forked from rpms/openssl
new upstream release 1.0.1h
This commit is contained in:
parent
b5f54ff916
commit
360a4bb67c
1
.gitignore
vendored
1
.gitignore
vendored
@ -14,3 +14,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.0.1e-usa.tar.xz
|
/openssl-1.0.1e-usa.tar.xz
|
||||||
/openssl-1.0.1e-hobbled.tar.xz
|
/openssl-1.0.1e-hobbled.tar.xz
|
||||||
/openssl-1.0.1g-hobbled.tar.xz
|
/openssl-1.0.1g-hobbled.tar.xz
|
||||||
|
/openssl-1.0.1h-hobbled.tar.xz
|
||||||
|
@ -1,555 +0,0 @@
|
|||||||
diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/cms.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/apps/cms.pod 2013-09-12 11:17:42.147092310 +0200
|
|
||||||
@@ -450,28 +450,28 @@ remains DER.
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
the operation was completely successfully.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
an error occurred parsing the command options.
|
|
||||||
|
|
||||||
-=item 2
|
|
||||||
+=item C<2>
|
|
||||||
|
|
||||||
one of the input files could not be read.
|
|
||||||
|
|
||||||
-=item 3
|
|
||||||
+=item C<3>
|
|
||||||
|
|
||||||
an error occurred creating the CMS file or when reading the MIME
|
|
||||||
message.
|
|
||||||
|
|
||||||
-=item 4
|
|
||||||
+=item C<4>
|
|
||||||
|
|
||||||
an error occurred decrypting or verifying the message.
|
|
||||||
|
|
||||||
-=item 5
|
|
||||||
+=item C<5>
|
|
||||||
|
|
||||||
the message was verified correctly but an error occurred writing out
|
|
||||||
the signers certificates.
|
|
||||||
diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/ec.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/apps/ec.pod 2013-09-12 11:17:42.147092310 +0200
|
|
||||||
@@ -93,10 +93,6 @@ prints out the public, private key compo
|
|
||||||
|
|
||||||
this option prevents output of the encoded version of the key.
|
|
||||||
|
|
||||||
-=item B<-modulus>
|
|
||||||
-
|
|
||||||
-this option prints out the value of the public key component of the key.
|
|
||||||
-
|
|
||||||
=item B<-pubin>
|
|
||||||
|
|
||||||
by default a private key is read from the input file: with this option a
|
|
||||||
diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/openssl.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/openssl.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/apps/openssl.pod 2013-09-12 11:17:42.148092331 +0200
|
|
||||||
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
|
|
||||||
|
|
||||||
Online Certificate Status Protocol utility.
|
|
||||||
|
|
||||||
-=item L<B<passwd>|passwd(1)>
|
|
||||||
+=item L<B<passwd>|sslpasswd(1)>
|
|
||||||
|
|
||||||
Generation of hashed passwords.
|
|
||||||
|
|
||||||
@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
|
|
||||||
|
|
||||||
Public key algorithm cryptographic operation utility.
|
|
||||||
|
|
||||||
-=item L<B<rand>|rand(1)>
|
|
||||||
+=item L<B<rand>|sslrand(1)>
|
|
||||||
|
|
||||||
Generate pseudo-random bytes.
|
|
||||||
|
|
||||||
@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
|
|
||||||
L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
|
|
||||||
L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
|
|
||||||
L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
|
|
||||||
-L<passwd(1)|passwd(1)>,
|
|
||||||
+L<sslpasswd(1)|sslpasswd(1)>,
|
|
||||||
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
|
|
||||||
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
|
||||||
+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
|
||||||
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
|
|
||||||
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
|
|
||||||
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
|
|
||||||
diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_client.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/s_client.pod.manfix 2013-09-12 11:17:41.517078502 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/apps/s_client.pod 2013-09-12 11:17:42.149092353 +0200
|
|
||||||
@@ -32,9 +32,14 @@ B<openssl> B<s_client>
|
|
||||||
[B<-ssl2>]
|
|
||||||
[B<-ssl3>]
|
|
||||||
[B<-tls1>]
|
|
||||||
+[B<-tls1_1>]
|
|
||||||
+[B<-tls1_2>]
|
|
||||||
+[B<-dtls1>]
|
|
||||||
[B<-no_ssl2>]
|
|
||||||
[B<-no_ssl3>]
|
|
||||||
[B<-no_tls1>]
|
|
||||||
+[B<-no_tls1_1>]
|
|
||||||
+[B<-no_tls1_2>]
|
|
||||||
[B<-bugs>]
|
|
||||||
[B<-cipher cipherlist>]
|
|
||||||
[B<-starttls protocol>]
|
|
||||||
@@ -44,6 +49,7 @@ B<openssl> B<s_client>
|
|
||||||
[B<-sess_out filename>]
|
|
||||||
[B<-sess_in filename>]
|
|
||||||
[B<-rand file(s)>]
|
|
||||||
+[B<-nextprotoneg protocols>]
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
|
|
||||||
@@ -182,7 +188,7 @@ Use the PSK key B<key> when using a PSK
|
|
||||||
given as a hexadecimal number without leading 0x, for example -psk
|
|
||||||
1a2b3c4d.
