git: e11bc4726338 - main - mail/opensmtpd: Use the correct OpenSSL idiom to load the trust store.

Reply: Pietro Cerutti : "Re: git: e11bc4726338 - main - mail/opensmtpd: Use the correct OpenSSL idiom to load the trust store."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Fri, 27 Oct 2023 09:16:49 UTC

The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e11bc472633868a658ecbb8176b2b3ede4ae6e0d

commit e11bc472633868a658ecbb8176b2b3ede4ae6e0d
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2023-10-27 09:16:29 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2023-10-27 09:16:43 +0000

    mail/opensmtpd: Use the correct OpenSSL idiom to load the trust store.
    
    Fixes:          bde578cbfcf9
    PR:             274322
    MFH:            2023Q4
    Approved by:    fluffy
    Differential Revision:  https://reviews.freebsd.org/D42123
---
 mail/opensmtpd/Makefile                                |  2 +-
 mail/opensmtpd/files/patch-mk_smtpd_Makefile.in        |  6 +++---
 mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c | 16 ++++++++++++++++
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/mail/opensmtpd/Makefile b/mail/opensmtpd/Makefile
index 771230a5b80e..4bf5a859e556 100644
--- a/mail/opensmtpd/Makefile
+++ b/mail/opensmtpd/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	opensmtpd
 PORTVERSION=	7.3.0
-PORTREVISION=	1
+PORTREVISION=	2
 DISTVERSIONSUFFIX=	p2
 PORTEPOCH=	1
 CATEGORIES=	mail
diff --git a/mail/opensmtpd/files/patch-mk_smtpd_Makefile.in b/mail/opensmtpd/files/patch-mk_smtpd_Makefile.in
index e1597ed92f0e..3604c0868c76 100644
--- a/mail/opensmtpd/files/patch-mk_smtpd_Makefile.in
+++ b/mail/opensmtpd/files/patch-mk_smtpd_Makefile.in
@@ -1,8 +1,8 @@
---- mk/smtpd/Makefile.in.orig	2019-10-26 11:56:36 UTC
+--- mk/smtpd/Makefile.in.orig	2023-09-16 18:13:47 UTC
 +++ mk/smtpd/Makefile.in
-@@ -1404,13 +1404,7 @@ install-exec-hook: $(CONFIGFILES) $(MANPAGES)
- 	$(MKDIR_P) $(DESTDIR)$(bindir)
+@@ -1471,13 +1471,7 @@ install-exec-hook: $(CONFIGFILES) $(MANPAGES)
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+ 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)7
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
 -
 -	@if [ ! -f $(DESTDIR)$(sysconfdir)/smtpd.conf ]; then			\
diff --git a/mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c b/mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c
new file mode 100644
index 000000000000..cd033b41dace
--- /dev/null
+++ b/mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c
@@ -0,0 +1,16 @@
+--- openbsd-compat/libtls/tls.c.orig	2023-09-16 18:11:28 UTC
++++ openbsd-compat/libtls/tls.c
+@@ -584,10 +584,10 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl
+ 
+ 	/* If no CA has been specified, attempt to load the default. */
+ 	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
+-		if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
+-		    &ca_mem, &ca_len) != 0)
++		if (!SSL_CTX_set_default_verify_paths(ssl_ctx)) {
++			tls_set_error(ctx, "failed to load default trust store");
+ 			goto err;
+-		ca_free = ca_mem;
++		}
+ 	}
+ 
+ 	if (ca_mem != NULL) {