1 |
commit: fe87ccdf589165221731be9d02fa9a1a576356ed |
2 |
Author: Craig Andrews <candrews <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 29 01:41:03 2018 +0000 |
4 |
Commit: Craig Andrews <candrews <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 2 00:31:53 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe87ccdf |
7 |
|
8 |
net-analyzer/ettercap: openssl 1.1 compatiblity, EAPI=6, fix tests |
9 |
|
10 |
Closes: https://bugs.gentoo.org/673222 |
11 |
Package-Manager: Portage-2.3.53, Repoman-2.3.12 |
12 |
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org> |
13 |
|
14 |
...tercap-9999.ebuild => ettercap-0.8.2-r2.ebuild} | 33 +-- |
15 |
net-analyzer/ettercap/ettercap-9999.ebuild | 29 ++- |
16 |
.../files/ettercap-0.8.2-openssl-1.1.patch | 254 +++++++++++++++++++++ |
17 |
3 files changed, 284 insertions(+), 32 deletions(-) |
18 |
|
19 |
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild |
20 |
similarity index 65% |
21 |
copy from net-analyzer/ettercap/ettercap-9999.ebuild |
22 |
copy to net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild |
23 |
index c8f2e6e8f41..6fa10f902c2 100644 |
24 |
--- a/net-analyzer/ettercap/ettercap-9999.ebuild |
25 |
+++ b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild |
26 |
@@ -1,7 +1,7 @@ |
27 |
-# Copyright 1999-2017 Gentoo Foundation |
28 |
+# Copyright 1999-2018 Gentoo Authors |
29 |
# Distributed under the terms of the GNU General Public License v2 |
30 |
|
31 |
-EAPI=5 |
32 |
+EAPI=6 |
33 |
|
34 |
inherit cmake-utils |
35 |
|
36 |
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then |
37 |
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git" |
38 |
else |
39 |
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work |
40 |
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd" |
41 |
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
42 |
fi |
43 |
-#IUSE="doc gtk ipv6 ncurses +plugins test" |
44 |
-IUSE="doc gtk ipv6 libressl ncurses +plugins" |
45 |
+ |
46 |
+IUSE="doc gtk ipv6 libressl ncurses +plugins test" |
47 |
|
48 |
RDEPEND="dev-libs/libbsd |
49 |
dev-libs/libpcre |
50 |
@@ -37,13 +37,18 @@ RDEPEND="dev-libs/libbsd |
51 |
>=x11-libs/gtk+-2.2.2:2 |
52 |
>=x11-libs/pango-1.2.3 |
53 |
) |
54 |
- ncurses? ( sys-libs/ncurses:0= ) |
55 |
+ ncurses? ( >=sys-libs/ncurses-5.3:= ) |
56 |
plugins? ( >=net-misc/curl-7.26.0 )" |
57 |
DEPEND="${RDEPEND} |
58 |
doc? ( app-text/ghostscript-gpl |
59 |
sys-apps/groff ) |
60 |
+ test? ( dev-libs/check ) |
61 |
sys-devel/flex |
62 |
virtual/yacc" |
63 |
+PATCHES=( |
64 |
+ "${FILESDIR}"/cve-2017-6430.patch |
65 |
+ "${FILESDIR}"/${P}-openssl-1.1.patch |
66 |
+) |
67 |
|
68 |
src_prepare() { |
69 |
sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die |
70 |
@@ -52,21 +57,17 @@ src_prepare() { |
71 |
|
72 |
src_configure() { |
73 |
local mycmakeargs=( |
74 |
- $(cmake-utils_use_enable ncurses CURSES) |
75 |
- $(cmake-utils_use_enable gtk) |
76 |
- $(cmake-utils_use_enable plugins) |
77 |
- $(cmake-utils_use_enable ipv6) |
78 |
- $(cmake-utils_use_enable doc PDF_DOCS) |
79 |
+ -DENABLE_CURSES="$(usex ncurses)" |
80 |
+ -DENABLE_GTK="$(usex gtk)" |
81 |
+ -DENABLE_PLUGINS="$(usex plugins)" |
82 |
+ -DENABLE_IPV6="$(usex ipv6)" |
83 |
+ -DENABLE_TESTS="$(usex test)" |
84 |