|
|
||||||
|
|
||||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
|
|
||||||
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
|
||||||
|
|
||||||
these options disable the use of certain SSL or TLS protocols. By default
|
|
||||||
the initial handshake uses a method which should be compatible with all
|
|
||||||
@@ -243,6 +249,17 @@ Multiple files can be specified separate
|
|
||||||
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
|
|
||||||
all others.
|
|
||||||
|
|
||||||
+=item B<-nextprotoneg protocols>
|
|
||||||
+
|
|
||||||
+enable Next Protocol Negotiation TLS extension and provide a list of
|
|
||||||
+comma-separated protocol names that the client should advertise
|
|
||||||
+support for. The list should contain most wanted protocols first.
|
|
||||||
+Protocol names are printable ASCII strings, for example "http/1.1" or
|
|
||||||
+"spdy/3".
|
|
||||||
+Empty list of protocols is treated specially and will cause the client to
|
|
||||||
+advertise support for the TLS extension but disconnect just after
|
|
||||||
+reciving ServerHello with a list of server supported protocols.
|
|
||||||
+
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 CONNECTED COMMANDS
|
|
||||||
diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/smime.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/apps/smime.pod 2013-09-12 11:17:42.150092375 +0200
|
|
||||||
@@ -308,28 +308,28 @@ remains DER.
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
the operation was completely successfully.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
an error occurred parsing the command options.
|
|
||||||
|
|
||||||
-=item 2
|
|
||||||
+=item C<2>
|
|
||||||
|
|
||||||
one of the input files could not be read.
|
|
||||||
|
|
||||||
-=item 3
|
|
||||||
+=item C<3>
|
|
||||||
|
|
||||||
an error occurred creating the PKCS#7 file or when reading the MIME
|
|
||||||
message.
|
|
||||||
|
|
||||||
-=item 4
|
|
||||||
+=item C<4>
|
|
||||||
|
|
||||||
an error occurred decrypting or verifying the message.
|
|
||||||
|
|
||||||
-=item 5
|
|
||||||
+=item C<5>
|
|
||||||
|
|
||||||
the message was verified correctly but an error occurred writing out
|
|
||||||
the signers certificates.
|
|
||||||
diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_server.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/s_server.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/apps/s_server.pod 2013-09-12 11:17:42.150092375 +0200
|
|
||||||
@@ -40,10 +40,16 @@ B<openssl> B<s_server>
|
|
||||||
[B<-ssl2>]
|
|
||||||
[B<-ssl3>]
|
|
||||||
[B<-tls1>]
|
|
||||||
+[B<-tls1_1>]
|
|
||||||
+[B<-tls1_2>]
|
|
||||||
+[B<-dtls1>]
|
|
||||||
[B<-no_ssl2>]
|
|
||||||
[B<-no_ssl3>]
|
|
||||||
[B<-no_tls1>]
|
|
||||||
+[B<-no_tls1_1>]
|
|
||||||
+[B<-no_tls1_2>]
|
|
||||||
[B<-no_dhe>]
|
|
||||||
+[B<-no_ecdhe>]
|
|
||||||
[B<-bugs>]
|
|
||||||
[B<-hack>]
|
|
||||||
[B<-www>]
|
|
||||||
@@ -54,6 +60,7 @@ B<openssl> B<s_server>
|
|
||||||
[B<-no_ticket>]
|
|
||||||
[B<-id_prefix arg>]
|
|
||||||
[B<-rand file(s)>]
|
|
||||||
+[B<-nextprotoneg protocols>]
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
|
|
||||||
@@ -131,6 +138,10 @@ a static set of parameters hard coded in
|
|
||||||
if this option is set then no DH parameters will be loaded effectively
|
|
||||||
disabling the ephemeral DH cipher suites.
|
|
||||||
|
|
||||||
+=item B<-no_ecdhe>
|
|
||||||
+
|
|
||||||
+if this option is set then ephemeral ECDH cipher suites will be disabled.
|
|
||||||
+
|
|
||||||
=item B<-no_tmp_rsa>
|
|
||||||
|
|
||||||
certain export cipher suites sometimes use a temporary RSA key, this option
|
|
||||||
@@ -201,7 +212,7 @@ Use the PSK key B<key> when using a PSK
|
|
||||||
given as a hexadecimal number without leading 0x, for example -psk
|
|
||||||
1a2b3c4d.
