forked from rpms/openssl
- set default paths when no explicit paths are set (#418771)
- do not add tls extensions to client hello for SSLv3 (#422081)
This commit is contained in:
parent
2a80bfda1d
commit
d8cd5c45d8
77
openssl-0.9.8g-default-paths.patch
Normal file
77
openssl-0.9.8g-default-paths.patch
Normal file
@ -0,0 +1,77 @@
|
||||
diff -up openssl-0.9.8g/apps/s_server.c.default-paths openssl-0.9.8g/apps/s_server.c
|
||||
--- openssl-0.9.8g/apps/s_server.c.default-paths 2007-12-13 17:41:34.000000000 +0100
|
||||
+++ openssl-0.9.8g/apps/s_server.c 2007-12-13 17:36:58.000000000 +0100
|
||||
@@ -1077,12 +1077,13 @@ bad:
|
||||
}
|
||||
#endif
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx)))
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx))
|
||||
{
|
||||
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
|
||||
ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
}
|
||||
store = SSL_CTX_get_cert_store(ctx);
|
||||
X509_STORE_set_flags(store, vflags);
|
||||
@@ -1132,8 +1133,11 @@ bad:
|
||||
|
||||
SSL_CTX_sess_set_cache_size(ctx2,128);
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
diff -up openssl-0.9.8g/apps/s_client.c.default-paths openssl-0.9.8g/apps/s_client.c
|
||||
--- openssl-0.9.8g/apps/s_client.c.default-paths 2007-12-13 17:41:34.000000000 +0100
|
||||
+++ openssl-0.9.8g/apps/s_client.c 2007-12-13 17:37:34.000000000 +0100
|
||||
@@ -673,12 +673,13 @@ bad:
|
||||
if (!set_cert_key_stuff(ctx,cert,key))
|
||||
goto end;
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx)))
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx))
|
||||
{
|
||||
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
|
||||
ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
}
|
||||
|
||||
store = SSL_CTX_get_cert_store(ctx);
|
||||
diff -up openssl-0.9.8g/apps/s_time.c.default-paths openssl-0.9.8g/apps/s_time.c
|
||||
--- openssl-0.9.8g/apps/s_time.c.default-paths 2003-12-27 15:40:17.000000000 +0100
|
||||
+++ openssl-0.9.8g/apps/s_time.c 2007-12-13 17:35:27.000000000 +0100
|
||||
@@ -476,12 +476,13 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
SSL_load_error_strings();
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
|
||||
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
|
||||
+ {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
|
||||
{
|
||||
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
|
||||
ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
}
|
||||
|
||||
if (tm_cipher == NULL)
|
17
openssl-0.9.8g-no-extssl.patch
Normal file
17
openssl-0.9.8g-no-extssl.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Skip adding tls extensions to client hello when protocol version is
|
||||
not TLS.
|
||||
diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
|
||||
--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200
|
||||
+++ openssl-0.9.8g/ssl/t1_lib.c 2007-12-13 17:22:10.000000000 +0100
|
||||
@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
|
||||
int extdatalen=0;
|
||||
unsigned char *ret = p;
|
||||
|
||||
+ if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
|
||||
+ {
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
ret+=2;
|
||||
|
||||
if (ret>=limit) return NULL; /* this really never occurs, but ... */
|
10
openssl.spec
10
openssl.spec
@ -22,7 +22,7 @@
|
||||
Summary: The OpenSSL toolkit
|
||||
Name: openssl
|
||||
Version: 0.9.8g
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
@ -44,6 +44,8 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
|
||||
# Bug fixes
|
||||
Patch21: openssl-0.9.8b-aliasing-bug.patch
|
||||
Patch22: openssl-0.9.8b-x509-name-cmp.patch
|
||||
Patch23: openssl-0.9.8g-default-paths.patch
|
||||
Patch24: openssl-0.9.8g-no-extssl.patch
|
||||
# Functionality changes
|
||||
Patch32: openssl-0.9.7-beta6-ia64.patch
|
||||
Patch33: openssl-0.9.7f-ca-dir.patch
|
||||
@ -106,6 +108,8 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
|
||||
%patch21 -p1 -b .aliasing-bug
|
||||
%patch22 -p1 -b .name-cmp
|
||||
%patch23 -p1 -b .default-paths
|
||||
%patch24 -p1 -b .no-extssl
|
||||
|
||||
%patch32 -p1 -b .ia64
|
||||
#patch33 is applied after make test
|
||||
@ -356,6 +360,10 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Thu Dec 13 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-3
|
||||
- set default paths when no explicit paths are set (#418771)
|
||||
- do not add tls extensions to client hello for SSLv3 (#422081)
|
||||
|
||||
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-2
|
||||
- enable some new crypto algorithms and features
|
||||
- add some more important bug fixes from openssl CVS
|
||||
|
Loading…
Reference in New Issue
Block a user