+ -DENABLE_PDF_DOCS="$(usex doc)" |
85 |
-DBUNDLED_LIBS=OFF |
86 |
-DSYSTEM_LIBS=ON |
87 |
-DINSTALL_SYSCONFDIR="${EROOT}"etc |
88 |
) |
89 |
#right now we only support gtk2, but ettercap also supports gtk3 |
90 |
#do we care? do we want to support both? |
91 |
- |
92 |
- #we want to enable testing but it fails right now |
93 |
- #we want to disable the bundled crap, but we are missing at least "libcheck" |
94 |
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version |
95 |
- #$(cmake-utils_use_enable test TESTS) |
96 |
cmake-utils_src_configure |
97 |
} |
98 |
|
99 |
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-9999.ebuild |
100 |
index c8f2e6e8f41..b83933eda5d 100644 |
101 |
--- a/net-analyzer/ettercap/ettercap-9999.ebuild |
102 |
+++ b/net-analyzer/ettercap/ettercap-9999.ebuild |
103 |
@@ -1,7 +1,7 @@ |
104 |
-# Copyright 1999-2017 Gentoo Foundation |
105 |
+# Copyright 1999-2018 Gentoo Authors |
106 |
# Distributed under the terms of the GNU General Public License v2 |
107 |
|
108 |
-EAPI=5 |
109 |
+EAPI=6 |
110 |
|
111 |
inherit cmake-utils |
112 |
|
113 |
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then |
114 |
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git" |
115 |
else |
116 |
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work |
117 |
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd" |
118 |
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
119 |
fi |
120 |
-#IUSE="doc gtk ipv6 ncurses +plugins test" |
121 |
-IUSE="doc gtk ipv6 libressl ncurses +plugins" |
122 |
+ |
123 |
+IUSE="doc gtk ipv6 libressl ncurses +plugins test" |
124 |
|
125 |
RDEPEND="dev-libs/libbsd |
126 |
dev-libs/libpcre |
127 |
@@ -37,11 +37,12 @@ RDEPEND="dev-libs/libbsd |
128 |
>=x11-libs/gtk+-2.2.2:2 |
129 |
>=x11-libs/pango-1.2.3 |
130 |
) |
131 |
- ncurses? ( sys-libs/ncurses:0= ) |
132 |
+ ncurses? ( >=sys-libs/ncurses-5.3:= ) |
133 |
plugins? ( >=net-misc/curl-7.26.0 )" |
134 |
DEPEND="${RDEPEND} |
135 |
doc? ( app-text/ghostscript-gpl |
136 |
sys-apps/groff ) |
137 |
+ test? ( dev-libs/check ) |
138 |
sys-devel/flex |
139 |
virtual/yacc" |
140 |
|
141 |
@@ -52,21 +53,17 @@ src_prepare() { |
142 |
|
143 |
src_configure() { |
144 |
local mycmakeargs=( |
145 |
- $(cmake-utils_use_enable ncurses CURSES) |
146 |
- $(cmake-utils_use_enable gtk) |
147 |
- $(cmake-utils_use_enable plugins) |
148 |
- $(cmake-utils_use_enable ipv6) |
149 |
- $(cmake-utils_use_enable doc PDF_DOCS) |
150 |
+ -DENABLE_CURSES="$(usex ncurses)" |
151 |
+ -DENABLE_GTK="$(usex gtk)" |
152 |
+ -DENABLE_PLUGINS="$(usex plugins)" |
153 |
+ -DENABLE_IPV6="$(usex ipv6)" |
154 |
+ -DENABLE_TESTS="$(usex test)" |
155 |
+ -DENABLE_PDF_DOCS="$(usex doc)" |
156 |
-DBUNDLED_LIBS=OFF |
157 |
-DSYSTEM_LIBS=ON |
158 |
-DINSTALL_SYSCONFDIR="${EROOT}"etc |
159 |
) |
160 |
#right now we only support gtk2, but ettercap also supports gtk3 |
161 |
#do we care? do we want to support both? |
162 |
- |
163 |
- #we want to enable testing but it fails right now |
164 |
- #we want to disable the bundled crap, but we are missing at least "libcheck" |
165 |
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version |
166 |
- #$(cmake-utils_use_enable test TESTS) |
167 |
cmake-utils_src_configure |
168 |
} |
169 |
|
170 |