|
|
||||||
|
|
||||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
|
|
||||||
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
|
||||||
|
|
||||||
these options disable the use of certain SSL or TLS protocols. By default
|
|
||||||
the initial handshake uses a method which should be compatible with all
|
|
||||||
@@ -276,6 +287,14 @@ Multiple files can be specified separate
|
|
||||||
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
|
|
||||||
all others.
|
|
||||||
|
|
||||||
+=item B<-nextprotoneg protocols>
|
|
||||||
+
|
|
||||||
+enable Next Protocol Negotiation TLS extension and provide a
|
|
||||||
+comma-separated list of supported protocol names.
|
|
||||||
+The list should contain most wanted protocols first.
|
|
||||||
+Protocol names are printable ASCII strings, for example "http/1.1" or
|
|
||||||
+"spdy/3".
|
|
||||||
+
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 CONNECTED COMMANDS
|
|
||||||
diff -up openssl-1.0.1e/doc/apps/verify.pod.manfix openssl-1.0.1e/doc/apps/verify.pod
|
|
||||||
--- openssl-1.0.1e/doc/apps/verify.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/apps/verify.pod 2013-09-12 11:25:13.994994992 +0200
|
|
||||||
@@ -25,6 +25,7 @@ B<openssl> B<verify>
|
|
||||||
[B<-untrusted file>]
|
|
||||||
[B<-help>]
|
|
||||||
[B<-issuer_checks>]
|
|
||||||
+[B<-attime timestamp>]
|
|
||||||
[B<-verbose>]
|
|
||||||
[B<->]
|
|
||||||
[certificates]
|
|
||||||
@@ -80,6 +81,12 @@ rejected. The presence of rejection mess
|
|
||||||
anything is wrong; during the normal verification process, several
|
|
||||||
rejections may take place.
|
|
||||||
|
|
||||||
+=item B<-attime timestamp>
|
|
||||||
+
|
|
||||||
+Perform validation checks using the time specified by B<timestamp> and not
|
|
||||||
+the current system time. B<timestamp> is the number of seconds since
|
|
||||||
+01.01.1970 (UNIX time).
|
|
||||||
+
|
|
||||||
=item B<-policy arg>
|
|
||||||
|
|
||||||
Enable policy processing and add B<arg> to the user-initial-policy-set (see
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL_accept.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix 2013-09-12 11:17:42.129091915 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-09-12 11:17:42.156092507 +0200
|
|
||||||
@@ -44,13 +44,13 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
||||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
||||||
return value B<ret> to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
||||||
established.
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_clear.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-09-12 11:17:42.158092551 +0200
|
|
||||||
@@ -56,12 +56,12 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The SSL_clear() operation could not be performed. Check the error stack to
|
|
||||||
find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The SSL_clear() operation was successful.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix 2013-09-12 11:17:42.049090162 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-09-12 11:17:42.159092573 +0200
|
|
||||||
@@ -60,11 +60,11 @@ SSL_COMP_add_compression_method() may re
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation failed. Check the error queue to find out the reason.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SSL_connect.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix 2013-09-12 11:17:42.130091937 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-09-12 11:17:42.161092616 +0200
|
|
||||||
@@ -41,13 +41,13 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
||||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
||||||
return value B<ret> to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
||||||
established.
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-09-12 11:17:42.162092638 +0200
|
|
||||||
@@ -52,13 +52,13 @@ The following values are returned by all
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The operation failed. In case of the add operation, it was tried to add
|
|
||||||
the same (identical) session twice. In case of the remove operation, the
|
|
||||||
session was not found in the cache.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-09-12 11:17:42.163092660 +0200
|
|
||||||
@@ -100,13 +100,13 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The operation failed because B<CAfile> and B<CApath> are NULL or the
|
|
||||||
processing at one of the locations specified failed. Check the error
|
|
||||||
stack to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix 2013-09-12 11:17:42.132091981 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-09-12 11:17:42.164092682 +0200
|
|
||||||
@@ -66,13 +66,13 @@ values:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
|
|
||||||
the X509_NAME could not be extracted from B<cacert>. Check the error stack
|
|
||||||
to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-09-12 11:17:42.166092726 +0200
|
|
||||||
@@ -64,13 +64,13 @@ return the following values:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
|
|
||||||
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
|
|
||||||
is logged to the error stack.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix 2013-02-11 16:26:04.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-09-12 11:17:42.167092748 +0200
|
|
||||||
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The new choice failed, check the error stack to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix 2013-09-12 11:17:42.133092003 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-09-12 11:17:42.168092770 +0200
|
|
||||||
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
|
|
||||||
connection will fail with decryption_error before it will be finished
|
|
||||||
completely.
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
PSK identity was not found. An "unknown_psk_identity" alert message
|
|
||||||
will be sent and the connection setup fails.
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix 2013-09-12 11:17:42.135092047 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-09-12 11:17:42.170092814 +0200
|
|
||||||
@@ -45,13 +45,13 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
||||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
||||||
return value B<ret> to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
||||||
established.
