From 3a94b2aac53c53c910b65e57928e512ee1c8f85b Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Tue, 4 Mar 2025 21:24:43 +0100 Subject: pkgs/fetchmail-common-name: Patch fetchmail to accept certificates without common name Pebble gives you SAN only certificates. --- pkgs/by-name/fe/fetchmail-common-name/package.nix | 15 ++++++++ ...c-Correctly-check-the-common-name-even-if.patch | 40 ++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 pkgs/by-name/fe/fetchmail-common-name/package.nix create mode 100644 pkgs/by-name/fe/fetchmail-common-name/patches/fix-socket.c-Correctly-check-the-common-name-even-if.patch diff --git a/pkgs/by-name/fe/fetchmail-common-name/package.nix b/pkgs/by-name/fe/fetchmail-common-name/package.nix new file mode 100644 index 0000000..9e89bed --- /dev/null +++ b/pkgs/by-name/fe/fetchmail-common-name/package.nix @@ -0,0 +1,15 @@ +{ + pkgs, + callPackage, +}: +pkgs.fetchmail.overrideAttrs (final: prev: { + pname = "fetchmail-common-name"; + + patches = + (prev.patches or []) + ++ [ + ./patches/fix-socket.c-Correctly-check-the-common-name-even-if.patch + ]; + + meta.mainProgram = prev.meta.mainProgram or "fetchmail"; +}) diff --git a/pkgs/by-name/fe/fetchmail-common-name/patches/fix-socket.c-Correctly-check-the-common-name-even-if.patch b/pkgs/by-name/fe/fetchmail-common-name/patches/fix-socket.c-Correctly-check-the-common-name-even-if.patch new file mode 100644 index 0000000..aa17799 --- /dev/null +++ b/pkgs/by-name/fe/fetchmail-common-name/patches/fix-socket.c-Correctly-check-the-common-name-even-if.patch @@ -0,0 +1,40 @@ +From 77a13d5625890d6a0dc3ec312b9d237e61791033 Mon Sep 17 00:00:00 2001 +From: Benedikt Peetz +Date: Sat, 1 Mar 2025 18:20:35 +0100 +Subject: [PATCH] fix(socket.c): Correctly check the common name, even if not + set (only SAN) + +--- + socket.c | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/socket.c b/socket.c +index 42b8f1a5..c81bca63 100644 +--- a/socket.c ++++ b/socket.c +@@ -728,7 +728,6 @@ static int SSL_verify_callback(int ok_return, X509_STORE_CTX *ctx, const int str + _depth0ck = 1; + } + +- if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) { + if (_ssl_server_cname != NULL) { + char *p1 = buf; + char *p2 = _ssl_server_cname; +@@ -779,14 +778,6 @@ static int SSL_verify_callback(int ok_return, X509_STORE_CTX *ctx, const int str + report(stderr, GT_("Server name not set, could not verify certificate!\n")); + if (strict) return (0); + } +- } else { +- if (outlevel >= O_VERBOSE) +- report(stdout, GT_("Unknown Server CommonName\n")); +- if (ok_return && strict) { +- report(stderr, GT_("Server name not specified in certificate!\n")); +- return (0); +- } +- } + /* Print the finger print. Note that on errors, we might print it more than once + * normally; we kluge around that by using a global variable. */ + if (_check_fp == 1) { +-- +2.47.2 + -- cgit 1.4.1