Synced with native openssl-1.0.2h-1

This commit is contained in:
Erik van Pienbroek 2016-05-07 18:01:07 +02:00
parent 9d21f19320
commit 6007c3d7bd
11 changed files with 426 additions and 421 deletions

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1j-hobbled.tar.xz
/openssl-1.0.2a-hobbled.tar.xz
/openssl-1.0.2f-hobbled.tar.xz
/openssl-1.0.2h-hobbled.tar.xz

View File

@ -6,26 +6,21 @@ set -e
# Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# EC: ????????? ??/??/2020
# SRP: ????????? ??/??/20??
# Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/rc5/asm -type f | xargs -r rm -fv)
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
# RC5, SRP.
for a in rc5 srp; do
# SRP.
for a in srp; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c
> $c
done
done
for c in `find crypto/evp -name "*_rc5.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c
> $c
@ -37,11 +32,10 @@ for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nist
done
for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing RC5, SRP and EC2M references from $h
echo Removing SRP and EC2M references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
@ -50,4 +44,4 @@ for h in `find crypto ssl apps test -name "*.h"` ; do
done
# Make the makefiles happy.
touch crypto/rc5/asm/rc5-586.pl
# touch crypto/rc5/asm/rc5-586.pl

View File

@ -23,7 +23,7 @@
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
Name: mingw-openssl
Version: 1.0.2f
Version: 1.0.2h
Release: 1%{?dist}
Summary: MinGW port of the OpenSSL toolkit
@ -64,7 +64,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-1.0.2a-x509.patch
Patch35: openssl-1.0.2a-version-add-engines.patch
Patch39: openssl-1.0.2a-ipv6-apps.patch
Patch40: openssl-1.0.2e-fips.patch
Patch40: openssl-1.0.2h-fips.patch
Patch45: openssl-1.0.2a-env-zlib.patch
Patch47: openssl-1.0.2a-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch
@ -78,24 +78,23 @@ Patch65: openssl-1.0.2a-chil-fixes.patch
Patch66: openssl-1.0.2a-pkgconfig-krb5.patch
Patch68: openssl-1.0.2a-secure-getenv.patch
Patch70: openssl-1.0.2a-fips-ec.patch
Patch71: openssl-1.0.2d-manfix.patch
Patch71: openssl-1.0.2g-manfix.patch
Patch72: openssl-1.0.2a-fips-ctor.patch
Patch73: openssl-1.0.2c-ecc-suiteb.patch
Patch74: openssl-1.0.2a-no-md5-verify.patch
Patch75: openssl-1.0.2a-compat-symbols.patch
Patch76: openssl-1.0.2f-new-fips-reqs.patch
Patch77: openssl-1.0.2a-weak-ciphers.patch
Patch78: openssl-1.0.2a-cc-reqs.patch
Patch90: openssl-1.0.2a-enc-fail.patch
Patch92: openssl-1.0.2a-system-cipherlist.patch
Patch93: openssl-1.0.2a-disable-sslv2v3.patch
Patch93: openssl-1.0.2g-disable-sslv2v3.patch
Patch94: openssl-1.0.2d-secp256k1.patch
Patch95: openssl-1.0.2e-remove-nistp224.patch
Patch96: openssl-1.0.2e-speed-doc.patch
# Backported fixes including security fixes
Patch80: openssl-1.0.2e-wrap-pad.patch
Patch81: openssl-1.0.2a-padlock64.patch
Patch82: openssl-1.0.2c-trusted-first-doc.patch
Patch82: openssl-1.0.2h-trusted-first-doc.patch
# MinGW-specific patches.
# Rename *eay32.dll to lib*.dll
@ -250,7 +249,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
#patch74 -p1 -b .no-md5-verify
%patch75 -p1 -b .compat
#patch76 -p1 -b .fips-reqs
%patch77 -p1 -b .weak-ciphers
%patch78 -p1 -b .cc-reqs
%patch90 -p1 -b .enc-fail
%patch92 -p1 -b .system
@ -304,8 +302,8 @@ PERL=%{__perl} \
--prefix=%{mingw32_prefix} \
--openssldir=%{mingw32_sysconfdir}/pki/tls \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 \
no-mdc2 no-rc5 no-ec2m no-gost no-srp \
enable-cms enable-md2 enable-rc5 \
no-mdc2 no-ec2m no-gost no-srp \
no-fips no-hw \
--cross-compile-prefix=%{mingw32_target}- \
--enginesdir=%{mingw32_libdir}/openssl/engines \
@ -514,6 +512,10 @@ mkdir -m700 $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/CA/private
%changelog
* Sat May 7 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2h-1
- Synced with native openssl-1.0.2h-1
- Fixes RHBZ #1332591 #1332589 #1330104 #1312861 #1312857 #1307773 #1302768
* Sat Feb 6 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2f-1
- Synced with native openssl-1.0.2f-2
- Fixes RHBZ #1239685 #1290334 #1302768

