From f0204ee5edb4db3e5f5fff680f1dc266b89ba075 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Sat, 24 Feb 2018 07:04:12 +0000
Subject: [PATCH] Remove check in cryptAddCertAttribute() which disallows
 adding DER blobs when the extension is natively supported by Cryptlib.  This
 is to work around the apparent impossiblity of adding multiple DNSName
 entries to the Subject Alt Name field.

Sorry DigitalMan, you'll have to compile the Win32 libraries again.  :-)
---
 3rdp/build/GNUmakefile                  |  3 ++-
 3rdp/build/cl-allow-duplicate-ext.patch | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 3rdp/build/cl-allow-duplicate-ext.patch

diff --git a/3rdp/build/GNUmakefile b/3rdp/build/GNUmakefile
index 7d3bdad9ab..98f7ca9864 100644
--- a/3rdp/build/GNUmakefile
+++ b/3rdp/build/GNUmakefile
@@ -67,7 +67,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
 $(CRYPT_IDIR): | $(3RDPODIR)
 	$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
 
-$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
+$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
 	@echo Creating $@ ...
 	$(QUIET)-rm -rf $(CRYPT_SRC)/*
 	$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
@@ -86,6 +86,7 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)b
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-win32-noasm.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-zz-country.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-algorithms.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-allow-duplicate-ext.patch
 ifeq ($(CC),mingw32-gcc)
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts
diff --git a/3rdp/build/cl-allow-duplicate-ext.patch b/3rdp/build/cl-allow-duplicate-ext.patch
new file mode 100644
index 0000000000..7a64a0cdb3
--- /dev/null
+++ b/3rdp/build/cl-allow-duplicate-ext.patch
@@ -0,0 +1,14 @@
+--- cert/ext_add.c.orig	2018-02-24 01:38:55.995138000 -0500
++++ cert/ext_add.c	2018-02-24 01:39:08.783152000 -0500
+@@ -451,9 +451,11 @@
+ 	   a non-blob.  In addition it forces the caller to use the (recommended)
+ 	   normal attribute handling mechanism, which allows for proper type
+ 	   checking */
++#if 0
+ 	if( !( flags & ATTR_FLAG_BLOB ) && \
+ 		oidToAttribute( attributeType, oid, oidLength ) != NULL )
+ 		return( CRYPT_ERROR_PERMISSION );
++#endif
+ 
+ 	/* Find the correct place in the list to insert the new element */
+ 	if( DATAPTR_ISSET( listHead ) )
-- 
GitLab