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_read.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-09-12 11:17:42.171092836 +0200
|
|
||||||
@@ -86,7 +86,7 @@ The following return values can occur:
|
|
||||||
The read operation was successful; the return value is the number of
|
|
||||||
bytes actually read from the TLS/SSL connection.
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The read operation was not successful. The reason may either be a clean
|
|
||||||
shutdown due to a "close notify" alert sent by the peer (in which case
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-09-12 11:17:42.172092857 +0200
|
|
||||||
@@ -27,11 +27,11 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
A new session was negotiated.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
A session was reused.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-09-12 11:17:42.174092901 +0200
|
|
||||||
@@ -35,11 +35,11 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The operation failed. Check the error stack to find out why.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_session.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-09-12 11:17:42.175092923 +0200
|
|
||||||
@@ -37,11 +37,11 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The operation failed; check the error stack to find out the reason.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The operation succeeded.
|
|
||||||
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix 2013-09-12 11:17:42.137092090 +0200
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-09-12 11:17:42.177092967 +0200
|
|
||||||
@@ -92,14 +92,14 @@ The following return values can occur:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
|
|
||||||
if a bidirectional shutdown shall be performed.
|
|
||||||
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
|
|
||||||
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
|
|
||||||
|
|
||||||
-=item 1
|
|
||||||
+=item C<1>
|
|
||||||
|
|
||||||
The shutdown was successfully completed. The "close notify" alert was sent
|
|
||||||
and the peer's "close notify" alert was received.
|
|
||||||
diff -up openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix openssl-1.0.1e/doc/ssl/SSL_write.pod
|
|
||||||
--- openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix 2013-02-11 16:02:48.000000000 +0100
|
|
||||||
+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-09-12 11:17:42.177092967 +0200
|
|
||||||
@@ -79,7 +79,7 @@ The following return values can occur:
|
|
||||||
The write operation was successful, the return value is the number of
|
|
||||||
bytes actually written to the TLS/SSL connection.
|
|
||||||
|
|
||||||
-=item 0
|
|
||||||
+=item C<0>
|
|
||||||
|
|
||||||
The write operation was not successful. Probably the underlying connection
|
|
||||||
was closed. Call SSL_get_error() with the return value B<ret> to find out,
|
|
@ -1,21 +0,0 @@
|
|||||||
diff -up openssl-1.0.1g/ssl/ssl.h.op-all openssl-1.0.1g/ssl/ssl.h
|
|
||||||
--- openssl-1.0.1g/ssl/ssl.h.op-all 2014-05-06 16:03:37.400554125 +0200
|
|
||||||
+++ openssl-1.0.1g/ssl/ssl.h 2014-05-06 16:06:21.688352245 +0200
|
|
||||||
@@ -549,7 +549,7 @@ struct ssl_session_st
|
|
||||||
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
|
|
||||||
/* Allow initial connection to servers that don't support RI */
|
|
||||||
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
|
|
||||||
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
|
||||||
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
|
|
||||||
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
|
||||||
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
|
||||||
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
|
|
||||||
@@ -569,7 +569,7 @@ struct ssl_session_st
|
|
||||||
|
|
||||||
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
|
||||||
* This used to be 0x000FFFFFL before 0.9.7. */
|
|
||||||
-#define SSL_OP_ALL 0x80000BFFL
|
|
||||||
+#define SSL_OP_ALL 0x80000BF7L /* we still have to include SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
|
|
||||||
|
|
||||||
/* DTLS options */
|
|
||||||
#define SSL_OP_NO_QUERY_MTU 0x00001000L
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
|
diff -up openssl-1.0.1h/apps/s_apps.h.ipv6-apps openssl-1.0.1h/apps/s_apps.h
|
||||||
--- openssl-1.0.1c/apps/s_apps.h.ipv6-apps 2012-07-11 22:46:02.409221206 +0200
|
--- openssl-1.0.1h/apps/s_apps.h.ipv6-apps 2014-06-05 14:33:38.515668750 +0200
|
||||||
+++ openssl-1.0.1c/apps/s_apps.h 2012-07-11 22:46:02.451222165 +0200
|
