mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-17 03:25:46 +00:00
- fix "exited on signal 11" when dhparams file is missing.
PR: 226431
This commit is contained in:
parent
7ec04ccefd
commit
1cbf69f22e
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=463887
@ -2,7 +2,7 @@
|
||||
|
||||
PORTNAME= sendmail
|
||||
PORTVERSION= 8.15.2
|
||||
PORTREVISION= 8
|
||||
PORTREVISION= 9
|
||||
CATEGORIES= mail ipv6
|
||||
MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/
|
||||
PKGNAMESUFFIX?= ${TLS_SUFFIX}${SASL_SUFFIX}${LDAP_SUFFIX}${BDB_SUFFIX}${PKGNAMESUFFIX2}
|
||||
|
@ -10,7 +10,7 @@
|
||||
# ifndef HASURANDOMDEV
|
||||
# include <openssl/rand.h>
|
||||
# endif /* ! HASURANDOMDEV */
|
||||
@@ -44,6 +47,22 @@ static bool tls_safe_f __P((char *, long
|
||||
@@ -44,6 +47,23 @@ static bool tls_safe_f __P((char *, long
|
||||
static int tls_verify_log __P((int, X509_STORE_CTX *, const char *));
|
||||
|
||||
# if !NO_DH
|
||||
@ -24,7 +24,8 @@
|
||||
+ BIGNUM *g;
|
||||
+{
|
||||
+ dh->p=p;
|
||||
+ dh->q=q;
|
||||
+ if (q != NULL)
|
||||
+ dh->q=q;
|
||||
+ dh->g=g;
|
||||
+ return 1; /* success */
|
||||
+}
|
||||
@ -33,7 +34,7 @@
|
||||
static DH *get_dh512 __P((void));
|
||||
|
||||
static unsigned char dh512_p[] =
|
||||
@@ -64,13 +83,21 @@ static DH *
|
||||
@@ -64,13 +84,19 @@ static DH *
|
||||
get_dh512()
|
||||
{
|
||||
DH *dh = NULL;
|
||||
@ -45,8 +46,8 @@
|
||||
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||
- if ((dh->p == NULL) || (dh->g == NULL))
|
||||
- return NULL;
|
||||
+ dhp_bn=BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||
+ dhg_bn=BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||
+ dhp_bn = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||
+ dhg_bn = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||
+ if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
|
||||
+ {
|
||||
+ DH_free(dh);
|
||||
@ -54,12 +55,10 @@
|
||||
+ BN_free(dhg_bn);
|
||||
+ return(NULL);
|
||||
+ }
|
||||
+ BN_free(dhp_bn);
|
||||
+ BN_free(dhg_bn);
|
||||
return dh;
|
||||
}
|
||||
|
||||
@@ -117,16 +144,21 @@ get_dh2048()
|
||||
@@ -117,14 +143,17 @@ get_dh2048()
|
||||
};
|
||||
static unsigned char dh2048_g[]={ 0x02, };
|
||||
DH *dh;
|
||||
@ -70,8 +69,8 @@
|
||||
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
||||
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
||||
- if ((dh->p == NULL) || (dh->g == NULL))
|
||||
+ dhp_bn=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
||||
+ dhg_bn=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
||||
+ dhp_bn = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
||||
+ dhg_bn = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
||||
+ if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
|
||||
{
|
||||
DH_free(dh);
|
||||
@ -79,12 +78,8 @@
|
||||
+ BN_free(dhg_bn);
|
||||
return(NULL);
|
||||
}
|
||||
+ BN_free(dhp_bn);
|
||||
+ BN_free(dhg_bn);
|
||||
return(dh);
|
||||
}
|
||||
# endif /* !NO_DH */
|
||||
@@ -708,6 +740,44 @@ load_certkey(ssl, srv, certfile, keyfile
|
||||
