rpms/mingw-openssl
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Synced with native openssl-1.0.2h-1

Browse Source
This commit is contained in:
Erik van Pienbroek 2016-05-07 18:01:07 +02:00
parent 9d21f19320
commit 6007c3d7bd
11 changed files with 426 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1j-hobbled.tar.xz /openssl-1.0.1j-hobbled.tar.xz
/openssl-1.0.2a-hobbled.tar.xz /openssl-1.0.2a-hobbled.tar.xz
/openssl-1.0.2f-hobbled.tar.xz /openssl-1.0.2f-hobbled.tar.xz
/openssl-1.0.2h-hobbled.tar.xz

18
hobble-openssl
View File

@ -6,26 +6,21 @@ set -e
# Clean out patent-or-otherwise-encumbered code. # Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway # MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015 # RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# EC: ????????? ??/??/2020 # EC: ????????? ??/??/2020
# SRP: ????????? ??/??/20?? # SRP: ????????? ??/??/20??
# Remove assembler portions of IDEA, MDC2, and RC5. # Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/rc5/asm -type f | xargs -r rm -fv) # (find crypto/rc5/asm -type f | xargs -r rm -fv)
# RC5, SRP. # SRP.
for a in rc5 srp; do for a in srp; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c echo Destroying $c
> $c > $c
done done
done done
for c in `find crypto/evp -name "*_rc5.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/bn -name "*gf2m.c"`; do for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c echo Destroying $c
> $c > $c
@ -37,11 +32,10 @@ for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nist
done done
for h in `find crypto ssl apps test -name "*.h"` ; do for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing RC5, SRP and EC2M references from $h echo Removing SRP and EC2M references from $h
cat $h | \ cat $h | \
awk 'BEGIN {ech=1;} \ awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \ {if(ech>0) {;print $0};} \
@ -50,4 +44,4 @@ for h in `find crypto ssl apps test -name "*.h"` ; do
done done
# Make the makefiles happy. # Make the makefiles happy.
touch crypto/rc5/asm/rc5-586.pl # touch crypto/rc5/asm/rc5-586.pl

