git: 6fe12ab2c86d - main - net/freeradius3: Fix certificate parsing

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ryan Steinmetz <zi_at_FreeBSD.org>
Date: Sat, 14 Jan 2023 14:20:39 UTC
The branch main has been updated by zi:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6fe12ab2c86d2ac9801365840193637256d51f71

commit 6fe12ab2c86d2ac9801365840193637256d51f71
Author:     Ryan Steinmetz <zi@FreeBSD.org>
AuthorDate: 2023-01-14 14:17:43 +0000
Commit:     Ryan Steinmetz <zi@FreeBSD.org>
CommitDate: 2023-01-14 14:20:02 +0000

    net/freeradius3: Fix certificate parsing
    
    - Bump PORTREVISION
    - Attempt fix for OPNSense packaging
    
    PR:             268951
    Obtained from:  upstream/3d08027f30c6d9c1eaccf7d60c68c8f7d78017c3
---
 net/freeradius3/Makefile                   |  3 ++-
 net/freeradius3/files/patch-src_main_tls.c | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 1ea59d825cc5..8c665fb6f8df 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	freeradius
 DISTVERSION=	3.2.1
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${DISTVERSION:S/./_/g}/ \
 		https://freeradius.org/ftp/pub/radius/%SUBDIR%/ \
@@ -314,6 +315,6 @@ post-build:
 	@${FIND} ${WRKSRC}/build/bin -type f -exec ${STRIP_CMD} {} \;
 
 post-install:
-	${MKDIR} ${STAGEDIR}/var/run/radiusd
+	${MKDIR} ${STAGEDIR}/var/run/radiusd ${STAGEDIR}/var/log/radacct
 
 .include <bsd.port.post.mk>
diff --git a/net/freeradius3/files/patch-src_main_tls.c b/net/freeradius3/files/patch-src_main_tls.c
new file mode 100644
index 000000000000..f4e200d29657
--- /dev/null
+++ b/net/freeradius3/files/patch-src_main_tls.c
@@ -0,0 +1,18 @@
+--- src/main/tls.c.orig	2022-10-03 21:51:59 UTC
++++ src/main/tls.c
+@@ -3015,7 +3015,14 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ 	 */
+ 	if (lookup > 1) {
+ 		if (!my_ok) lookup = 1;
+-	} else {
++
++	} else if (lookup == 0) {
++		/*
++		 *	This flag is only set for outbound
++		 *	connections.  And then allows us to remap SSL
++		 *	offset 0 (server) to our offset 1 (also
++		 *	server).
++		 */
+ 		lookup = (SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_FIX_CERT_ORDER) != NULL);
+ 	}
+