$NetBSD: patch-rsync-ssl,v 1.1 2021/10/06 08:15:57 wiz Exp $

CVE-2020-14387:
rsync-ssl does not verify the hostname in the server certificate when using openssl

--- rsync-ssl.orig	2020-06-17 01:27:48.000000000 +0000
+++ rsync-ssl
@@ -129,7 +129,7 @@ function rsync_ssl_helper {
     fi
 
     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
     else
