summaryrefslogtreecommitdiff
path: root/app-admin/syslog-ng/files/patches/syslog-ng-3.14.1-fix-tls-client.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-admin/syslog-ng/files/patches/syslog-ng-3.14.1-fix-tls-client.patch')
-rw-r--r--app-admin/syslog-ng/files/patches/syslog-ng-3.14.1-fix-tls-client.patch173
1 files changed, 0 insertions, 173 deletions
diff --git a/app-admin/syslog-ng/files/patches/syslog-ng-3.14.1-fix-tls-client.patch b/app-admin/syslog-ng/files/patches/syslog-ng-3.14.1-fix-tls-client.patch
deleted file mode 100644
index b4046bdbadb1..000000000000
--- a/app-admin/syslog-ng/files/patches/syslog-ng-3.14.1-fix-tls-client.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From a4f7b9dc75c2b678466cc104d8ca111bd90fba11 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= <laszlo.varady@balabit.com>
-Date: Wed, 7 Mar 2018 18:35:09 +0100
-Subject: [PATCH 1/3] tls: fix tls_context_load_key_and_cert()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-key_file and cert_file are optional (the client cert is not mandatory).
-
-Signed-off-by: László Várady <laszlo.varady@balabit.com>
----
- lib/tlscontext.c | 9 +++++++++
- modules/afsocket/transport-mapper-inet.c | 6 +++---
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/lib/tlscontext.c b/lib/tlscontext.c
-index 510ac2738d..b202c397f3 100644
---- a/lib/tlscontext.c
-+++ b/lib/tlscontext.c
-@@ -599,9 +599,18 @@ _are_key_and_cert_files_accessible(TLSContext *self)
- file_exists(self->cert_file);
- }
-
-+static gboolean
-+_client_key_and_cert_files_are_not_specified(TLSContext *self)
-+{
-+ return self->mode == TM_CLIENT && (!self->key_file && !self->cert_file);
-+}
-+
- static TLSContextLoadResult
- tls_context_load_key_and_cert(TLSContext *self)
- {
-+ if (_client_key_and_cert_files_are_not_specified(self))
-+ return TLS_CONTEXT_OK;
-+
- if (!_are_key_and_cert_files_accessible(self))
- return TLS_CONTEXT_FILE_ACCES_ERROR;
- if (!SSL_CTX_use_PrivateKey_file(self->ssl_ctx, self->key_file, SSL_FILETYPE_PEM))
-diff --git a/modules/afsocket/transport-mapper-inet.c b/modules/afsocket/transport-mapper-inet.c
-index 80c0d21801..1afb34b33f 100644
---- a/modules/afsocket/transport-mapper-inet.c
-+++ b/modules/afsocket/transport-mapper-inet.c
-@@ -176,17 +176,17 @@ transport_mapper_inet_async_init(TransportMapper *s, TransportMapperAsyncInitCB
-
- TLSContextSetupResult tls_ctx_setup_res = tls_context_setup_context(self->tls_context);
-
-+ const gchar *key = tls_context_get_key_file(self->tls_context);
-+
- if (tls_ctx_setup_res == TLS_CONTEXT_SETUP_OK)
- {
-- const gchar *key = tls_context_get_key_file(self->tls_context);
-- if (secret_storage_contains_key(key))
-+ if (key && secret_storage_contains_key(key))
- secret_storage_update_status(key, SECRET_STORAGE_SUCCESS);
- return func(func_args);
- }
-
- if (tls_ctx_setup_res == TLS_CONTEXT_SETUP_BAD_PASSWORD)
- {
-- const gchar *key = tls_context_get_key_file(self->tls_context);
- msg_error("Error setting up TLS context",
- evt_tag_str("keyfile", key));
- call_finalize_init_args *args = g_new0(call_finalize_init_args, 1);
-
-From 9e3eae23330442c9e58ae5ccc732457f2d0e694e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= <laszlo.varady@balabit.com>
-Date: Wed, 7 Mar 2018 19:39:24 +0100
-Subject: [PATCH 2/3] tlscontext: fix error logging of cert_file
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-file_exists() has a side effect: it logs when the file can't be opened.