View File

@ -33,7 +33,7 @@ diff -up openssl-1.0.0-beta3/Makefile.shared.mingw-libversion openssl-1.0.0-beta
if test -f $(LIBNAME)eay32.def; then \
deffile=$(LIBNAME)eay32.def; \
fi; \
@@ -270,13 +270,7 @@ link_a.cygwin:
@@ -282,13 +282,7 @@
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
base=-Wl,--enable-auto-image-base; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
@ -45,6 +45,6 @@ diff -up openssl-1.0.0-beta3/Makefile.shared.mingw-libversion openssl-1.0.0-beta
- extras="$(LIBNAME).def"; \
- $(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
+ SHLIB=lib$(LIBNAME); \
base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \

View File

@ -1,13 +0,0 @@
diff -up openssl-1.0.2a/ssl/ssl_lib.c.v2v3 openssl-1.0.2a/ssl/ssl_lib.c
--- openssl-1.0.2a/ssl/ssl_lib.c.v2v3 2015-04-22 15:37:15.974345757 +0200
+++ openssl-1.0.2a/ssl/ssl_lib.c 2015-04-22 15:39:39.114782365 +0200
@@ -2048,6 +2048,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
return (ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);

View File

@ -1,12 +0,0 @@
diff -up openssl-1.0.2a/ssl/ssl.h.weak-ciphers openssl-1.0.2a/ssl/ssl.h
--- openssl-1.0.2a/ssl/ssl.h.weak-ciphers 2015-04-22 15:11:14.026574414 +0200
+++ openssl-1.0.2a/ssl/ssl.h 2015-04-22 15:14:51.302744713 +0200
@@ -338,7 +338,7 @@ extern "C" {
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!DES"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is

View File

@ -0,0 +1,18 @@
diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
+++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
/*
- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
- * explicitly clear this option via either of SSL_CTX_clear_options() or
+ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
+ * explicitly clear these options via either of SSL_CTX_clear_options() or
* SSL_clear_options().
*/
- ret->options |= SSL_OP_NO_SSLv2;
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
return (ret);
err:

