[OpenWrt-Devel] [PATCH] openssl: fix OPENSSL_config bug affecting wget

Hans Dedecker dedeckeh at gmail.com
Mon Apr 22 14:31:25 EDT 2019


On Mon, Apr 22, 2019 at 6:39 PM Eneas U de Queiroz via openwrt-devel
<openwrt-devel at lists.openwrt.org> wrote:
>
> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
>
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
>
>
> ---------- Forwarded message ----------
> From: Eneas U de Queiroz <cote2004-github at yahoo.com>
> To: openwrt-devel at lists.openwrt.org
> Cc: Eneas U de Queiroz <cote2004-github at yahoo.com>
> Bcc:
> Date: Mon, 22 Apr 2019 13:38:37 -0300
> Subject: [PATCH] openssl: fix OPENSSL_config bug affecting wget
> This applies an upstream patch that fixes a OPENSSL_config() bug that
> causes SSL initialization to fail when the openssl.cnf file is not
> found.  The config file is not installed by default.
>
> Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Patch applied; thx

Hans

> ---
> The config file is not installed by default as it is usually not needed.
>
> Without the patch, wget fails to initialize SSL:
> # wget https://google.com
> --2019-04-22 10:10:16--  https://google.com/
> Disabling SSL due to encountered errors.
>
> The patch was tested with wget on WRT3200ACM running current master.
>
> diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
> index 49cea8e45a..a82e16fa50 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -11,7 +11,7 @@ PKG_NAME:=openssl
>  PKG_BASE:=1.1.1
>  PKG_BUGFIX:=b
>  PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
> -PKG_RELEASE:=4
> +PKG_RELEASE:=5
>  PKG_USE_MIPS16:=0
>  ENGINES_DIR=engines-1.1
>
> diff --git a/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
> new file mode 100644
> index 0000000000..3923ac41da
> --- /dev/null
> +++ b/package/libs/openssl/patches/200-OPENSSL_config-restore-error-agnosticism.patch
> @@ -0,0 +1,31 @@
> +From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
> +From: Richard Levitte <levitte at openssl.org>
> +Date: Wed, 20 Mar 2019 10:18:13 +0100
> +Subject: [PATCH] OPENSSL_config(): restore error agnosticism
> +
> +Great effort has been made to make initialization more configurable.
> +However, the behavior of OPENSSL_config() was lost in the process,
> +having it suddenly generate errors it didn't previously, which is not
> +how it's documented to behave.
> +
> +A simple setting of default flags fixes this problem.
> +
> +Fixes #8528
> +
> +Reviewed-by: Matt Caswell <matt at openssl.org>
> +(Merged from https://github.com/openssl/openssl/pull/8533)
> +
> +(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
> +
> +diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
> +index 2ce42f0c67..3805c426d8 100644
> +--- a/crypto/conf/conf_sap.c
> ++++ b/crypto/conf/conf_sap.c
> +@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
> +     memset(&settings, 0, sizeof(settings));
> +     if (appname != NULL)
> +         settings.appname = strdup(appname);
> ++    settings.flags = DEFAULT_CONF_MFLAGS;
> +     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
> + }
> + #endif
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list