-
-Since the && operator is evaluated lazily, the error messages of cert_file
-were not displayed when the first invocation of file_exists failed
-(on key_file).
-
-Signed-off-by: László Várady <laszlo.varady@balabit.com>
----
- lib/tlscontext.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/tlscontext.c b/lib/tlscontext.c
-index b202c397f3..5a503387c4 100644
---- a/lib/tlscontext.c
-+++ b/lib/tlscontext.c
-@@ -595,8 +595,10 @@ tls_context_load_pkcs12(TLSContext *self)
- static gboolean
- _are_key_and_cert_files_accessible(TLSContext *self)
- {
-- return file_exists(self->key_file) &&
-- file_exists(self->cert_file);
-+ gboolean key_file_exists = file_exists(self->key_file);
-+ gboolean cert_file_exists = file_exists(self->cert_file);
-+
-+ return key_file_exists && cert_file_exists;
- }
-
- static gboolean
-
-From 3eef78b6ac8016d3eb33b36bd98419d5b086767f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= <laszlo.varady@balabit.com>
-Date: Wed, 7 Mar 2018 19:43:41 +0100
-Subject: [PATCH 3/3] tlscontext: rename file_exists() to is_file_accessible()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: László Várady <laszlo.varady@balabit.com>
----
- lib/tlscontext.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/lib/tlscontext.c b/lib/tlscontext.c
-index 5a503387c4..73015d2462 100644
---- a/lib/tlscontext.c
-+++ b/lib/tlscontext.c
-@@ -322,7 +322,7 @@ tls_session_free(TLSSession *self)
- }
-
- static gboolean
--file_exists(const gchar *fname)
-+_is_file_accessible(const gchar *fname)
- {
- if (!fname)
- return FALSE;
-@@ -444,7 +444,7 @@ _is_dh_valid(DH *dh)
- static DH *
- _load_dh_from_file(const gchar *dhparam_file)
- {
-- if (!file_exists(dhparam_file))
-+ if (!_is_file_accessible(dhparam_file))
- return NULL;
-
- BIO *bio = BIO_new_file(dhparam_file, "r");
-@@ -528,7 +528,7 @@ tls_context_setup_dh(TLSContext *self)
- static PKCS12 *
- _load_pkcs12_file(const gchar *pkcs12_file)
- {
-- if (!file_exists(pkcs12_file))
-+ if (!_is_file_accessible(pkcs12_file))
- return NULL;
-
- FILE *p12_file = fopen(pkcs12_file, "rb");
-@@ -595,10 +595,10 @@ tls_context_load_pkcs12(TLSContext *self)
- static gboolean
- _are_key_and_cert_files_accessible(TLSContext *self)
- {
-- gboolean key_file_exists = file_exists(self->key_file);
-- gboolean cert_file_exists = file_exists(self->cert_file);
-+ gboolean key_file_accessible = _is_file_accessible(self->key_file);
-+ gboolean cert_file_accessible = _is_file_accessible(self->cert_file);
-
-- return key_file_exists && cert_file_exists;
-+ return key_file_accessible && cert_file_accessible;
- }
-
- static gboolean
-@@ -650,10 +650,10 @@ tls_context_setup_context(TLSContext *self)
- goto error;
- }
-
-- if (file_exists(self->ca_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->ca_dir))
-+ if (_is_file_accessible(self->ca_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->ca_dir))
- goto error;
-
-- if (file_exists(self->crl_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->crl_dir))
-+ if (_is_file_accessible(self->crl_dir) && !SSL_CTX_load_verify_locations(self->ssl_ctx, NULL, self->crl_dir))
- goto error;
-
- if (self->crl_dir)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 08:26:15 +0000