do not put error on stack when using fixed protocol version

(#1615098)
This commit is contained in:
Tomas Mraz 2018-08-13 11:34:33 +02:00
parent 60357072e0
commit f7a30f9a15
2 changed files with 21 additions and 1 deletions

View File

@ -0,0 +1,14 @@
Do not return failure when setting version bound on fixed protocol
version method.
diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c
--- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound 2018-06-20 16:48:13.000000000 +0200
+++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c 2018-08-13 11:07:52.826304045 +0200
@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver
* methods are not subject to controls that disable individual protocol
* versions.
*/
- return 0;
+ return 1;
case TLS_ANY_VERSION:
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)

View File

@ -24,7 +24,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1 Version: 1.1.1
Release: 0.%{prerelease}.2%{?dist} Release: 0.%{prerelease}.3%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -56,6 +56,7 @@ Patch38: openssl-1.1.0-no-weak-verify.patch
Patch40: openssl-1.1.1-disable-ssl3.patch Patch40: openssl-1.1.1-disable-ssl3.patch
Patch41: openssl-1.1.1-system-cipherlist.patch Patch41: openssl-1.1.1-system-cipherlist.patch
Patch42: openssl-1.1.1-fips.patch Patch42: openssl-1.1.1-fips.patch
Patch43: openssl-1.1.1-ignore-bound.patch
Patch44: openssl-1.1.1-version-override.patch Patch44: openssl-1.1.1-version-override.patch
Patch45: openssl-1.1.0-weak-ciphers.patch Patch45: openssl-1.1.0-weak-ciphers.patch
# Backported fixes including security fixes # Backported fixes including security fixes
@ -157,6 +158,7 @@ cp %{SOURCE13} test/
%patch40 -p1 -b .disable-ssl3 %patch40 -p1 -b .disable-ssl3
%patch41 -p1 -b .system-cipherlist %patch41 -p1 -b .system-cipherlist
%patch42 -p1 -b .fips %patch42 -p1 -b .fips
%patch43 -p1 -b .ignore-bound
%patch44 -p1 -b .version-override %patch44 -p1 -b .version-override
%patch45 -p1 -b .weak-ciphers %patch45 -p1 -b .weak-ciphers
@ -440,6 +442,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Mon Aug 13 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.3
- do not put error on stack when using fixed protocol version
with the default config (#1615098)
* Fri Jul 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.2 * Fri Jul 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre8.2
- load crypto policy config file from the default config - load crypto policy config file from the default config