summaryrefslogtreecommitdiffstats
path: root/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 19:05:44 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 19:05:44 +0000
commitb045529c40c83601909dca7b76a53498e9a70f33 (patch)
tree88371572105933fd950676c07b3a12163a0c9de0 /distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
parentInitial commit. (diff)
downloadknot-b045529c40c83601909dca7b76a53498e9a70f33.tar.xz
knot-b045529c40c83601909dca7b76a53498e9a70f33.zip
Adding upstream version 3.3.4.upstream/3.3.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch')
-rw-r--r--distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch67
1 files changed, 67 insertions, 0 deletions
diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
new file mode 100644
index 0000000..cbc5aa2
--- /dev/null
+++ b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
@@ -0,0 +1,67 @@
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 20 Mar 2023 14:57:54 +0100
+Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation
+
+diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
+index 5610865f6..555c495d9 100644
+--- a/src/libknot/quic/quic.c
++++ b/src/libknot/quic/quic.c
+@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size,
+ goto error;
+ }
+
+- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size);
++ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_x509_crt_deinit(cert);
+ goto error;
+diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c
+index 245dd3f96..6a2e7a986 100644
+--- a/src/utils/common/tls.c
++++ b/src/utils/common/tls.c
+@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
+
+ uint8_t cert_pin[CERT_PIN_LEN] = { 0 };
+ size_t cert_pin_size = sizeof(cert_pin);
+- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256,
++ ret = gnutls_x509_crt_get_key_id(cert, 0,
+ cert_pin, &cert_pin_size);
+ if (ret != 0) {
+ gnutls_x509_crt_deinit(cert);
+@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
+ }
+
+ // Check if correspond to a specified PIN.
+- bool match = check_pin(cert_pin, sizeof(cert_pin), pins);
++ bool match = check_pin(cert_pin, cert_pin_size, pins);
+ if (match) {
+ matches++;
+ }
+
+ uint8_t *txt_pin;
+- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin);
++ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin);
+ if (ret < 0) {
+ gnutls_x509_crt_deinit(cert);
+ return ret;
+ }
+- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
++ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
+ free(txt_pin);
+
+ gnutls_x509_crt_deinit(cert);
+diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c
+index 359b8b596..8fd33b011 100644
+--- a/src/utils/kdig/kdig_params.c
++++ b/src/utils/kdig/kdig_params.c
+@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query)
+ if (ret < 0) {
+ ERR("invalid +tls-pin=%s", arg);
+ return ret;
+- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value.
+- ERR("invalid sha256 hash length +tls-pin=%s", arg);
++ } else if (ret != 20) { // Check for 256-bit value.
++ ERR("invalid sha1 hash length +tls-pin=%s", arg);
+ return KNOT_EINVAL;
+ }
+