+++ openssl-1.0.1h/apps/s_apps.h 2014-06-05 14:33:38.540669335 +0200
|
||||||
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
||||||
#define PORT_STR "4433"
|
#define PORT_STR "4433"
|
||||||
#define PROTOCOL "tcp"
|
#define PROTOCOL "tcp"
|
||||||
@ -23,10 +23,10 @@ diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
|
|||||||
|
|
||||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||||
int argi, long argl, long ret);
|
int argi, long argl, long ret);
|
||||||
diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
|
diff -up openssl-1.0.1h/apps/s_client.c.ipv6-apps openssl-1.0.1h/apps/s_client.c
|
||||||
--- openssl-1.0.1c/apps/s_client.c.ipv6-apps 2012-07-11 22:46:02.433221754 +0200
|
--- openssl-1.0.1h/apps/s_client.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
|
||||||
+++ openssl-1.0.1c/apps/s_client.c 2012-07-11 22:46:02.452222187 +0200
|
+++ openssl-1.0.1h/apps/s_client.c 2014-06-05 14:33:38.540669335 +0200
|
||||||
@@ -563,7 +563,7 @@ int MAIN(int argc, char **argv)
|
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
|
||||||
int cbuf_len,cbuf_off;
|
int cbuf_len,cbuf_off;
|
||||||
int sbuf_len,sbuf_off;
|
int sbuf_len,sbuf_off;
|
||||||
fd_set readfds,writefds;
|
fd_set readfds,writefds;
|
||||||
@ -35,7 +35,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
|
|||||||
int full_log=1;
|
int full_log=1;
|
||||||
char *host=SSL_HOST_NAME;
|
char *host=SSL_HOST_NAME;
|
||||||
char *cert_file=NULL,*key_file=NULL;
|
char *cert_file=NULL,*key_file=NULL;
|
||||||
@@ -664,13 +664,12 @@ int MAIN(int argc, char **argv)
|
@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
|
||||||
else if (strcmp(*argv,"-port") == 0)
|
else if (strcmp(*argv,"-port") == 0)
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@ -51,7 +51,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
|
|||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
else if (strcmp(*argv,"-verify") == 0)
|
else if (strcmp(*argv,"-verify") == 0)
|
||||||
@@ -1253,7 +1252,7 @@ bad:
|
@@ -1267,7 +1266,7 @@ bad:
|
||||||
|
|
||||||
re_start:
|
re_start:
|
||||||
|
|
||||||
@ -60,10 +60,10 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
|
|||||||
{
|
{
|
||||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||||
SHUTDOWN(s);
|
SHUTDOWN(s);
|
||||||
diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
|
diff -up openssl-1.0.1h/apps/s_server.c.ipv6-apps openssl-1.0.1h/apps/s_server.c
|
||||||
--- openssl-1.0.1c/apps/s_server.c.ipv6-apps 2012-07-11 22:46:02.434221777 +0200
|
--- openssl-1.0.1h/apps/s_server.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
|
||||||
+++ openssl-1.0.1c/apps/s_server.c 2012-07-11 22:46:02.453222210 +0200
|
+++ openssl-1.0.1h/apps/s_server.c 2014-06-05 14:33:38.541669358 +0200
|
||||||
@@ -929,7 +929,7 @@ int MAIN(int argc, char *argv[])
|
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
X509_VERIFY_PARAM *vpm = NULL;
|
X509_VERIFY_PARAM *vpm = NULL;
|
||||||
int badarg = 0;
|
int badarg = 0;
|
||||||
@ -72,7 +72,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
|
|||||||
char *CApath=NULL,*CAfile=NULL;
|
char *CApath=NULL,*CAfile=NULL;
|
||||||
unsigned char *context = NULL;
|
unsigned char *context = NULL;
|
||||||
char *dhfile = NULL;
|
char *dhfile = NULL;
|
||||||
@@ -1000,8 +1000,7 @@ int MAIN(int argc, char *argv[])
|
@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
|
||||||
(strcmp(*argv,"-accept") == 0))
|
(strcmp(*argv,"-accept") == 0))
|
||||||
{
|
{
|
||||||
if (--argc < 1) goto bad;
|
if (--argc < 1) goto bad;
|
||||||
@ -82,7 +82,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
|
|||||||
}
|
}
|
||||||
else if (strcmp(*argv,"-verify") == 0)
|
else if (strcmp(*argv,"-verify") == 0)
|
||||||
{
|
{
|
||||||
@@ -1878,9 +1877,9 @@ bad:
|
@@ -1892,9 +1891,9 @@ bad:
|
||||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||||
(void)BIO_flush(bio_s_out);
|
(void)BIO_flush(bio_s_out);
|
||||||
if (www)
|
if (www)
|
||||||
@ -94,9 +94,9 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
|
|||||||
print_stats(bio_s_out,ctx);
|
print_stats(bio_s_out,ctx);
|
||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
diff -up openssl-1.0.1h/apps/s_socket.c.ipv6-apps openssl-1.0.1h/apps/s_socket.c
|
||||||
--- openssl-1.0.1c/apps/s_socket.c.ipv6-apps 2011-12-02 15:39:40.000000000 +0100
|
--- openssl-1.0.1h/apps/s_socket.c.ipv6-apps 2014-06-05 11:44:33.000000000 +0200
|
||||||
+++ openssl-1.0.1c/apps/s_socket.c 2012-07-11 22:49:05.411400450 +0200
|
+++ openssl-1.0.1h/apps/s_socket.c 2014-06-05 14:39:53.226442195 +0200
|
||||||
