forked from rpms/openssl
Two minor fixes
fix dangling symlinks to manual pages make SSLv3_method work
This commit is contained in:
Tomas Mraz
parent
62ec0f1fa9
commit
cfeae6fcb3
@ -27,17 +27,19 @@ diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps
|
||||
diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
|
||||
--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200
|
||||
@@ -3016,6 +3016,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
*/
|
||||
ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
|
||||
|
||||
+ /*
|
||||
+ * Disable SSLv3 by default. Applications can
|
||||
+ * re-enable it by configuring
|
||||
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
|
||||
+ * or by using the SSL_CONF API.
|
||||
+ */
|
||||
+ ret->options |= SSL_OP_NO_SSLv3;
|
||||
+ if (meth->version != SSL3_VERSION) {
|
||||
+ /*
|
||||
+ * Disable SSLv3 by default. Applications can
|
||||
+ * re-enable it by configuring
|
||||
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
|
||||
+ * or by using the SSL_CONF API.
|
||||
+ */
|
||||
+ ret->options |= SSL_OP_NO_SSLv3;
|
||||
+ }
|
||||
+
|
||||
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
|
||||
|
||||
|
||||
13
openssl.spec
13
openssl.spec
@ -24,7 +24,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1
|
||||
Release: 0.%{prerelease}.1%{?dist}
|
||||
Release: 0.%{prerelease}.2%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -341,6 +341,11 @@ for manpage in man*/* ; do
|
||||
done
|
||||
for conflict in passwd rand ; do
|
||||
rename ${conflict} ssl${conflict} man*/${conflict}*
|
||||
# Fix dangling symlinks
|
||||
manpage=man1/openssl-${conflict}.*
|
||||
if [ -L ${manpage} ] ; then
|
||||
ln -snf ssl${conflict}.1ssl ${manpage}
|
||||
fi
|
||||
done
|
||||
popd
|
||||
|
||||
@ -398,6 +403,7 @@ export LD_LIBRARY_PATH
|
||||
%exclude %{_mandir}/man1*/*.pl*
|
||||
%exclude %{_mandir}/man1*/c_rehash*
|
||||
%exclude %{_mandir}/man1*/tsget*
|
||||
%exclude %{_mandir}/man1*/openssl-tsget*
|
||||
|
||||
%files libs
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
@ -433,6 +439,7 @@ export LD_LIBRARY_PATH
|
||||
%{_mandir}/man1*/*.pl*
|
||||
%{_mandir}/man1*/c_rehash*
|
||||
%{_mandir}/man1*/tsget*
|
||||
%{_mandir}/man1*/openssl-tsget*
|
||||
%dir %{_sysconfdir}/pki/CA
|
||||
%dir %{_sysconfdir}/pki/CA/private
|
||||
%dir %{_sysconfdir}/pki/CA/certs
|
||||
@ -444,6 +451,10 @@ export LD_LIBRARY_PATH
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed Aug 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.2
|
||||
- fix dangling symlinks to manual pages
|
||||
- make SSLv3_method work
|
||||
|
||||
* Wed Aug 22 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.1
|
||||
- update to the latest 1.1.1 beta version
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user