diff --git a/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch |
171 |
new file mode 100644 |
172 |
index 00000000000..b7703d3ef5c |
173 |
--- /dev/null |
174 |
+++ b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch |
175 |
@@ -0,0 +1,254 @@ |
176 |
+From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001 |
177 |
+From: Gianfranco Costamagna <costamagnagianfranco@×××××.it> |
178 |
+Date: Mon, 27 Jun 2016 12:41:33 +0200 |
179 |
+Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from |
180 |
+ https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc) |
181 |
+ Closes: #739 |
182 |
+ |
183 |
+--- |
184 |
+ src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++- |
185 |
+ src/ec_sslwrap.c | 14 ++++++++ |
186 |
+ 2 files changed, 106 insertions(+), 1 deletion(-) |
187 |
+ |
188 |
+Index: ettercap-0.8.2/src/dissectors/ec_ssh.c |
189 |
+=================================================================== |
190 |
+--- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c |
191 |
++++ ettercap-0.8.2/src/dissectors/ec_ssh.c |
192 |
+@@ -36,6 +36,10 @@ |
193 |
+ #include <openssl/md5.h> |
194 |
+ #include <zlib.h> |
195 |
+ |
196 |
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
197 |
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ |
198 |
++#endif |
199 |
++ |
200 |
+ #define SMSG_PUBLIC_KEY 2 |
201 |
+ #define CMSG_SESSION_KEY 3 |
202 |
+ #define CMSG_USER 4 |
203 |
+@@ -138,6 +142,11 @@ |
204 |
+ char tmp[MAX_ASCII_ADDR_LEN]; |
205 |
+ u_int32 ssh_len, ssh_mod; |
206 |
+ u_char ssh_packet_type, *ptr, *key_to_put; |
207 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
208 |
++ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n; |
209 |
++ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e; |
210 |
++ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d; |
211 |
++#endif |
212 |
+ |
213 |
+ /* don't complain about unused var */ |
214 |
+ (void) DECODE_DATA; |
215 |
+@@ -383,12 +392,25 @@ |
216 |
+ if (session_data->ptrkey == NULL) { |
217 |
+ /* Initialize RSA key structures (other fileds are set to 0) */ |
218 |
+ session_data->serverkey = RSA_new(); |
219 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
220 |
++ s_n = BN_new(); |
221 |
++ s_e = BN_new(); |
222 |
++ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d); |
223 |
++#else |
224 |
+ session_data->serverkey->n = BN_new(); |
225 |
+ session_data->serverkey->e = BN_new(); |
226 |
++#endif |
227 |
+ |
228 |
+ session_data->hostkey = RSA_new(); |
229 |
++ |
230 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
231 |
++ h_n = BN_new(); |
232 |
++ h_e = BN_new(); |
233 |
++ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d); |
234 |
++#else |
235 |
+ session_data->hostkey->n = BN_new(); |
236 |
+ session_data->hostkey->e = BN_new(); |
237 |
++#endif |
238 |
+ |
239 |
+ /* Get the RSA Key from the packet */ |
240 |
+ NS_GET32(server_mod,ptr); |
241 |
+@@ -396,19 +418,37 @@ |
242 |
+ DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); |
243 |
+ return NULL; |
244 |
+ } |
245 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
246 |
++ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d); |
247 |
++ get_bn(s_e, &ptr); |
248 |
++ get_bn(s_n, &ptr); |
249 |
++#else |
250 |