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.2a/doc/apps/ec.pod.manfix openssl-1.0.2a/doc/apps/ec.pod
--- openssl-1.0.2a/doc/apps/ec.pod.manfix 2015-01-20 13:33:36.000000000 +0100
+++ openssl-1.0.2a/doc/apps/ec.pod 2015-04-21 17:39:20.084574580 +0200
diff -up openssl-1.0.2g/doc/apps/ec.pod.manfix openssl-1.0.2g/doc/apps/ec.pod
--- openssl-1.0.2g/doc/apps/ec.pod.manfix 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2g/doc/apps/ec.pod 2016-03-01 16:47:35.331568290 +0100
@@ -93,10 +93,6 @@ prints out the public, private key compo
this option prevents output of the encoded version of the key.
@ -12,9 +12,9 @@ diff -up openssl-1.0.2a/doc/apps/ec.pod.manfix openssl-1.0.2a/doc/apps/ec.pod
=item B<-pubin>
by default a private key is read from the input file: with this option a
diff -up openssl-1.0.2a/doc/apps/openssl.pod.manfix openssl-1.0.2a/doc/apps/openssl.pod
--- openssl-1.0.2a/doc/apps/openssl.pod.manfix 2015-01-20 13:33:36.000000000 +0100
+++ openssl-1.0.2a/doc/apps/openssl.pod 2015-04-21 17:39:20.084574580 +0200
diff -up openssl-1.0.2g/doc/apps/openssl.pod.manfix openssl-1.0.2g/doc/apps/openssl.pod
--- openssl-1.0.2g/doc/apps/openssl.pod.manfix 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2g/doc/apps/openssl.pod 2016-03-01 16:47:35.331568290 +0100
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
Online Certificate Status Protocol utility.
@ -45,10 +45,10 @@ diff -up openssl-1.0.2a/doc/apps/openssl.pod.manfix openssl-1.0.2a/doc/apps/open
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
diff -up openssl-1.0.2a/doc/apps/s_client.pod.manfix openssl-1.0.2a/doc/apps/s_client.pod
--- openssl-1.0.2a/doc/apps/s_client.pod.manfix 2015-04-21 17:39:20.085574603 +0200
+++ openssl-1.0.2a/doc/apps/s_client.pod 2015-04-21 17:41:00.215924162 +0200
@@ -34,6 +34,9 @@ B<openssl> B<s_client>
diff -up openssl-1.0.2g/doc/apps/s_client.pod.manfix openssl-1.0.2g/doc/apps/s_client.pod
--- openssl-1.0.2g/doc/apps/s_client.pod.manfix 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/doc/apps/s_client.pod 2016-03-01 16:47:35.358568902 +0100
@@ -35,6 +35,9 @@ B<openssl> B<s_client>
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
@ -58,24 +58,33 @@ diff -up openssl-1.0.2a/doc/apps/s_client.pod.manfix openssl-1.0.2a/doc/apps/s_c
[B<-no_ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
@@ -200,7 +203,7 @@ Use the PSK key B<key> when using a PSK
@@ -201,7 +204,7 @@ Use the PSK key B<key> when using a PSK
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
these options disable the use of certain SSL or TLS protocols. By default
the initial handshake uses a method which should be compatible with all
diff -up openssl-1.0.2a/doc/apps/s_server.pod.manfix openssl-1.0.2a/doc/apps/s_server.pod
--- openssl-1.0.2a/doc/apps/s_server.pod.manfix 2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/doc/apps/s_server.pod 2015-04-21 17:39:20.085574603 +0200
@@ -212,7 +212,7 @@ Use the PSK key B<key> when using a PSK
These options require or disable the use of the specified SSL or TLS protocols.
By default the initial handshake uses a I<version-flexible> method which will
diff -up openssl-1.0.2g/doc/apps/s_server.pod.manfix openssl-1.0.2g/doc/apps/s_server.pod
--- openssl-1.0.2g/doc/apps/s_server.pod.manfix 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/doc/apps/s_server.pod 2016-03-01 16:47:35.359568925 +0100
@@ -42,6 +42,8 @@ B<openssl> B<s_server>
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
[B<-no_ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
@@ -217,7 +219,7 @@ Use the PSK key B<key> when using a PSK
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
these options disable the use of certain SSL or TLS protocols. By default
the initial handshake uses a method which should be compatible with all
These options require or disable the use of the specified SSL or TLS protocols.
By default the initial handshake uses a I<version-flexible> method which will

