[OpenWrt-Devel] [PATCH] openssl: fix OPENSSL_config bug affecting wget
dedeckeh at gmail.com
Mon Apr 22 14:31:25 EDT 2019
On Mon, Apr 22, 2019 at 6:39 PM Eneas U de Queiroz via openwrt-devel
<openwrt-devel at lists.openwrt.org> wrote:
> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
> ---------- Forwarded message ----------
> From: Eneas U de Queiroz <cote2004-github at yahoo.com>
> To: openwrt-devel at lists.openwrt.org
> Cc: Eneas U de Queiroz <cote2004-github at yahoo.com>
> Date: Mon, 22 Apr 2019 13:38:37 -0300
> Subject: [PATCH] openssl: fix OPENSSL_config bug affecting wget
> This applies an upstream patch that fixes a OPENSSL_config() bug that
> causes SSL initialization to fail when the openssl.cnf file is not
> found. The config file is not installed by default.
> Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Patch applied; thx
> The config file is not installed by default as it is usually not needed.
> Without the patch, wget fails to initialize SSL:
> # wget https://google.com
> --2019-04-22 10:10:16-- https://google.com/
> Disabling SSL due to encountered errors.
> The patch was tested with wget on WRT3200ACM running current master.
> diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
> index 49cea8e45a..a82e16fa50 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -11,7 +11,7 @@ PKG_NAME:=openssl
> diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
> new file mode 100644
> index 0000000000..3923ac41da
> --- /dev/null
> +++ b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
> @@ -0,0 +1,31 @@
> +From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
> +From: Richard Levitte <levitte at openssl.org>
> +Date: Wed, 20 Mar 2019 10:18:13 +0100
> +Subject: [PATCH] OPENSSL_config(): restore error agnosticism
> +Great effort has been made to make initialization more configurable.
> +However, the behavior of OPENSSL_config() was lost in the process,
> +having it suddenly generate errors it didn't previously, which is not
> +how it's documented to behave.
> +A simple setting of default flags fixes this problem.
> +Fixes #8528
> +Reviewed-by: Matt Caswell <matt at openssl.org>
> +(Merged from https://github.com/openssl/openssl/pull/8533)
> +(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
> +diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
> +index 2ce42f0c67..3805c426d8 100644
> +--- a/crypto/conf/conf_sap.c
> ++++ b/crypto/conf/conf_sap.c
> +@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
> + memset(&settings, 0, sizeof(settings));
> + if (appname != NULL)
> + settings.appname = strdup(appname);
> ++ settings.flags = DEFAULT_CONF_MFLAGS;
> + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
> + }
> + #endif
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel