correct openssl cms help output (#636266)

more tolerant starttls detection in XMPP protocol (#608239)
This commit is contained in:
Tomas Mraz 2011-07-26 13:02:17 +02:00
parent 5c4fc08e4d
commit 0ed17c0652
3 changed files with 33 additions and 1 deletions

View File

@ -0,0 +1,12 @@
diff -up openssl-1.0.0d/apps/cms.c.keyid openssl-1.0.0d/apps/cms.c
--- openssl-1.0.0d/apps/cms.c.keyid 2009-10-18 16:42:26.000000000 +0200
+++ openssl-1.0.0d/apps/cms.c 2011-07-26 12:56:48.000000000 +0200
@@ -618,7 +618,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-certsout file certificate output file\n");
BIO_printf (bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-skeyid use subject key identifier\n");
+ BIO_printf (bio_err, "-keyid use subject key identifier\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");

View File

@ -0,0 +1,12 @@
diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c
--- openssl-1.0.0d.old/apps/s_client.c 2011-07-17 21:05:19.934181169 +0200
+++ openssl-1.0.0d/apps/s_client.c 2011-07-17 21:11:42.747824990 +0200
@@ -1186,7 +1186,7 @@
"xmlns='jabber:client' to='%s' version='1.0'>", host);
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
- while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
+ while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
{
if (strstr(mbuf, "/stream:features>"))
goto shut;

View File

@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.0d Version: 1.0.0d
Release: 6%{?dist} Release: 7%{?dist}
# We remove certain patented algorithms from the openssl source tarball # We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below. # with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
@ -48,6 +48,7 @@ Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-0.9.8j-bad-mime.patch Patch24: openssl-0.9.8j-bad-mime.patch
Patch25: openssl-1.0.0a-manfix.patch Patch25: openssl-1.0.0a-manfix.patch
Patch26: openssl-1.0.0a-load-certs.patch Patch26: openssl-1.0.0a-load-certs.patch
Patch27: openssl-1.0.0d-cms-keyid.patch
# Functionality changes # Functionality changes
Patch32: openssl-0.9.8g-ia64.patch Patch32: openssl-0.9.8g-ia64.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch33: openssl-1.0.0-beta4-ca-dir.patch
@ -75,6 +76,7 @@ Patch59: openssl-1.0.0c-pkcs12-fips-default.patch
Patch60: openssl-1.0.0d-apps-dgst.patch Patch60: openssl-1.0.0d-apps-dgst.patch
Patch61: openssl-1.0.0d-cavs.patch Patch61: openssl-1.0.0d-cavs.patch
Patch62: openssl-1.0.0-fips-aesni.patch Patch62: openssl-1.0.0-fips-aesni.patch
Patch63: openssl-1.0.0d-xmpp-starttls.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch81: openssl-1.0.0d-padlock64.patch Patch81: openssl-1.0.0d-padlock64.patch
@ -144,6 +146,7 @@ popd
%patch24 -p1 -b .bad-mime %patch24 -p1 -b .bad-mime
%patch25 -p1 -b .manfix %patch25 -p1 -b .manfix
%patch26 -p1 -b .load-certs %patch26 -p1 -b .load-certs
%patch27 -p1 -b .keyid
%patch32 -p1 -b .ia64 %patch32 -p1 -b .ia64
%patch33 -p1 -b .ca-dir %patch33 -p1 -b .ca-dir
@ -171,6 +174,7 @@ popd
%patch60 -p1 -b .dgst %patch60 -p1 -b .dgst
%patch61 -p1 -b .cavs %patch61 -p1 -b .cavs
%patch62 -p1 -b .fips-aesni %patch62 -p1 -b .fips-aesni
%patch63 -p1 -b .starttls
%patch81 -p1 -b .padlock64 %patch81 -p1 -b .padlock64
@ -434,6 +438,10 @@ popd
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Tue Jul 26 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-7
- correct openssl cms help output (#636266)
- more tolerant starttls detection in XMPP protocol (#608239)
* Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6 * Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6
- add support for newest Intel acceleration improvements backported - add support for newest Intel acceleration improvements backported
from upstream by Intel in form of a separate engine from upstream by Intel in form of a separate engine