Linux sagir-us1.hostever.us 5.14.0-570.51.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 8 09:41:34 EDT 2025 x86_64
LiteSpeed
Server IP : 104.247.108.91 & Your IP : 216.73.216.26
Domains : 74 Domain
User : georgeto
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
local /
apps /
lib /
imap /
supplemental /
patches /
Delete
Unzip
Name
Size
Permission
Date
Action
1006_openssl1.1_autoverify.patch
2.15
KB
-rw-r--r--
2023-01-11 06:22
README.md
325
B
-rw-r--r--
2023-01-11 06:22
imap-2004a-doc.patch
885
B
-rw-r--r--
2023-01-11 06:22
imap-2007-paths.patch
614
B
-rw-r--r--
2023-01-11 06:22
imap-2007e-authmd5.patch
1.61
KB
-rw-r--r--
2023-01-11 06:22
imap-2007e-overflow.patch
721
B
-rw-r--r--
2023-01-11 06:22
imap-2007e-poll.patch
7.5
KB
-rw-r--r--
2023-01-11 06:22
imap-2007e-shared.patch
2.56
KB
-rw-r--r--
2023-01-11 06:22
imap-2007e-system_c_client.patch
728
B
-rw-r--r--
2023-01-11 06:22
imap-2007f-format-security.patch
680
B
-rw-r--r--
2023-01-11 06:22
imap-2007f-ldflags.patch
964
B
-rw-r--r--
2023-01-11 06:22
Save
Rename
Description: Support OpenSSL 1.1 When building with OpenSSL 1.1 and newer, use the new built-in hostname verification instead of code that doesn't compile due to structs having been made opaque. Bug-Debian: https://bugs.debian.org/828589 --- a/src/osdep/unix/ssl_unix.c +++ b/src/osdep/unix/ssl_unix.c @@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM * /* disable certificate validation? */ if (flags & NET_NOVALIDATECERT) SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL); - else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); + else { +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context); + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_VERIFY_PARAM_set1_host(param, host, 0); +#endif + + SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify); /* set default paths to CAs... */ + } SSL_CTX_set_default_verify_paths (stream->context); /* ...unless a non-standard path desired */ if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL)) @@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM * if (SSL_write (stream->con,"",0) < 0) return ssl_last_error ? ssl_last_error : "SSL negotiation failed"; /* need to validate host names? */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 if (!(flags & NET_NOVALIDATECERT) && (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con), host))) { @@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM * sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???"); return ssl_last_error = cpystr (tmp); } +#endif return NIL; } @@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_ * Returns: NIL if validated, else string of error message */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 static char *ssl_validate_cert (X509 *cert,char *host) { int i,n; @@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce else ret = "Unable to locate common name in certificate"; return ret; } +#endif /* Case-independent wildcard pattern match * Accepts: base string