20
mingw-openssl.spec
View File

@ -23,7 +23,7 @@
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1} %global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
Name: mingw-openssl Name: mingw-openssl
Version: 1.0.2f Version: 1.0.2h
Release: 1%{?dist} Release: 1%{?dist}
Summary: MinGW port of the OpenSSL toolkit Summary: MinGW port of the OpenSSL toolkit
@ -64,7 +64,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-1.0.2a-x509.patch Patch34: openssl-1.0.2a-x509.patch
Patch35: openssl-1.0.2a-version-add-engines.patch Patch35: openssl-1.0.2a-version-add-engines.patch
Patch39: openssl-1.0.2a-ipv6-apps.patch Patch39: openssl-1.0.2a-ipv6-apps.patch
Patch40: openssl-1.0.2e-fips.patch Patch40: openssl-1.0.2h-fips.patch
Patch45: openssl-1.0.2a-env-zlib.patch Patch45: openssl-1.0.2a-env-zlib.patch
Patch47: openssl-1.0.2a-readme-warning.patch Patch47: openssl-1.0.2a-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch Patch49: openssl-1.0.1i-algo-doc.patch
@ -78,24 +78,23 @@ Patch65: openssl-1.0.2a-chil-fixes.patch
Patch66: openssl-1.0.2a-pkgconfig-krb5.patch Patch66: openssl-1.0.2a-pkgconfig-krb5.patch
Patch68: openssl-1.0.2a-secure-getenv.patch Patch68: openssl-1.0.2a-secure-getenv.patch
Patch70: openssl-1.0.2a-fips-ec.patch Patch70: openssl-1.0.2a-fips-ec.patch
Patch71: openssl-1.0.2d-manfix.patch Patch71: openssl-1.0.2g-manfix.patch
Patch72: openssl-1.0.2a-fips-ctor.patch Patch72: openssl-1.0.2a-fips-ctor.patch
Patch73: openssl-1.0.2c-ecc-suiteb.patch Patch73: openssl-1.0.2c-ecc-suiteb.patch
Patch74: openssl-1.0.2a-no-md5-verify.patch Patch74: openssl-1.0.2a-no-md5-verify.patch
Patch75: openssl-1.0.2a-compat-symbols.patch Patch75: openssl-1.0.2a-compat-symbols.patch
Patch76: openssl-1.0.2f-new-fips-reqs.patch Patch76: openssl-1.0.2f-new-fips-reqs.patch
Patch77: openssl-1.0.2a-weak-ciphers.patch
Patch78: openssl-1.0.2a-cc-reqs.patch Patch78: openssl-1.0.2a-cc-reqs.patch
Patch90: openssl-1.0.2a-enc-fail.patch Patch90: openssl-1.0.2a-enc-fail.patch
Patch92: openssl-1.0.2a-system-cipherlist.patch Patch92: openssl-1.0.2a-system-cipherlist.patch
Patch93: openssl-1.0.2a-disable-sslv2v3.patch Patch93: openssl-1.0.2g-disable-sslv2v3.patch
Patch94: openssl-1.0.2d-secp256k1.patch Patch94: openssl-1.0.2d-secp256k1.patch
Patch95: openssl-1.0.2e-remove-nistp224.patch Patch95: openssl-1.0.2e-remove-nistp224.patch
Patch96: openssl-1.0.2e-speed-doc.patch Patch96: openssl-1.0.2e-speed-doc.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch80: openssl-1.0.2e-wrap-pad.patch Patch80: openssl-1.0.2e-wrap-pad.patch
Patch81: openssl-1.0.2a-padlock64.patch Patch81: openssl-1.0.2a-padlock64.patch
Patch82: openssl-1.0.2c-trusted-first-doc.patch Patch82: openssl-1.0.2h-trusted-first-doc.patch
# MinGW-specific patches. # MinGW-specific patches.
# Rename *eay32.dll to lib*.dll # Rename *eay32.dll to lib*.dll
@ -250,7 +249,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
#patch74 -p1 -b .no-md5-verify #patch74 -p1 -b .no-md5-verify
%patch75 -p1 -b .compat %patch75 -p1 -b .compat
#patch76 -p1 -b .fips-reqs #patch76 -p1 -b .fips-reqs
%patch77 -p1 -b .weak-ciphers
%patch78 -p1 -b .cc-reqs %patch78 -p1 -b .cc-reqs
%patch90 -p1 -b .enc-fail %patch90 -p1 -b .enc-fail
%patch92 -p1 -b .system %patch92 -p1 -b .system
@ -304,8 +302,8 @@ PERL=%{__perl} \
--prefix=%{mingw32_prefix} \ --prefix=%{mingw32_prefix} \
--openssldir=%{mingw32_sysconfdir}/pki/tls \ --openssldir=%{mingw32_sysconfdir}/pki/tls \
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 \ enable-cms enable-md2 enable-rc5 \
no-mdc2 no-rc5 no-ec2m no-gost no-srp \ no-mdc2 no-ec2m no-gost no-srp \
no-fips no-hw \ no-fips no-hw \
--cross-compile-prefix=%{mingw32_target}- \ --cross-compile-prefix=%{mingw32_target}- \
--enginesdir=%{mingw32_libdir}/openssl/engines \ --enginesdir=%{mingw32_libdir}/openssl/engines \
@ -514,6 +512,10 @@ mkdir -m700 $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/CA/private
%changelog %changelog
* Sat May 7 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2h-1
- Synced with native openssl-1.0.2h-1
- Fixes RHBZ #1332591 #1332589 #1330104 #1312861 #1312857 #1307773 #1302768
* Sat Feb 6 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2f-1 * Sat Feb 6 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2f-1
- Synced with native openssl-1.0.2f-2 - Synced with native openssl-1.0.2f-2
- Fixes RHBZ #1239685 #1290334 #1302768 - Fixes RHBZ #1239685 #1290334 #1302768