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
|
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
|
||||||
static void ssl_sock_cleanup(void);
|
static void ssl_sock_cleanup(void);
|
||||||
#endif
|
#endif
|
||||||
@ -108,7 +108,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
static int do_accept(int acc_sock, int *sock, char **host);
|
static int do_accept(int acc_sock, int *sock, char **host);
|
||||||
static int host_ip(char *str, unsigned char ip[4]);
|
static int host_ip(char *str, unsigned char ip[4]);
|
||||||
|
|
||||||
@@ -234,57 +232,70 @@ static int ssl_sock_init(void)
|
@@ -234,57 +232,71 @@ static int ssl_sock_init(void)
|
||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -178,7 +178,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
{
|
{
|
||||||
- i=0;
|
- i=0;
|
||||||
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||||
- if (i < 0) { perror("keepalive"); return(0); }
|
- if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
|
||||||
+ int i=0;
|
+ int i=0;
|
||||||
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
|
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
|
||||||
+ (char *)&i,sizeof(i));
|
+ (char *)&i,sizeof(i));
|
||||||
@ -207,6 +207,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
+ res = res->ai_next;
|
+ res = res->ai_next;
|
||||||
+ }
|
+ }
|
||||||
+ freeaddrinfo(res0);
|
+ freeaddrinfo(res0);
|
||||||
|
+ closesocket(s);
|
||||||
+
|
+
|
||||||
+ perror(failed_call);
|
+ perror(failed_call);
|
||||||
+ return(0);
|
+ return(0);
|
||||||
@ -216,7 +217,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
{
|
{
|
||||||
int sock;
|
int sock;
|
||||||
char *name = NULL;
|
char *name = NULL;
|
||||||
@@ -322,33 +333,50 @@ int do_server(int port, int type, int *r
|
@@ -322,33 +334,50 @@ int do_server(int port, int type, int *r
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -288,7 +289,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||||
{
|
{
|
||||||
int j = 1;
|
int j = 1;
|
||||||
@@ -356,35 +384,49 @@ static int init_server_long(int *sock, i
|
@@ -356,35 +385,49 @@ static int init_server_long(int *sock, i
|
||||||
(void *) &j, sizeof j);
|
(void *) &j, sizeof j);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -355,7 +356,16 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
int len;
|
int len;
|
||||||
/* struct linger ling; */
|
/* struct linger ling; */
|
||||||
|
|
||||||
@@ -431,135 +473,58 @@ redoit:
|
@@ -424,145 +467,66 @@ redoit:
|
||||||
|
ling.l_onoff=1;
|
||||||
|
ling.l_linger=0;
|
||||||
|
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
|
||||||
|
- if (i < 0) { perror("linger"); return(0); }
|
||||||
|
+ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
|
||||||
|
i=0;
|
||||||
|
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
||||||
|
- if (i < 0) { perror("keepalive"); return(0); }
|
||||||
|
+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (host == NULL) goto end;
|
if (host == NULL) goto end;
|
||||||
@ -384,6 +394,7 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
|
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
|
||||||
{
|
{
|
||||||
perror("OPENSSL_malloc");
|
perror("OPENSSL_malloc");
|
||||||
|
closesocket(ret);
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
|
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
|
||||||
@ -392,11 +403,13 @@ diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
|
|||||||
- if (h2 == NULL)
|
- if (h2 == NULL)
|
||||||
- {
|
- {
|
||||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||||
|
- closesocket(ret);
|
||||||
- return(0);
|
- return(0);
|
||||||
- }
|
- }
|
||||||
- if (h2->h_addrtype != AF_INET)
|
- if (h2->h_addrtype != AF_INET)
|
||||||
- {
|
- {
|
||||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||||
|
- closesocket(ret);
|
||||||
- return(0);
|
- return(0);
|
||||||
- }
|
- }
|
||||||
+ strcpy(*host, buffer);
|
+ strcpy(*host, buffer);
|
135
openssl-1.0.1h-manfix.patch
Normal file
135
openssl-1.0.1h-manfix.patch
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
diff -up openssl-1.0.1h/doc/apps/ec.pod.manfix openssl-1.0.1h/doc/apps/ec.pod
|
||||||
|
--- openssl-1.0.1h/doc/apps/ec.pod.manfix 2014-06-05 11:41:31.000000000 +0200
|
||||||
|
+++ openssl-1.0.1h/doc/apps/ec.pod 2014-06-05 14:41:11.501274915 +0200
|
||||||
|
@@ -93,10 +93,6 @@ prints out the public, private key compo
|
||||||
|
|
||||||
|
this option prevents output of the encoded version of the key.
|
||||||
|
|
||||||
|
-=item B<-modulus>
|
||||||
|
-
|
||||||
|
-this option prints out the value of the public key component of the key.