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.2c/apps/cms.c.trusted-first openssl-1.0.2c/apps/cms.c
--- openssl-1.0.2c/apps/cms.c.trusted-first 2015-06-15 17:45:13.112279761 +0200
+++ openssl-1.0.2c/apps/cms.c 2015-06-15 17:46:11.045611575 +0200
diff -up openssl-1.0.2h/apps/cms.c.trusted-first openssl-1.0.2h/apps/cms.c
--- openssl-1.0.2h/apps/cms.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/apps/cms.c 2016-05-03 18:01:16.729556976 +0200
@@ -646,6 +646,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
@ -10,10 +10,10 @@ diff -up openssl-1.0.2c/apps/cms.c.trusted-first openssl-1.0.2c/apps/cms.c
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
diff -up openssl-1.0.2c/apps/ocsp.c.trusted-first openssl-1.0.2c/apps/ocsp.c
--- openssl-1.0.2c/apps/ocsp.c.trusted-first 2015-06-15 17:45:13.112279761 +0200
+++ openssl-1.0.2c/apps/ocsp.c 2015-06-15 17:46:31.898090948 +0200
@@ -536,6 +536,8 @@ int MAIN(int argc, char **argv)
diff -up openssl-1.0.2h/apps/ocsp.c.trusted-first openssl-1.0.2h/apps/ocsp.c
--- openssl-1.0.2h/apps/ocsp.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/apps/ocsp.c 2016-05-03 18:01:16.730556998 +0200
@@ -537,6 +537,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
@ -22,9 +22,9 @@ diff -up openssl-1.0.2c/apps/ocsp.c.trusted-first openssl-1.0.2c/apps/ocsp.c
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err,
"-VAfile file validator certificates file\n");
diff -up openssl-1.0.2c/apps/s_client.c.trusted-first openssl-1.0.2c/apps/s_client.c
--- openssl-1.0.2c/apps/s_client.c.trusted-first 2015-06-15 17:45:13.113279784 +0200
+++ openssl-1.0.2c/apps/s_client.c 2015-06-15 17:47:05.645866767 +0200
diff -up openssl-1.0.2h/apps/s_client.c.trusted-first openssl-1.0.2h/apps/s_client.c
--- openssl-1.0.2h/apps/s_client.c.trusted-first 2016-05-03 18:01:16.696556246 +0200
+++ openssl-1.0.2h/apps/s_client.c 2016-05-03 18:01:16.730556998 +0200
@@ -333,6 +333,8 @@ static void sc_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
@ -34,9 +34,9 @@ diff -up openssl-1.0.2c/apps/s_client.c.trusted-first openssl-1.0.2c/apps/s_clie
" -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err,
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
diff -up openssl-1.0.2c/apps/smime.c.trusted-first openssl-1.0.2c/apps/smime.c
--- openssl-1.0.2c/apps/smime.c.trusted-first 2015-06-15 17:45:13.113279784 +0200
+++ openssl-1.0.2c/apps/smime.c 2015-06-15 17:47:39.090635621 +0200
diff -up openssl-1.0.2h/apps/smime.c.trusted-first openssl-1.0.2h/apps/smime.c
--- openssl-1.0.2h/apps/smime.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/apps/smime.c 2016-05-03 18:01:16.730556998 +0200
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
@ -46,10 +46,10 @@ diff -up openssl-1.0.2c/apps/smime.c.trusted-first openssl-1.0.2c/apps/smime.c
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n");
diff -up openssl-1.0.2c/apps/s_server.c.trusted-first openssl-1.0.2c/apps/s_server.c
--- openssl-1.0.2c/apps/s_server.c.trusted-first 2015-06-15 17:45:13.114279807 +0200
+++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:47:24.841308046 +0200
@@ -572,6 +572,8 @@ static void sv_usage(void)
diff -up openssl-1.0.2h/apps/s_server.c.trusted-first openssl-1.0.2h/apps/s_server.c
--- openssl-1.0.2h/apps/s_server.c.trusted-first 2016-05-03 18:01:16.666555583 +0200
+++ openssl-1.0.2h/apps/s_server.c 2016-05-03 18:01:16.731557020 +0200
@@ -578,6 +578,8 @@ static void sv_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
@ -58,9 +58,9 @@ diff -up openssl-1.0.2c/apps/s_server.c.trusted-first openssl-1.0.2c/apps/s_serv
" -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err,
" -nocert - Don't use any certificates (Anon-DH)\n");
diff -up openssl-1.0.2c/apps/s_time.c.trusted-first openssl-1.0.2c/apps/s_time.c
--- openssl-1.0.2c/apps/s_time.c.trusted-first 2015-06-15 17:45:13.010277416 +0200
+++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:45:13.114279807 +0200
diff -up openssl-1.0.2h/apps/s_time.c.trusted-first openssl-1.0.2h/apps/s_time.c
--- openssl-1.0.2h/apps/s_time.c.trusted-first 2016-05-03 18:01:16.661555472 +0200
+++ openssl-1.0.2h/apps/s_time.c 2016-05-03 18:01:16.731557020 +0200
@@ -182,6 +182,7 @@ static void s_time_usage(void)
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