4
mingw32-openssl-1.0.0-beta3-libversion.patch
View File

@ -33,7 +33,7 @@ diff -up openssl-1.0.0-beta3/Makefile.shared.mingw-libversion openssl-1.0.0-beta
if test -f $(LIBNAME)eay32.def; then \ if test -f $(LIBNAME)eay32.def; then \
deffile=$(LIBNAME)eay32.def; \ deffile=$(LIBNAME)eay32.def; \
fi; \ fi; \
@@ -270,13 +270,7 @@ link_a.cygwin: @@ -282,13 +282,7 @@
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \ dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
base=-Wl,--enable-auto-image-base; \ base=-Wl,--enable-auto-image-base; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
@ -45,6 +45,6 @@ diff -up openssl-1.0.0-beta3/Makefile.shared.mingw-libversion openssl-1.0.0-beta
- extras="$(LIBNAME).def"; \ - extras="$(LIBNAME).def"; \
- $(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \ - $(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
+ SHLIB=lib$(LIBNAME); \ + SHLIB=lib$(LIBNAME); \
base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \ base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
fi; \ fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \

13
openssl-1.0.2a-disable-sslv2v3.patch
View File

@ -1,13 +0,0 @@
diff -up openssl-1.0.2a/ssl/ssl_lib.c.v2v3 openssl-1.0.2a/ssl/ssl_lib.c
--- openssl-1.0.2a/ssl/ssl_lib.c.v2v3 2015-04-22 15:37:15.974345757 +0200
+++ openssl-1.0.2a/ssl/ssl_lib.c 2015-04-22 15:39:39.114782365 +0200
@@ -2048,6 +2048,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
return (ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);

12
openssl-1.0.2a-weak-ciphers.patch
View File

@ -1,12 +0,0 @@
diff -up openssl-1.0.2a/ssl/ssl.h.weak-ciphers openssl-1.0.2a/ssl/ssl.h
--- openssl-1.0.2a/ssl/ssl.h.weak-ciphers 2015-04-22 15:11:14.026574414 +0200
+++ openssl-1.0.2a/ssl/ssl.h 2015-04-22 15:14:51.302744713 +0200
@@ -338,7 +338,7 @@ extern "C" {
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!DES"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is

18
openssl-1.0.2g-disable-sslv2v3.patch Normal file
View File

@ -0,0 +1,18 @@
diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
+++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
/*
- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
- * explicitly clear this option via either of SSL_CTX_clear_options() or
+ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
+ * explicitly clear these options via either of SSL_CTX_clear_options() or
* SSL_clear_options().
*/
- ret->options |= SSL_OP_NO_SSLv2;
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
return (ret);
err:

51
openssl-1.0.2d-manfix.patch → openssl-1.0.2g-manfix.patch
View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.2a/doc/apps/ec.pod.manfix openssl-1.0.2a/doc/apps/ec.pod diff -up openssl-1.0.2g/doc/apps/ec.pod.manfix openssl-1.0.2g/doc/apps/ec.pod
--- openssl-1.0.2a/doc/apps/ec.pod.manfix 2015-01-20 13:33:36.000000000 +0100 --- openssl-1.0.2g/doc/apps/ec.pod.manfix 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2a/doc/apps/ec.pod 2015-04-21 17:39:20.084574580 +0200 +++ openssl-1.0.2g/doc/apps/ec.pod 2016-03-01 16:47:35.331568290 +0100
@@ -93,10 +93,6 @@ prints out the public, private key compo @@ -93,10 +93,6 @@ prints out the public, private key compo
this option prevents output of the encoded version of the key. this option prevents output of the encoded version of the key.
@ -12,9 +12,9 @@ diff -up openssl-1.0.2a/doc/apps/ec.pod.manfix openssl-1.0.2a/doc/apps/ec.pod
=item B<-pubin> =item B<-pubin>
by default a private key is read from the input file: with this option a by default a private key is read from the input file: with this option a
diff -up openssl-1.0.2a/doc/apps/openssl.pod.manfix openssl-1.0.2a/doc/apps/openssl.pod diff -up openssl-1.0.2g/doc/apps/openssl.pod.manfix openssl-1.0.2g/doc/apps/openssl.pod
--- openssl-1.0.2a/doc/apps/openssl.pod.manfix 2015-01-20 13:33:36.000000000 +0100 --- openssl-1.0.2g/doc/apps/openssl.pod.manfix 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2a/doc/apps/openssl.pod 2015-04-21 17:39:20.084574580 +0200 +++ openssl-1.0.2g/doc/apps/openssl.pod 2016-03-01 16:47:35.331568290 +0100
@@ -163,7 +163,7 @@ Create or examine a netscape certificate @@ -163,7 +163,7 @@ Create or examine a netscape certificate
Online Certificate Status Protocol utility. Online Certificate Status Protocol utility.
@ -45,10 +45,10 @@ diff -up openssl-1.0.2a/doc/apps/openssl.pod.manfix openssl-1.0.2a/doc/apps/open
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
diff -up openssl-1.0.2a/doc/apps/s_client.pod.manfix openssl-1.0.2a/doc/apps/s_client.pod diff -up openssl-1.0.2g/doc/apps/s_client.pod.manfix openssl-1.0.2g/doc/apps/s_client.pod
--- openssl-1.0.2a/doc/apps/s_client.pod.manfix 2015-04-21 17:39:20.085574603 +0200 --- openssl-1.0.2g/doc/apps/s_client.pod.manfix 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2a/doc/apps/s_client.pod 2015-04-21 17:41:00.215924162 +0200 +++ openssl-1.0.2g/doc/apps/s_client.pod 2016-03-01 16:47:35.358568902 +0100
@@ -34,6 +34,9 @@ B<openssl> B<s_client> @@ -35,6 +35,9 @@ B<openssl> B<s_client>
[B<-ssl2>] [B<-ssl2>]
[B<-ssl3>] [B<-ssl3>]
[B<-tls1>] [B<-tls1>]
@ -58,24 +58,33 @@ diff -up openssl-1.0.2a/doc/apps/s_client.pod.manfix openssl-1.0.2a/doc/apps/s_c
[B<-no_ssl2>] [B<-no_ssl2>]
[B<-no_ssl3>] [B<-no_ssl3>]
[B<-no_tls1>] [B<-no_tls1>]
@@ -200,7 +203,7 @@ Use the PSK key B<key> when using a PSK @@ -201,7 +204,7 @@ Use the PSK key B<key> when using a PSK
given as a hexadecimal number without leading 0x, for example -psk given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d. 1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
these options disable the use of certain SSL or TLS protocols. By default These options require or disable the use of the specified SSL or TLS protocols.
the initial handshake uses a method which should be compatible with all By default the initial handshake uses a I<version-flexible> method which will
diff -up openssl-1.0.2a/doc/apps/s_server.pod.manfix openssl-1.0.2a/doc/apps/s_server.pod diff -up openssl-1.0.2g/doc/apps/s_server.pod.manfix openssl-1.0.2g/doc/apps/s_server.pod
--- openssl-1.0.2a/doc/apps/s_server.pod.manfix 2015-03-19 14:30:36.000000000 +0100 --- openssl-1.0.2g/doc/apps/s_server.pod.manfix 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2a/doc/apps/s_server.pod 2015-04-21 17:39:20.085574603 +0200 +++ openssl-1.0.2g/doc/apps/s_server.pod 2016-03-01 16:47:35.359568925 +0100
@@ -212,7 +212,7 @@ Use the PSK key B<key> when using a PSK @@ -42,6 +42,8 @@ B<openssl> B<s_server>
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
[B<-no_ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
@@ -217,7 +219,7 @@ Use the PSK key B<key> when using a PSK
given as a hexadecimal number without leading 0x, for example -psk given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d. 1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
these options disable the use of certain SSL or TLS protocols. By default These options require or disable the use of the specified SSL or TLS protocols.
the initial handshake uses a method which should be compatible with all By default the initial handshake uses a I<version-flexible> method which will

598
openssl-1.0.2e-fips.patch → openssl-1.0.2h-fips.patch
View File

File diff suppressed because it is too large Load Diff

110
openssl-1.0.2c-trusted-first-doc.patch → openssl-1.0.2h-trusted-first-doc.patch
View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.2c/apps/cms.c.trusted-first openssl-1.0.2c/apps/cms.c diff -up openssl-1.0.2h/apps/cms.c.trusted-first openssl-1.0.2h/apps/cms.c
--- openssl-1.0.2c/apps/cms.c.trusted-first 2015-06-15 17:45:13.112279761 +0200 --- openssl-1.0.2h/apps/cms.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/apps/cms.c 2015-06-15 17:46:11.045611575 +0200 +++ openssl-1.0.2h/apps/cms.c 2016-05-03 18:01:16.729556976 +0200
@@ -646,6 +646,8 @@ int MAIN(int argc, char **argv) @@ -646,6 +646,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n"); "-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
@ -10,10 +10,10 @@ diff -up openssl-1.0.2c/apps/cms.c.trusted-first openssl-1.0.2c/apps/cms.c
"-no_alt_chains only ever use the first certificate chain found\n"); "-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n"); "-crl_check check revocation status of signer's certificate using CRLs\n");
diff -up openssl-1.0.2c/apps/ocsp.c.trusted-first openssl-1.0.2c/apps/ocsp.c diff -up openssl-1.0.2h/apps/ocsp.c.trusted-first openssl-1.0.2h/apps/ocsp.c
--- openssl-1.0.2c/apps/ocsp.c.trusted-first 2015-06-15 17:45:13.112279761 +0200 --- openssl-1.0.2h/apps/ocsp.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/apps/ocsp.c 2015-06-15 17:46:31.898090948 +0200 +++ openssl-1.0.2h/apps/ocsp.c 2016-05-03 18:01:16.730556998 +0200
@@ -536,6 +536,8 @@ int MAIN(int argc, char **argv) @@ -537,6 +537,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, BIO_printf(bio_err,
"-CAfile file trusted certificates file\n"); "-CAfile file trusted certificates file\n");
BIO_printf(bio_err, BIO_printf(bio_err,
@ -22,9 +22,9 @@ diff -up openssl-1.0.2c/apps/ocsp.c.trusted-first openssl-1.0.2c/apps/ocsp.c
"-no_alt_chains only ever use the first certificate chain found\n"); "-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-VAfile file validator certificates file\n"); "-VAfile file validator certificates file\n");
diff -up openssl-1.0.2c/apps/s_client.c.trusted-first openssl-1.0.2c/apps/s_client.c diff -up openssl-1.0.2h/apps/s_client.c.trusted-first openssl-1.0.2h/apps/s_client.c
--- openssl-1.0.2c/apps/s_client.c.trusted-first 2015-06-15 17:45:13.113279784 +0200 --- openssl-1.0.2h/apps/s_client.c.trusted-first 2016-05-03 18:01:16.696556246 +0200
+++ openssl-1.0.2c/apps/s_client.c 2015-06-15 17:47:05.645866767 +0200 +++ openssl-1.0.2h/apps/s_client.c 2016-05-03 18:01:16.730556998 +0200
@@ -333,6 +333,8 @@ static void sc_usage(void) @@ -333,6 +333,8 @@ static void sc_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
@ -34,9 +34,9 @@ diff -up openssl-1.0.2c/apps/s_client.c.trusted-first openssl-1.0.2c/apps/s_clie
" -no_alt_chains - only ever use the first certificate chain found\n"); " -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
" -reconnect - Drop and re-make the connection with the same Session-ID\n"); " -reconnect - Drop and re-make the connection with the same Session-ID\n");
diff -up openssl-1.0.2c/apps/smime.c.trusted-first openssl-1.0.2c/apps/smime.c diff -up openssl-1.0.2h/apps/smime.c.trusted-first openssl-1.0.2h/apps/smime.c
--- openssl-1.0.2c/apps/smime.c.trusted-first 2015-06-15 17:45:13.113279784 +0200 --- openssl-1.0.2h/apps/smime.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/apps/smime.c 2015-06-15 17:47:39.090635621 +0200 +++ openssl-1.0.2h/apps/smime.c 2016-05-03 18:01:16.730556998 +0200
