Hi Chris, this seems to be mostly the same patch like debian/patches/0011_build_with_openssl_1.1.patch which was previously in cfengine3 but made cf-serverd crash when connected from a version 3.6 or lower client using legecy ssl connection mode.
See Bug #862903 Christoph Am 26.07.2017 um 20:43 schrieb Chris West: > Control: tags -1 + patch > > The attached patch fixes the build with OpenSSL 1.1. > > I have submitted a very similar patch upstream; against master: > https://github.com/cfengine/core/pull/2890 > > This mostly involves just a few small changes in how APIs work; using > accessors, or not having stack allocated objects. > > The major changes for review are: > > * `tls_generic_test.c` just cannot work anymore. It is reimplementing > an old version of OpenSSL, relying too heavily on the OpenSSL > internals, which are no-longer exposed. I have removed it from > `Makefile.am`, but not deleted the code. I attempted to port it, > but it's pretty impossible. > * The `session_key` changes in `libcfnet/client_protocol.c` look like > they leak a `malloc`, but they don't; the `session_key` is > eventually freed by normal libc-`free` already; making assumptions > about old OpenSSL internals. This code is actually arguably more > correct like this. > * I have deleted the key type checks in `libcfnet/tls_generic.c`. The > functions that are called immediately after this are documented to > safely fail if the key is not of the right format. Checking the > type directly isn't really supported anymore. > > This passes dpkg-buildpackage, which runs the unit tests, in my sid chroot. > > Chris. > -- ============================================================================ Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber: mar...@jabber.uni-mainz.de (Siehe http://www.zdv.uni-mainz.de/4010.php)
<<attachment: martin.vcf>>
signature.asc
Description: OpenPGP digital signature
