mirror of
https://github.com/yann64/haikuports.git
synced 2026-04-09 05:10:05 +02:00
192 lines
6.3 KiB
Plaintext
192 lines
6.3 KiB
Plaintext
From 14aca6f824c3fa48a0042609083ffa2bb08d9711 Mon Sep 17 00:00:00 2001
|
|
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
|
|
Date: Sat, 28 Mar 2020 10:17:16 +0100
|
|
Subject: Search for network functions in libnetwork
|
|
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 6e707e5..fe84d53 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -330,7 +330,7 @@ AC_ARG_ENABLE( getaddrinfo,
|
|
[do not use getaddrinfo for dns lookups [default use getaddrinfo]])],
|
|
[getaddrinfo="no"])
|
|
if test "x$getaddrinfo" = "xyes"; then
|
|
- AC_CHECK_FUNCS(getaddrinfo,,getaddrinfo="no")
|
|
+ AC_SEARCH_LIBS(getaddrinfo,network,,getaddrinfo="no")
|
|
fi
|
|
AC_MSG_CHECKING([whether to use getaddrinfo])
|
|
AC_MSG_RESULT($getaddrinfo)
|
|
@@ -339,6 +339,7 @@ dnl Checks for header files.
|
|
AC_HEADER_STDC
|
|
AC_CHECK_HEADERS(unistd.h strings.h errno.h arpa/nameser.h)
|
|
AC_CHECK_FUNCS(setsockopt,,[AC_CHECK_LIB(socket,setsockopt)])
|
|
+AC_CHECK_FUNCS(setsockopt,,[AC_CHECK_LIB(network,setsockopt)])
|
|
|
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
|
AC_C_CONST
|
|
--
|
|
2.37.3
|
|
|
|
|
|
From f93d15f6b273aabbcd81cf4e8e9e96820a319f25 Mon Sep 17 00:00:00 2001
|
|
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
|
|
Date: Sat, 28 Mar 2020 13:10:43 +0100
|
|
Subject: Hack for detecting libnetwork internal functions
|
|
|
|
These functions are found indirectly through #defines in the headers.
|
|
So a normal AC_SEARCH_LIBS does not work.
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index fe84d53..91bd9e0 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -220,7 +220,7 @@ else
|
|
else
|
|
AC_MSG_CHECKING([for res_querydomain in -lresolv (alternate version)])
|
|
save_libs="$LIBS"
|
|
- LIBS="-lresolv $LIBS"
|
|
+ LIBS="-lnetwork $LIBS"
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <resolv.h>]], [[res_querydomain(0,0,0,0,0,0)]])],
|
|
[AC_MSG_RESULT(yes)
|
|
AC_DEFINE(HAVE_RES_QUERYDOMAIN)
|
|
@@ -248,7 +248,7 @@ else
|
|
else
|
|
AC_MSG_CHECKING([for dn_skipname in -lresolv (alternate version)])
|
|
save_libs="$LIBS"
|
|
- LIBS="-lresolv $LIBS"
|
|
+ LIBS="-lnetwork $LIBS"
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <netinet/in.h>
|
|
#include <resolv.h>]], [[dn_skipname(0,0)]])],
|
|
[AC_MSG_RESULT(yes)
|
|
@@ -277,7 +277,7 @@ else
|
|
else
|
|
AC_MSG_CHECKING([for res_query in -lresolv (alternate version)])
|
|
save_libs="$LIBS"
|
|
- LIBS="-lresolv $LIBS"
|
|
+ LIBS="-lnetwork $LIBS"
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <resolv.h>]], [[res_query(0,0,0,0,0)]])],
|
|
[AC_MSG_RESULT(yes)
|
|
AC_DEFINE(HAVE_RES_QUERY)
|
|
--
|
|
2.37.3
|
|
|
|
|
|
From 73268b719739c73b5a4e4ecda2bdd9dffa7f1bea Mon Sep 17 00:00:00 2001
|
|
From: PulkoMandy <pulkomandy@pulkomandy.tk>
|
|
Date: Tue, 26 Sep 2023 20:31:10 +0200
|
|
Subject: Implement TLS-exporter channel binding type
|
|
|
|
As defined in RFC 9266.
|
|
|
|
Implemented in the OpenSSL backend only. Enabled when TLS 1.3 is in use, in other cases the
|
|
previous TLS-unique is used.
