jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

Two minor fixes

Browse Source 
fix dangling symlinks to manual pages
make SSLv3_method work
This commit is contained in:
Tomas Mraz 2018-08-29 18:25:29 +02:00
parent 62ec0f1fa9
commit cfeae6fcb3
2 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssl-1.1.1-disable-ssl3.patch
View File

@ -27,10 +27,11 @@ diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps
diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200 --- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200
+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200 +++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200
@@ -3016,6 +3016,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m @@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/ */
ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+ if (meth->version != SSL3_VERSION) {
+ /* + /*
+ * Disable SSLv3 by default. Applications can + * Disable SSLv3 by default. Applications can
+ * re-enable it by configuring + * re-enable it by configuring
@ -38,6 +39,7 @@ diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ss
+ * or by using the SSL_CONF API. + * or by using the SSL_CONF API.
+ */ + */
+ ret->options |= SSL_OP_NO_SSLv3; + ret->options |= SSL_OP_NO_SSLv3;
+ }
+ +
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;

13
openssl.spec
View File

@ -24,7 +24,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1 Version: 1.1.1
Release: 0.%{prerelease}.1%{?dist} Release: 0.%{prerelease}.2%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -341,6 +341,11 @@ for manpage in man*/* ; do
done done
for conflict in passwd rand ; do for conflict in passwd rand ; do
rename ${conflict} ssl${conflict} man*/${conflict}* rename ${conflict} ssl${conflict} man*/${conflict}*
# Fix dangling symlinks
manpage=man1/openssl-${conflict}.*
if [ -L ${manpage} ] ; then
ln -snf ssl${conflict}.1ssl ${manpage}
fi
done done
popd popd
@ -398,6 +403,7 @@ export LD_LIBRARY_PATH
%exclude %{_mandir}/man1*/*.pl* %exclude %{_mandir}/man1*/*.pl*
%exclude %{_mandir}/man1*/c_rehash* %exclude %{_mandir}/man1*/c_rehash*
%exclude %{_mandir}/man1*/tsget* %exclude %{_mandir}/man1*/tsget*
%exclude %{_mandir}/man1*/openssl-tsget*
%files libs %files libs
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
@ -433,6 +439,7 @@ export LD_LIBRARY_PATH
%{_mandir}/man1*/*.pl* %{_mandir}/man1*/*.pl*
%{_mandir}/man1*/c_rehash* %{_mandir}/man1*/c_rehash*
%{_mandir}/man1*/tsget* %{_mandir}/man1*/tsget*
%{_mandir}/man1*/openssl-tsget*
%dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private %dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs %dir %{_sysconfdir}/pki/CA/certs
@ -444,6 +451,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Wed Aug 29 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.2
- fix dangling symlinks to manual pages
- make SSLv3_method work
* Wed Aug 22 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.1 * Wed Aug 22 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.1
- update to the latest 1.1.1 beta version - update to the latest 1.1.1 beta version