@@ -708,6 +737,32 @@ load_certkey(ssl, srv, certfile, keyfile
|
||||
|
||||
static char server_session_id_context[] = "sendmail8";
|
||||
|
||||
@ -94,34 +89,22 @@
|
||||
+ int num;
|
||||
+ unsigned long e;
|
||||
+{
|
||||
+ RSA *rsa;
|
||||
+ RSA *rsa = NULL;
|
||||
+ BIGNUM *bn_rsa_r4;
|
||||
+ int rc;
|
||||
+
|
||||
+ rsa = RSA_new();
|
||||
+ if (rsa == NULL)
|
||||
+ {
|
||||
+ if (LogLevel > 0)
|
||||
+ sm_syslog(LOG_ERR, NOQID,
|
||||
+ "STARTTLS=server, tmp_rsa_key: RSA_new failed!");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ bn_rsa_r4 = BN_new();
|
||||
+ rc = BN_set_word(bn_rsa_r4, RSA_F4);
|
||||
+ if (rc == 0)
|
||||
+ if ((bn_rsa_r4 != NULL) && BN_set_word(bn_rsa_r4, RSA_F4) && (rsa = RSA_new()) != NULL)
|
||||
+ {
|
||||
+ if (LogLevel > 0)
|
||||
+ sm_syslog(LOG_ERR, NOQID,
|
||||
+ "STARTTLS=server, tmp_rsa_key: BN_set_word failed!");
|
||||
+ RSA_free(rsa);
|
||||
+ if (!RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL))
|
||||
+ {
|
||||
+ RSA_free(rsa);
|
||||
+ rsa = NULL;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ rc = RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL);
|
||||
+ BN_free(bn_rsa_r4);
|
||||
+ if (rc != 0)
|
||||
+ {
|
||||
+ RSA_free(rsa);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return rsa;
|
||||
+}
|
||||
+# endif /* !TLS_NO_RSA */
|
||||
@ -129,7 +112,7 @@
|
||||
/* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
|
||||
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1
|
||||
@@ -926,7 +996,7 @@ inittls(ctx, req, options, srv, certfile
|
||||
@@ -926,7 +981,7 @@ inittls(ctx, req, options, srv, certfile
|
||||
{
|
||||
/* get a pointer to the current certificate validation store */
|
||||
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
|
||||
@ -138,7 +121,7 @@
|
||||
if (crl_file != NULL)
|
||||
{
|
||||
if (BIO_read_filename(crl_file, CRLFile) >= 0)
|
||||
@@ -1003,8 +1073,7 @@ inittls(ctx, req, options, srv, certfile
|
||||
@@ -1003,8 +1058,7 @@ inittls(ctx, req, options, srv, certfile
|
||||
if (bitset(TLS_I_RSA_TMP, req)
|
||||
# if SM_CONF_SHM
|
||||
&& ShmId != SM_SHM_NO_ID &&
|
||||
@ -148,7 +131,7 @@
|
||||
# else /* SM_CONF_SHM */
|
||||
&& 0 /* no shared memory: no need to generate key now */
|
||||
# endif /* SM_CONF_SHM */
|
||||
@@ -1209,9 +1278,10 @@ inittls(ctx, req, options, srv, certfile
|
||||
@@ -1209,9 +1263,10 @@ inittls(ctx, req, options, srv, certfile
|
||||
if (tTd(96, 2))
|
||||
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
|
||||
|
||||
@ -161,7 +144,7 @@
|
||||
dh = DSA_dup_DH(dsa);
|
||||
DSA_free(dsa);
|
||||
}
|
||||
@@ -1744,7 +1814,7 @@ tmp_rsa_key(s, export, keylength)
|
||||
@@ -1744,7 +1799,7 @@ tmp_rsa_key(s, export, keylength)
|
||||
|
||||
if (rsa_tmp != NULL)
|
||||
RSA_free(rsa_tmp);
|
||||
@ -170,7 +153,7 @@
|
||||
if (rsa_tmp == NULL)
|
||||
{
|
||||
if (LogLevel > 0)
|
||||
@@ -1971,9 +2041,9 @@ x509_verify_cb(ok, ctx)
|
||||
@@ -1971,9 +2026,9 @@ x509_verify_cb(ok, ctx)
|
||||
{
|
||||
if (LogLevel > 13)
|
||||
tls_verify_log(ok, ctx, "x509");
|
||||
|
Loading…
Reference in New Issue
Block a user