    if (CAfile == NULL && CApath == NULL) {
++        if (!SSL_CTX_set_default_verify_paths(ctx))
++            ERR_print_errors(bio_err);
++    } else {
++        if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
++            ERR_print_errors(bio_err);
+     }
++
+     if (vpm)
+         SSL_CTX_set1_param(ctx, vpm);
+ 
+@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[])
+         else
+             SSL_CTX_sess_set_cache_size(ctx2, 128);
+ 
+-        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
+-            (!SSL_CTX_set_default_verify_paths(ctx2))) {
+-            ERR_print_errors(bio_err);
++        if (CAfile == NULL && CApath == NULL) {
++            if (!SSL_CTX_set_default_verify_paths(ctx2))
++                ERR_print_errors(bio_err);
++        } else {
++            if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath))
++                ERR_print_errors(bio_err);
+         }
++
+         if (vpm)
+             SSL_CTX_set1_param(ctx2, vpm);
+ 
+diff --git a/apps/s_time.c b/apps/s_time.c
+index 5846f3a..c8f371a 100644
+--- a/apps/s_time.c
++++ b/apps/s_time.c
+@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
+ 
+     SSL_load_error_strings();
+ 
+-    if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+-        (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
+-        /*
+-         * BIO_printf(bio_err,"error setting default verify locations\n");
+-         */
+-        ERR_print_errors(bio_err);
+-        /* goto end; */
++    if (CAfile == NULL && CApath == NULL) {
++        if (!SSL_CTX_set_default_verify_paths(tm_ctx))
++            ERR_print_errors(bio_err);
++    } else {
++        if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath))
++            ERR_print_errors(bio_err);
+     }
+ 
+     if (tm_cipher == NULL)
+-- 
+2.2.2
+
-- 
cgit v1.2.3-60-g2f50