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv) @@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n"); "-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
@ -46,10 +46,10 @@ diff -up openssl-1.0.2c/apps/smime.c.trusted-first openssl-1.0.2c/apps/smime.c
"-no_alt_chains only ever use the first certificate chain found\n"); "-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n"); "-crl_check check revocation status of signer's certificate using CRLs\n");
diff -up openssl-1.0.2c/apps/s_server.c.trusted-first openssl-1.0.2c/apps/s_server.c diff -up openssl-1.0.2h/apps/s_server.c.trusted-first openssl-1.0.2h/apps/s_server.c
--- openssl-1.0.2c/apps/s_server.c.trusted-first 2015-06-15 17:45:13.114279807 +0200 --- openssl-1.0.2h/apps/s_server.c.trusted-first 2016-05-03 18:01:16.666555583 +0200
+++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:47:24.841308046 +0200 +++ openssl-1.0.2h/apps/s_server.c 2016-05-03 18:01:16.731557020 +0200
@@ -572,6 +572,8 @@ static void sv_usage(void) @@ -578,6 +578,8 @@ static void sv_usage(void)
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err, BIO_printf(bio_err,
@ -58,9 +58,9 @@ diff -up openssl-1.0.2c/apps/s_server.c.trusted-first openssl-1.0.2c/apps/s_serv
" -no_alt_chains - only ever use the first certificate chain found\n"); " -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
" -nocert - Don't use any certificates (Anon-DH)\n"); " -nocert - Don't use any certificates (Anon-DH)\n");
diff -up openssl-1.0.2c/apps/s_time.c.trusted-first openssl-1.0.2c/apps/s_time.c diff -up openssl-1.0.2h/apps/s_time.c.trusted-first openssl-1.0.2h/apps/s_time.c
--- openssl-1.0.2c/apps/s_time.c.trusted-first 2015-06-15 17:45:13.010277416 +0200 --- openssl-1.0.2h/apps/s_time.c.trusted-first 2016-05-03 18:01:16.661555472 +0200
+++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:45:13.114279807 +0200 +++ openssl-1.0.2h/apps/s_time.c 2016-05-03 18:01:16.731557020 +0200
@@ -182,6 +182,7 @@ static void s_time_usage(void) @@ -182,6 +182,7 @@ static void s_time_usage(void)
file if not specified by this option\n\ file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\ -CApath arg - PEM format directory of CA's\n\
@ -69,9 +69,9 @@ diff -up openssl-1.0.2c/apps/s_time.c.trusted-first openssl-1.0.2c/apps/s_time.c
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf("usage: s_time <args>\n\n"); printf("usage: s_time <args>\n\n");
diff -up openssl-1.0.2c/apps/ts.c.trusted-first openssl-1.0.2c/apps/ts.c diff -up openssl-1.0.2h/apps/ts.c.trusted-first openssl-1.0.2h/apps/ts.c
--- openssl-1.0.2c/apps/ts.c.trusted-first 2015-06-15 17:45:13.065278681 +0200 --- openssl-1.0.2h/apps/ts.c.trusted-first 2016-05-03 18:01:16.694556202 +0200
+++ openssl-1.0.2c/apps/ts.c 2015-06-15 17:45:13.114279807 +0200 +++ openssl-1.0.2h/apps/ts.c 2016-05-03 18:01:16.731557020 +0200
@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv) @@ -352,7 +352,7 @@ int MAIN(int argc, char **argv)
"ts -verify [-data file_to_hash] [-digest digest_bytes] " "ts -verify [-data file_to_hash] [-digest digest_bytes] "
"[-queryfile request.tsq] " "[-queryfile request.tsq] "
@ -81,9 +81,9 @@ diff -up openssl-1.0.2c/apps/ts.c.trusted-first openssl-1.0.2c/apps/ts.c
"-untrusted cert_file.pem\n"); "-untrusted cert_file.pem\n");
cleanup: cleanup:
/* Clean up. */ /* Clean up. */
diff -up openssl-1.0.2c/apps/verify.c.trusted-first openssl-1.0.2c/apps/verify.c diff -up openssl-1.0.2h/apps/verify.c.trusted-first openssl-1.0.2h/apps/verify.c