+ get_bn(session_data->serverkey->e, &ptr); |
251 |
+ get_bn(session_data->serverkey->n, &ptr); |
252 |
++#endif |
253 |
+ |
254 |
+ NS_GET32(host_mod,ptr); |
255 |
+ if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { |
256 |
+ DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); |
257 |
+ return NULL; |
258 |
+ } |
259 |
++ |
260 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
261 |
++ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d); |
262 |
++ get_bn(h_e, &ptr); |
263 |
++ get_bn(h_n, &ptr); |
264 |
++#else |
265 |
+ get_bn(session_data->hostkey->e, &ptr); |
266 |
+ get_bn(session_data->hostkey->n, &ptr); |
267 |
++#endif |
268 |
+ |
269 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
270 |
++ server_exp = BN_get_word(s_e); |
271 |
++ host_exp = BN_get_word(h_e); |
272 |
++#else |
273 |
+ server_exp = *(session_data->serverkey->e->d); |
274 |
+ host_exp = *(session_data->hostkey->e->d); |
275 |
++#endif |
276 |
+ |
277 |
+ /* Check if we already have a suitable RSA key to substitute */ |
278 |
+ index_ssl = &ssh_conn_key; |
279 |
+@@ -424,7 +464,7 @@ |
280 |
+ SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); |
281 |
+ |
282 |
+ /* Generate the new key */ |
283 |
+- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL); |
284 |
++ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL); |
285 |
+ (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); |
286 |
+ (*index_ssl)->server_mod = server_mod; |
287 |
+ (*index_ssl)->host_mod = host_mod; |
288 |
+@@ -443,11 +483,25 @@ |
289 |
+ |
290 |
+ /* Put our RSA key in the packet */ |
291 |
+ key_to_put+=4; |
292 |
++ |
293 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
294 |
++ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d); |
295 |
++ put_bn(m_s_e, &key_to_put); |
296 |
++ put_bn(m_s_n, &key_to_put); |
297 |
++#else |
298 |
+ put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); |
299 |
+ put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); |
300 |
++#endif |
301 |
+ key_to_put+=4; |
302 |
++ |
303 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
304 |
++ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d); |
305 |
++ put_bn(m_h_e, &key_to_put); |
306 |
++ put_bn(m_h_n, &key_to_put); |
307 |
++#else |
308 |
+ put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); |
309 |
+ put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); |
310 |
++#endif |
311 |
+ |
312 |
+ /* Recalculate SSH crc */ |
313 |
+ *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); |
314 |
+@@ -482,19 +536,34 @@ |
315 |
+ key_to_put = ptr; |
316 |
+ |
317 |
+ /* Calculate real session id and our fake session id */ |
318 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
319 |
++ temp_session_id = ssh_session_id(cookie, h_n, s_n); |
320 |
++#else |
321 |
+ temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); |
322 |
++#endif |
323 |
+ if (temp_session_id) |
324 |
+ memcpy(session_id1, temp_session_id, 16); |
325 |
++ |
326 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
327 |
++ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n); |
328 |
++#else |
329 |
+ temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); |
330 |
++#endif |
331 |
++ |
332 |
+ if (temp_session_id) |
333 |
+ memcpy(session_id2, temp_session_id, 16); |