|
||||||
|
-
|
||||||
|
=item B<-pubin>
|
||||||
|
|
||||||
|
by default a private key is read from the input file: with this option a
|
||||||
|
diff -up openssl-1.0.1h/doc/apps/openssl.pod.manfix openssl-1.0.1h/doc/apps/openssl.pod
|
||||||
|
--- openssl-1.0.1h/doc/apps/openssl.pod.manfix 2014-06-05 11:41:31.000000000 +0200
|
||||||
|
+++ openssl-1.0.1h/doc/apps/openssl.pod 2014-06-05 14:41:11.501274915 +0200
|
||||||
|
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
|
||||||
|
|
||||||
|
Online Certificate Status Protocol utility.
|
||||||
|
|
||||||
|
-=item L<B<passwd>|passwd(1)>
|
||||||
|
+=item L<B<passwd>|sslpasswd(1)>
|
||||||
|
|
||||||
|
Generation of hashed passwords.
|
||||||
|
|
||||||
|
@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
|
||||||
|
|
||||||
|
Public key algorithm cryptographic operation utility.
|
||||||
|
|
||||||
|
-=item L<B<rand>|rand(1)>
|
||||||
|
+=item L<B<rand>|sslrand(1)>
|
||||||
|
|
||||||
|
Generate pseudo-random bytes.
|
||||||
|
|
||||||
|
@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
|
||||||
|
L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
|
||||||
|
L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
|
||||||
|
L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
|
||||||
|
-L<passwd(1)|passwd(1)>,
|
||||||
|
+L<sslpasswd(1)|sslpasswd(1)>,
|
||||||
|
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
|
||||||
|
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
||||||
|
+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
||||||
|
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
|
||||||
|
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
|
||||||
|
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
|
||||||
|
diff -up openssl-1.0.1h/doc/apps/s_client.pod.manfix openssl-1.0.1h/doc/apps/s_client.pod
|
||||||
|
--- openssl-1.0.1h/doc/apps/s_client.pod.manfix 2014-06-05 14:41:11.445273605 +0200
|
||||||
|
+++ openssl-1.0.1h/doc/apps/s_client.pod 2014-06-05 14:41:11.501274915 +0200
|
||||||
|
@@ -33,9 +33,14 @@ B<openssl> B<s_client>
|
||||||
|
[B<-ssl2>]
|
||||||
|
[B<-ssl3>]
|
||||||
|
[B<-tls1>]
|
||||||
|
+[B<-tls1_1>]
|
||||||
|
+[B<-tls1_2>]
|
||||||
|
+[B<-dtls1>]
|
||||||
|
[B<-no_ssl2>]
|
||||||
|
[B<-no_ssl3>]
|
||||||
|
[B<-no_tls1>]
|
||||||
|
+[B<-no_tls1_1>]
|
||||||
|
+[B<-no_tls1_2>]
|
||||||
|
[B<-bugs>]
|
||||||
|
[B<-cipher cipherlist>]
|
||||||
|
[B<-starttls protocol>]
|
||||||
|
@@ -45,6 +50,7 @@ B<openssl> B<s_client>
|
||||||
|
[B<-sess_out filename>]
|
||||||
|
[B<-sess_in filename>]
|
||||||
|
[B<-rand file(s)>]
|
||||||
|
+[B<-nextprotoneg protocols>]
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
@@ -188,7 +194,7 @@ Use the PSK key B<key> when using a PSK
|
||||||
|
given as a hexadecimal number without leading 0x, for example -psk
|
||||||
|
1a2b3c4d.
|
||||||
|
|
||||||
|
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
|
||||||
|
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||||
|
|
||||||
|
these options disable the use of certain SSL or TLS protocols. By default
|
||||||
|
the initial handshake uses a method which should be compatible with all
|
||||||
|
@@ -249,6 +255,17 @@ Multiple files can be specified separate
|
||||||
|
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
|
||||||
|
all others.
|
||||||
|
|
||||||
|
+=item B<-nextprotoneg protocols>
|
||||||
|
+
|
||||||
|
+enable Next Protocol Negotiation TLS extension and provide a list of
|
||||||
|
+comma-separated protocol names that the client should advertise
|
||||||
|
+support for. The list should contain most wanted protocols first.
|
||||||
|
+Protocol names are printable ASCII strings, for example "http/1.1" or
|
||||||
|
+"spdy/3".
|
||||||
|
+Empty list of protocols is treated specially and will cause the client to
|
||||||
|
+advertise support for the TLS extension but disconnect just after
|
||||||
|
+reciving ServerHello with a list of server supported protocols.