--- openssl-1.0.2c/apps/verify.c.trusted-first 2015-06-15 17:45:13.114279807 +0200 --- openssl-1.0.2h/apps/verify.c.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/apps/verify.c 2015-06-15 17:48:03.979207778 +0200 +++ openssl-1.0.2h/apps/verify.c 2016-05-03 18:01:16.731557020 +0200
@@ -231,7 +231,7 @@ int MAIN(int argc, char **argv) @@ -231,7 +231,7 @@ int MAIN(int argc, char **argv)
end: end:
if (ret == 1) { if (ret == 1) {
@ -93,9 +93,9 @@ diff -up openssl-1.0.2c/apps/verify.c.trusted-first openssl-1.0.2c/apps/verify.c
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]"); BIO_printf(bio_err, " [-engine e]");
diff -up openssl-1.0.2c/doc/apps/cms.pod.trusted-first openssl-1.0.2c/doc/apps/cms.pod diff -up openssl-1.0.2h/doc/apps/cms.pod.trusted-first openssl-1.0.2h/doc/apps/cms.pod
--- openssl-1.0.2c/doc/apps/cms.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200 --- openssl-1.0.2h/doc/apps/cms.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/doc/apps/cms.pod 2015-06-15 17:48:43.615118958 +0200 +++ openssl-1.0.2h/doc/apps/cms.pod 2016-05-03 18:01:16.731557020 +0200
@@ -35,6 +35,7 @@ B<openssl> B<cms> @@ -35,6 +35,7 @@ B<openssl> B<cms>
[B<-print>] [B<-print>]
[B<-CAfile file>] [B<-CAfile file>]
@ -117,19 +117,17 @@ diff -up openssl-1.0.2c/doc/apps/cms.pod.trusted-first openssl-1.0.2c/doc/apps/c
=item B<-md digest> =item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first openssl-1.0.2c/doc/apps/ocsp.pod diff -up openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first openssl-1.0.2h/doc/apps/ocsp.pod
--- openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first 2015-06-15 17:45:13.115279830 +0200 --- openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first 2016-05-03 18:01:16.695556224 +0200
+++ openssl-1.0.2c/doc/apps/ocsp.pod 2015-06-15 17:49:06.337641320 +0200 +++ openssl-1.0.2h/doc/apps/ocsp.pod 2016-05-03 18:02:16.021868012 +0200
@@ -29,7 +29,8 @@ B<openssl> B<ocsp> @@ -29,6 +29,7 @@ B<openssl> B<ocsp>
[B<-path>] [B<-path>]
[B<-CApath dir>] [B<-CApath dir>]
[B<-CAfile file>] [B<-CAfile file>]
-[B<-no_alt_chains>]]
+[B<-trusted_first>] +[B<-trusted_first>]
+[B<-no_alt_chains>] [B<-no_alt_chains>]
[B<-VAfile file>] [B<-VAfile file>]
[B<-validity_period n>] [B<-validity_period n>]
[B<-status_age n>]
@@ -144,6 +145,13 @@ connection timeout to the OCSP responder @@ -144,6 +145,13 @@ connection timeout to the OCSP responder
file or pathname containing trusted CA certificates. These are used to verify file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response. the signature on the OCSP response.
@ -144,9 +142,9 @@ diff -up openssl-1.0.2c/doc/apps/ocsp.pod.trusted-first openssl-1.0.2c/doc/apps/
=item B<-no_alt_chains> =item B<-no_alt_chains>
See L<B<verify>|verify(1)> manual page for details. See L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.2c/doc/apps/s_client.pod.trusted-first openssl-1.0.2c/doc/apps/s_client.pod diff -up openssl-1.0.2h/doc/apps/s_client.pod.trusted-first openssl-1.0.2h/doc/apps/s_client.pod
--- openssl-1.0.2c/doc/apps/s_client.pod.trusted-first 2015-06-15 17:45:13.115279830 +0200 --- openssl-1.0.2h/doc/apps/s_client.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200
+++ openssl-1.0.2c/doc/apps/s_client.pod 2015-06-15 17:49:23.984046989 +0200 +++ openssl-1.0.2h/doc/apps/s_client.pod 2016-05-03 18:01:16.732557042 +0200
@@ -19,6 +19,7 @@ B<openssl> B<s_client> @@ -19,6 +19,7 @@ B<openssl> B<s_client>
[B<-pass arg>] [B<-pass arg>]
[B<-CApath directory>] [B<-CApath directory>]
@ -164,9 +162,9 @@ diff -up openssl-1.0.2c/doc/apps/s_client.pod.trusted-first openssl-1.0.2c/doc/a