@ -69,9 +69,9 @@ diff -up openssl-1.0.2c/apps/s_time.c.trusted-first openssl-1.0.2c/apps/s_time.c
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf("usage: s_time <args>\n\n");
diff -up openssl-1.0.2c/apps/ts.c.trusted-first openssl-1.0.2c/apps/ts.c
--- openssl-1.0.2c/apps/ts.c.trusted-first 2015-06-15 17:45:13.065278681 +0200
+++ openssl-1.0.2c/apps/ts.c 2015-06-15 17:45:13.114279807 +0200
diff -up openssl-1.0.2h/apps/ts.c.trusted-first openssl-1.0.2h/apps/ts.c
--- openssl-1.0.2h/apps/ts.c.trusted-first 2016-05-03 18:01:16.694556202 +0200
+++ openssl-1.0.2h/apps/ts.c 2016-05-03 18:01:16.731557020 +0200
@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv)
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
"[-queryfile request.tsq] "
@ -81,9 +81,9 @@ diff -up openssl-1.0.2c/apps/ts.c.trusted-first openssl-1.0.2c/apps/ts.c
"-untrusted cert_file.pem\n");
cleanup:
/* Clean up. */
diff -up openssl-1.0.2c/apps/verify.c.trusted-first openssl-1.0.2c/apps/verify.c
--- openssl-1.0.2c/apps/verify.c.trusted-first 2015-06-15 17:45:13.114279807 +0200
+++ openssl-1.0.2c/apps/verify.c 2015-06-15 17:48:03.979207778 +0200
diff -up openssl-1.0.2h/apps/verify.c.trusted-first openssl-1.0.2h/apps/verify.c
--- openssl-1.0.2h/apps/verify.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/apps/verify.c 2016-05-03 18:01:16.731557020 +0200
@@ -231,7 +231,7 @@ int MAIN(int argc, char **argv)
end:
if (ret == 1) {
@ -93,9 +93,9 @@ diff -up openssl-1.0.2c/apps/verify.c.trusted-first openssl-1.0.2c/apps/verify.c
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]");
diff -up openssl-1.0.2c/doc/apps/cms.pod.trusted-first openssl-1.0.2c/doc/apps/cms.pod
--- openssl-1.0.2c/doc/apps/cms.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
+++ openssl-1.0.2c/doc/apps/cms.pod 2015-06-15 17:48:43.615118958 +0200
diff -up openssl-1.0.2h/doc/apps/cms.pod.trusted-first openssl-1.0.2h/doc/apps/cms.pod
--- openssl-1.0.2h/doc/apps/cms.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/doc/apps/cms.pod 2016-05-03 18:01:16.731557020 +0200
@@ -35,6 +35,7 @@ B<openssl> B<cms>
[B<-print>]
[B<-CAfile file>]
@ -117,19 +117,17 @@ diff -up openssl-1.0.2c/doc/apps/cms.pod.trusted-first openssl-1.0.2c/doc/apps/c
=item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first openssl-1.0.2c/doc/apps/ocsp.pod
--- openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first 2015-06-15 17:45:13.115279830 +0200
+++ openssl-1.0.2c/doc/apps/ocsp.pod 2015-06-15 17:49:06.337641320 +0200
@@ -29,7 +29,8 @@ B<openssl> B<ocsp>
diff -up openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first openssl-1.0.2h/doc/apps/ocsp.pod
--- openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first 2016-05-03 18:01:16.695556224 +0200
+++ openssl-1.0.2h/doc/apps/ocsp.pod 2016-05-03 18:02:16.021868012 +0200
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
[B<-path>]
[B<-CApath dir>]
[B<-CAfile file>]
-[B<-no_alt_chains>]]
+[B<-trusted_first>]
+[B<-no_alt_chains>]
[B<-no_alt_chains>]
[B<-VAfile file>]
[B<-validity_period n>]
[B<-status_age n>]
@@ -144,6 +145,13 @@ connection timeout to the OCSP responder
file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response.
@ -144,9 +142,9 @@ diff -up openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first openssl-1.0.2c/doc/apps/
=item B<-no_alt_chains>
See L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.2c/doc/apps/s_client.pod.trusted-first openssl-1.0.2c/doc/apps/s_client.pod
--- openssl-1.0.2c/doc/apps/s_client.pod.trusted-first 2015-06-15 17:45:13.115279830 +0200
+++ openssl-1.0.2c/doc/apps/s_client.pod 2015-06-15 17:49:23.984046989 +0200
diff -up openssl-1.0.2h/doc/apps/s_client.pod.trusted-first openssl-1.0.2h/doc/apps/s_client.pod
--- openssl-1.0.2h/doc/apps/s_client.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200
+++ openssl-1.0.2h/doc/apps/s_client.pod 2016-05-03 18:01:16.732557042 +0200
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
[B<-pass arg>]
[B<-CApath directory>]
@ -164,9 +162,9 @@ diff -up openssl-1.0.2c/doc/apps/s_client.pod.trusted-first openssl-1.0.2c/doc/a
Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.2c/doc/apps/smime.pod.trusted-first openssl-1.0.2c/doc/apps/smime.pod
--- openssl-1.0.2c/doc/apps/smime.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