|
||||||
|
+
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head1 CONNECTED COMMANDS
|
||||||
|
diff -up openssl-1.0.1h/doc/apps/s_server.pod.manfix openssl-1.0.1h/doc/apps/s_server.pod
|
||||||
|
--- openssl-1.0.1h/doc/apps/s_server.pod.manfix 2014-06-05 11:41:31.000000000 +0200
|
||||||
|
+++ openssl-1.0.1h/doc/apps/s_server.pod 2014-06-05 14:41:11.502274939 +0200
|
||||||
|
@@ -55,6 +55,7 @@ B<openssl> B<s_server>
|
||||||
|
[B<-no_ticket>]
|
||||||
|
[B<-id_prefix arg>]
|
||||||
|
[B<-rand file(s)>]
|
||||||
|
+[B<-nextprotoneg protocols>]
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
@@ -207,7 +208,7 @@ Use the PSK key B<key> when using a PSK
|
||||||
|
given as a hexadecimal number without leading 0x, for example -psk
|
||||||
|
1a2b3c4d.
|
||||||
|
|
||||||
|
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
|
||||||
|
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||||
|
|
||||||
|
these options disable the use of certain SSL or TLS protocols. By default
|
||||||
|
the initial handshake uses a method which should be compatible with all
|
||||||
|
@@ -282,6 +283,14 @@ Multiple files can be specified separate
|
||||||
|
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
|
||||||
|
all others.
|
||||||
|
|
||||||
|
+=item B<-nextprotoneg protocols>
|
||||||
|
+
|
||||||
|
+enable Next Protocol Negotiation TLS extension and provide a
|
||||||
|
+comma-separated list of supported protocol names.
|
||||||
|
+The list should contain most wanted protocols first.
|
||||||
|
+Protocol names are printable ASCII strings, for example "http/1.1" or
|
||||||
|
+"spdy/3".
|
||||||
|
+
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head1 CONNECTED COMMANDS
|
13
openssl.spec
13
openssl.spec
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1g
|
Version: 1.0.1h
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -57,8 +57,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
|||||||
Patch34: openssl-0.9.6-x509.patch
|
Patch34: openssl-0.9.6-x509.patch
|
||||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||||
Patch36: openssl-1.0.0e-doc-noeof.patch
|
Patch36: openssl-1.0.0e-doc-noeof.patch
|
||||||
Patch38: openssl-1.0.1g-ssl-op-all.patch
|
Patch39: openssl-1.0.1h-ipv6-apps.patch
|
||||||
Patch39: openssl-1.0.1c-ipv6-apps.patch
|
|
||||||
Patch40: openssl-1.0.1g-fips.patch
|
Patch40: openssl-1.0.1g-fips.patch
|
||||||
Patch45: openssl-1.0.1e-env-zlib.patch
|
Patch45: openssl-1.0.1e-env-zlib.patch
|
||||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||||
@ -74,7 +73,7 @@ Patch66: openssl-1.0.1-pkgconfig-krb5.patch
|
|||||||
Patch68: openssl-1.0.1e-secure-getenv.patch
|
Patch68: openssl-1.0.1e-secure-getenv.patch
|
||||||
Patch69: openssl-1.0.1c-dh-1024.patch
|
Patch69: openssl-1.0.1c-dh-1024.patch
|
||||||
Patch70: openssl-1.0.1e-fips-ec.patch
|
Patch70: openssl-1.0.1e-fips-ec.patch
|
||||||
Patch71: openssl-1.0.1e-manfix.patch
|
Patch71: openssl-1.0.1h-manfix.patch
|
||||||
Patch72: openssl-1.0.1e-fips-ctor.patch
|
Patch72: openssl-1.0.1e-fips-ctor.patch
|
||||||
Patch73: openssl-1.0.1e-ecc-suiteb.patch
|
Patch73: openssl-1.0.1e-ecc-suiteb.patch
|
||||||
Patch74: openssl-1.0.1e-no-md5-verify.patch
|
Patch74: openssl-1.0.1e-no-md5-verify.patch
|
||||||
@ -179,7 +178,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
|||||||
%patch34 -p1 -b .x509
|
%patch34 -p1 -b .x509
|
||||||
%patch35 -p1 -b .version-add-engines
|
%patch35 -p1 -b .version-add-engines
|
||||||
%patch36 -p1 -b .doc-noeof
|
%patch36 -p1 -b .doc-noeof
|
||||||
%patch38 -p1 -b .op-all
|
|
||||||
%patch39 -p1 -b .ipv6-apps
|
%patch39 -p1 -b .ipv6-apps
|
||||||
%patch40 -p1 -b .fips
|
%patch40 -p1 -b .fips
|
||||||
%patch45 -p1 -b .env-zlib
|
%patch45 -p1 -b .env-zlib
|
||||||
@ -474,6 +472,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 5 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-1
|
||||||
|
- new upstream release 1.0.1h
|
||||||
|
|
||||||
* Sat May 31 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.1g-2
|
* Sat May 31 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.1g-2
|
||||||
- Drop obsolete and irrelevant docs
|
- Drop obsolete and irrelevant docs
|
||||||
- Move devel docs to appropriate package
|
- Move devel docs to appropriate package
|
||||||
|
Loading…
Reference in New Issue
Block a user