334 |
+ |
335 |
+ /* Get the session key */ |
336 |
+ enckey = BN_new(); |
337 |
++ |
338 |
+ get_bn(enckey, &ptr); |
339 |
+ |
340 |
+ /* Decrypt session key */ |
341 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
342 |
++ if (BN_cmp(m_s_n, m_h_n) > 0) { |
343 |
++#else |
344 |
+ if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { |
345 |
++#endif |
346 |
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); |
347 |
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); |
348 |
+ } else { |
349 |
+@@ -534,7 +603,11 @@ |
350 |
+ BN_add_word(bn, sesskey[i]); |
351 |
+ } |
352 |
+ |
353 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
354 |
++ if (BN_cmp(s_n, h_n) < 0) { |
355 |
++#else |
356 |
+ if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { |
357 |
++#endif |
358 |
+ rsa_public_encrypt(bn, bn, session_data->serverkey); |
359 |
+ rsa_public_encrypt(bn, bn, session_data->hostkey); |
360 |
+ } else { |
361 |
+@@ -716,7 +789,16 @@ |
362 |
+ u_char *inbuf, *outbuf; |
363 |
+ int32 len, ilen, olen; |
364 |
+ |
365 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
366 |
++ BIGNUM *n; |
367 |
++ BIGNUM *e; |
368 |
++ BIGNUM *d; |
369 |
++ RSA_get0_key(key, &n, &e, &d); |
370 |
++ olen = BN_num_bytes(n); |
371 |
++#else |
372 |
+ olen = BN_num_bytes(key->n); |
373 |
++#endif |
374 |
++ |
375 |
+ outbuf = malloc(olen); |
376 |
+ if (outbuf == NULL) /* oops, couldn't allocate memory */ |
377 |
+ return; |
378 |
+@@ -744,7 +826,16 @@ |
379 |
+ u_char *inbuf, *outbuf; |
380 |
+ int32 len, ilen, olen; |
381 |
+ |
382 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
383 |
++ BIGNUM *n; |
384 |
++ BIGNUM *e; |
385 |
++ BIGNUM *d; |
386 |
++ RSA_get0_key(key, &n, &e, &d); |
387 |
++ olen = BN_num_bytes(n); |
388 |
++#else |
389 |
+ olen = BN_num_bytes(key->n); |
390 |
++#endif |
391 |
++ |
392 |
+ outbuf = malloc(olen); |
393 |
+ if (outbuf == NULL) /* oops, couldn't allocate memory */ |
394 |
+ return; |
395 |
+Index: ettercap-0.8.2/src/ec_sslwrap.c |
396 |
+=================================================================== |
397 |
+--- ettercap-0.8.2.orig/src/ec_sslwrap.c |
398 |
++++ ettercap-0.8.2/src/ec_sslwrap.c |
399 |
+@@ -53,6 +53,10 @@ |
400 |
+ #define OPENSSL_NO_KRB5 1 |
401 |
+ #include <openssl/ssl.h> |
402 |
+ |
403 |
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
404 |
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ |
405 |
++#endif |
406 |
++ |
407 |
+ #define BREAK_ON_ERROR(x,y,z) do { \ |
408 |
+ if (x == -E_INVALID) { \ |
409 |
+ SAFE_FREE(z.DATA.disp_data); \ |
410 |
+@@ -974,9 +978,19 @@ |
411 |
+ index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1); |
412 |
+ if (index >=0) { |
413 |
+ ext = X509_get_ext(server_cert, index); |
414 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
415 |
++ ASN1_OCTET_STRING* os; |
416 |
++ os = X509_EXTENSION_get_data (ext); |
417 |
++#endif |
418 |
+ if (ext) { |
419 |
++#ifdef HAVE_OPAQUE_RSA_DSA_DH |
420 |
++ os->data[7] = 0xe7; |
421 |
++ os->data[8] = 0x7e; |
422 |
++ X509_EXTENSION_set_data (ext, os); |
423 |
++#else |
424 |
+ ext->value->data[7] = 0xe7; |
425 |
+ ext->value->data[8] = 0x7e; |
426 |
++#endif |
427 |
+ X509_add_ext(out_cert, ext, -1); |
428 |
+ } |
429 |
+ } |