|
|
|
|
diff --git a/src/clientbase.cpp b/src/clientbase.cpp
|
|
index 3fe66f8..b08653b 100644
|
|
--- a/src/clientbase.cpp
|
|
+++ b/src/clientbase.cpp
|
|
@@ -503,7 +503,7 @@ namespace gloox
|
|
}
|
|
else // SaslMechScramSha1Plus
|
|
{
|
|
- m_gs2Header = "p=tls-unique,";
|
|
+ m_gs2Header = "p=" + m_encryption->channelBindingType() + ",";
|
|
a->addAttribute( "mechanism", "SCRAM-SHA-1-PLUS" );
|
|
}
|
|
|
|
diff --git a/src/tlsbase.h b/src/tlsbase.h
|
|
index d0b6dc6..e7c6cf6 100644
|
|
--- a/src/tlsbase.h
|
|
+++ b/src/tlsbase.h
|
|
@@ -116,6 +116,8 @@ namespace gloox
|
|
*/
|
|
virtual const std::string channelBinding() const { return EmptyString; }
|
|
|
|
+ virtual const std::string channelBindingType() const { return "tls-unique"; }
|
|
+
|
|
/**
|
|
* Use this function to set a number of trusted root CA certificates which shall be
|
|
* used to verify a servers certificate.
|
|
diff --git a/src/tlsdefault.cpp b/src/tlsdefault.cpp
|
|
index adcd644..3d545ee 100644
|
|
--- a/src/tlsdefault.cpp
|
|
+++ b/src/tlsdefault.cpp
|
|
@@ -136,6 +136,11 @@ namespace gloox
|
|
return m_impl ? m_impl->channelBinding() : EmptyString;
|
|
}
|
|
|
|
+ const std::string TLSDefault::channelBindingType() const
|
|
+ {
|
|
+ return m_impl ? m_impl->channelBindingType() : "tls-unique";
|
|
+ }
|
|
+
|
|
void TLSDefault::setCACerts( const StringList& cacerts )
|
|
{
|
|
if( m_impl )
|
|
diff --git a/src/tlsdefault.h b/src/tlsdefault.h
|
|
index 50432b9..9bce81d 100644
|
|
--- a/src/tlsdefault.h
|
|
+++ b/src/tlsdefault.h
|
|
@@ -87,6 +87,9 @@ namespace gloox
|
|
// reimplemented from TLSBase
|
|
virtual const std::string channelBinding() const;
|
|
|
|
+ // reimplemented from TLSBase
|
|
+ virtual const std::string channelBindingType() const;
|
|
+
|
|
// reimplemented from TLSBase
|
|
virtual void setCACerts( const StringList& cacerts );
|
|
|
|
diff --git a/src/tlsopensslclient.cpp b/src/tlsopensslclient.cpp
|
|
index ac30e18..d0fb3ff 100644
|
|
--- a/src/tlsopensslclient.cpp
|
|
+++ b/src/tlsopensslclient.cpp
|
|
@@ -46,9 +46,26 @@ namespace gloox
|
|
|
|
const std::string OpenSSLClient::channelBinding() const
|
|
{
|
|
- unsigned char* buf[128];
|
|
- long res = SSL_get_finished( m_ssl, buf, 128 );
|
|
- return std::string( reinterpret_cast<char*>( buf ), res );
|
|
+
|
|
+ if (SSL_version(m_ssl) == TLS1_3_VERSION) {
|
|
+ unsigned char buf[32];
|
|
+ const char* const label = "EXPORTER-Channel-Binding";
|
|
+ SSL_export_keying_material( m_ssl, buf, 32, label, strlen(label), { 0 }, 1, 0);
|
|
+ return std::string( reinterpret_cast<char* const>( buf ), 32);
|
|
+ } else {
|
|
+ unsigned char* buf[128];
|
|
+ long res = SSL_get_finished( m_ssl, buf, 128 );
|
|
+ return std::string( reinterpret_cast<char*>( buf ), res );
|
|
+ }
|
|
+ }
|
|
+
|
|
+ const std::string OpenSSLClient::channelBindingType() const
|
|
+ {
|
|
+ if (SSL_version(m_ssl) == TLS1_3_VERSION) {
|
|
+ return "tls-exporter";
|
|
+ } else {
|
|
+ return "tls-unique";
|
|
+ }
|
|
}
|
|
|
|
int OpenSSLClient::handshakeFunction()
|
|
diff --git a/src/tlsopensslclient.h b/src/tlsopensslclient.h
|
|
index e8ac22d..81463d5 100644
|
|
--- a/src/tlsopensslclient.h
|
|
+++ b/src/tlsopensslclient.h
|
|
@@ -53,6 +53,9 @@ namespace gloox
|
|
// reimplemented from TLSBase
|
|
virtual const std::string channelBinding() const;
|
|
|
|
+ // reimplemented from TLSBase
|
|
+ virtual const std::string channelBindingType() const;
|
|
+
|
|
private:
|
|
// reimplemented from OpenSSLBase
|
|
virtual bool setType();
|
|
--
|
|
2.37.3
|
|
|