+++ openssl-1.0.2c/doc/apps/smime.pod 2015-06-15 17:50:00.856894648 +0200
diff -up openssl-1.0.2h/doc/apps/smime.pod.trusted-first openssl-1.0.2h/doc/apps/smime.pod
--- openssl-1.0.2h/doc/apps/smime.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/doc/apps/smime.pod 2016-05-03 18:01:16.732557042 +0200
@@ -15,6 +15,9 @@ B<openssl> B<smime>
[B<-pk7out>]
[B<-[cipher]>]
@ -190,9 +188,9 @@ diff -up openssl-1.0.2c/doc/apps/smime.pod.trusted-first openssl-1.0.2c/doc/apps
=item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/apps/s_server.pod
--- openssl-1.0.2c/doc/apps/s_server.pod.trusted-first 2015-06-15 17:45:13.116279853 +0200
+++ openssl-1.0.2c/doc/apps/s_server.pod 2015-06-15 17:49:37.420355873 +0200
diff -up openssl-1.0.2h/doc/apps/s_server.pod.trusted-first openssl-1.0.2h/doc/apps/s_server.pod
--- openssl-1.0.2h/doc/apps/s_server.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200
+++ openssl-1.0.2h/doc/apps/s_server.pod 2016-05-03 18:01:16.732557042 +0200
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
[B<-state>]
[B<-CApath directory>]
@ -201,7 +199,7 @@ diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/a
[B<-no_alt_chains>]
[B<-nocert>]
[B<-cipher cipherlist>]
@@ -175,6 +176,12 @@ and to use when attempting to build the
@@ -177,6 +178,12 @@ and to use when attempting to build the
is also used in the list of acceptable client CAs passed to the client when
a certificate is requested.
@ -214,9 +212,9 @@ diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/a
=item B<-no_alt_chains>
See the L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.2c/doc/apps/s_time.pod.trusted-first openssl-1.0.2c/doc/apps/s_time.pod
--- openssl-1.0.2c/doc/apps/s_time.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
+++ openssl-1.0.2c/doc/apps/s_time.pod 2015-06-15 17:45:13.116279853 +0200
diff -up openssl-1.0.2h/doc/apps/s_time.pod.trusted-first openssl-1.0.2h/doc/apps/s_time.pod
--- openssl-1.0.2h/doc/apps/s_time.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/doc/apps/s_time.pod 2016-05-03 18:01:16.732557042 +0200
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
[B<-key filename>]
[B<-CApath directory>]
@ -238,9 +236,9 @@ diff -up openssl-1.0.2c/doc/apps/s_time.pod.trusted-first openssl-1.0.2c/doc/app
=item B<-new>
performs the timing test using a new session ID for each connection.
diff -up openssl-1.0.2c/doc/apps/ts.pod.trusted-first openssl-1.0.2c/doc/apps/ts.pod
--- openssl-1.0.2c/doc/apps/ts.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
+++ openssl-1.0.2c/doc/apps/ts.pod 2015-06-15 17:45:13.116279853 +0200
diff -up openssl-1.0.2h/doc/apps/ts.pod.trusted-first openssl-1.0.2h/doc/apps/ts.pod
--- openssl-1.0.2h/doc/apps/ts.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/doc/apps/ts.pod 2016-05-03 18:01:16.732557042 +0200
@@ -46,6 +46,7 @@ B<-verify>
[B<-token_in>]
[B<-CApath> trusted_cert_path]
@ -262,9 +260,9 @@ diff -up openssl-1.0.2c/doc/apps/ts.pod.trusted-first openssl-1.0.2c/doc/apps/ts
=item B<-untrusted> cert_file.pem
Set of additional untrusted certificates in PEM format which may be
diff -up openssl-1.0.2c/doc/apps/verify.pod.trusted-first openssl-1.0.2c/doc/apps/verify.pod
--- openssl-1.0.2c/doc/apps/verify.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200
+++ openssl-1.0.2c/doc/apps/verify.pod 2015-06-15 17:45:13.116279853 +0200
diff -up openssl-1.0.2h/doc/apps/verify.pod.trusted-first openssl-1.0.2h/doc/apps/verify.pod
--- openssl-1.0.2h/doc/apps/verify.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2h/doc/apps/verify.pod 2016-05-03 18:01:16.732557042 +0200
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
B<openssl> B<verify>
[B<-CApath directory>]
@ -273,7 +271,7 @@ diff -up openssl-1.0.2c/doc/apps/verify.pod.trusted-first openssl-1.0.2c/doc/app
[B<-purpose purpose>]
[B<-policy arg>]
[B<-ignore_critical>]
@@ -79,6 +80,12 @@ If a valid CRL cannot be found an error
@@ -85,6 +86,12 @@ If a valid CRL cannot be found an error
A file of untrusted certificates. The file should contain multiple certificates
in PEM format concatenated together.

View File

@ -1 +1 @@
e9d29bc1688f65fcb9d1b564d53d6f13 openssl-1.0.2f-hobbled.tar.xz
020793e7b8901a1ac62d38f3a77f9a0c openssl-1.0.2h-hobbled.tar.xz