From 016acc24d45cee97fc9e23ef83c5213916b6f29f Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 22 Jul 2016 14:00:43 +0200 Subject: curl: valid-ip-is-enough-for-ssl-if-only-ip-is-given --- ...p-is-enough-for-ssl-if-only-ip-is-given.Pkgfile.patch | 16 ++++++++++++++++ ...id-ip-is-enough-for-ssl-if-only-ip-is-given.patch.new | 11 +++++++++++ core/curl/with-ca-path.Pkgfile.patch | 2 +- 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.Pkgfile.patch create mode 100644 core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.patch.new (limited to 'core') diff --git a/core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.Pkgfile.patch b/core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.Pkgfile.patch new file mode 100644 index 0000000..dce55dd --- /dev/null +++ b/core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.Pkgfile.patch @@ -0,0 +1,16 @@ +--- Pkgfile 2016-07-21 22:33:02.008231411 +0200 ++++ Pkgfile 2016-07-21 22:33:33.768262647 +0200 +@@ -6,10 +6,12 @@ + name=curl + version=7.50.0 + release=1 +-source=(http://curl.haxx.se/download/$name-$version.tar.lzma) ++source=(http://curl.haxx.se/download/$name-$version.tar.lzma ++ valid-ip-is-enough-for-ssl-if-only-ip-is-given.patch) + + build() { + cd $name-$version ++ patch -p0 -i ../valid-ip-is-enough-for-ssl-if-only-ip-is-given.patch + ./configure --prefix=/usr \ + --enable-ipv6 \ + --without-libidn \ diff --git a/core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.patch.new b/core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.patch.new new file mode 100644 index 0000000..e458c8c --- /dev/null +++ b/core/curl/valid-ip-is-enough-for-ssl-if-only-ip-is-given.patch.new @@ -0,0 +1,11 @@ +--- lib/vtls/openssl.c 2016-07-21 21:40:37.014958580 +0200 ++++ lib/vtls/openssl.c 2016-07-21 22:22:13.284274185 +0200 +@@ -1117,7 +1117,7 @@ + + /* If a subjectAltName extension of type dNSName is present, that MUST + be used as the identity. / RFC2818 section 3.1 */ +- if(check->type == GEN_DNS) ++ if(check->type == GEN_DNS && strcmp(conn->ip_addr_str,conn->host.name)) + dNSName = TRUE; + + /* only check alternatives of the same type the target is */ diff --git a/core/curl/with-ca-path.Pkgfile.patch b/core/curl/with-ca-path.Pkgfile.patch index 55ef20f..3529a90 100644 --- a/core/curl/with-ca-path.Pkgfile.patch +++ b/core/curl/with-ca-path.Pkgfile.patch @@ -1,6 +1,6 @@ --- Pkgfile 2016-04-27 21:29:05.981945202 +0200 +++ Pkgfile 2016-04-27 22:49:18.883588926 +0200 -@@ -15,6 +15,7 @@ +@@ -17,6 +17,7 @@ --without-libidn \ --without-cyassl \ --enable-threaded-resolver \ -- cgit v1.2.3-54-g00ecf