Set various certificate chain valiadition option. See the Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details. L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.2c/doc/apps/smime.pod.trusted-first openssl-1.0.2c/doc/apps/smime.pod diff -up openssl-1.0.2h/doc/apps/smime.pod.trusted-first openssl-1.0.2h/doc/apps/smime.pod
--- openssl-1.0.2c/doc/apps/smime.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200 --- openssl-1.0.2h/doc/apps/smime.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/doc/apps/smime.pod 2015-06-15 17:50:00.856894648 +0200 +++ openssl-1.0.2h/doc/apps/smime.pod 2016-05-03 18:01:16.732557042 +0200
@@ -15,6 +15,9 @@ B<openssl> B<smime> @@ -15,6 +15,9 @@ B<openssl> B<smime>
[B<-pk7out>] [B<-pk7out>]
[B<-[cipher]>] [B<-[cipher]>]
@ -190,9 +188,9 @@ diff -up openssl-1.0.2c/doc/apps/smime.pod.trusted-first openssl-1.0.2c/doc/apps
=item B<-md digest> =item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/apps/s_server.pod diff -up openssl-1.0.2h/doc/apps/s_server.pod.trusted-first openssl-1.0.2h/doc/apps/s_server.pod
--- openssl-1.0.2c/doc/apps/s_server.pod.trusted-first 2015-06-15 17:45:13.116279853 +0200 --- openssl-1.0.2h/doc/apps/s_server.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200
+++ openssl-1.0.2c/doc/apps/s_server.pod 2015-06-15 17:49:37.420355873 +0200 +++ openssl-1.0.2h/doc/apps/s_server.pod 2016-05-03 18:01:16.732557042 +0200
@@ -33,6 +33,7 @@ B<openssl> B<s_server> @@ -33,6 +33,7 @@ B<openssl> B<s_server>
[B<-state>] [B<-state>]
[B<-CApath directory>] [B<-CApath directory>]
@ -201,7 +199,7 @@ diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/a
[B<-no_alt_chains>] [B<-no_alt_chains>]
[B<-nocert>] [B<-nocert>]
[B<-cipher cipherlist>] [B<-cipher cipherlist>]
@@ -175,6 +176,12 @@ and to use when attempting to build the @@ -177,6 +178,12 @@ and to use when attempting to build the
is also used in the list of acceptable client CAs passed to the client when is also used in the list of acceptable client CAs passed to the client when
a certificate is requested. a certificate is requested.
@ -214,9 +212,9 @@ diff -up openssl-1.0.2c/doc/apps/s_server.pod.trusted-first openssl-1.0.2c/doc/a
=item B<-no_alt_chains> =item B<-no_alt_chains>
See the L<B<verify>|verify(1)> manual page for details. See the L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.2c/doc/apps/s_time.pod.trusted-first openssl-1.0.2c/doc/apps/s_time.pod diff -up openssl-1.0.2h/doc/apps/s_time.pod.trusted-first openssl-1.0.2h/doc/apps/s_time.pod
--- openssl-1.0.2c/doc/apps/s_time.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200 --- openssl-1.0.2h/doc/apps/s_time.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/doc/apps/s_time.pod 2015-06-15 17:45:13.116279853 +0200 +++ openssl-1.0.2h/doc/apps/s_time.pod 2016-05-03 18:01:16.732557042 +0200
@@ -14,6 +14,7 @@ B<openssl> B<s_time> @@ -14,6 +14,7 @@ B<openssl> B<s_time>
[B<-key filename>] [B<-key filename>]
[B<-CApath directory>] [B<-CApath directory>]
@ -238,9 +236,9 @@ diff -up openssl-1.0.2c/doc/apps/s_time.pod.trusted-first openssl-1.0.2c/doc/app
=item B<-new> =item B<-new>
performs the timing test using a new session ID for each connection. performs the timing test using a new session ID for each connection.
diff -up openssl-1.0.2c/doc/apps/ts.pod.trusted-first openssl-1.0.2c/doc/apps/ts.pod diff -up openssl-1.0.2h/doc/apps/ts.pod.trusted-first openssl-1.0.2h/doc/apps/ts.pod
--- openssl-1.0.2c/doc/apps/ts.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200 --- openssl-1.0.2h/doc/apps/ts.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/doc/apps/ts.pod 2015-06-15 17:45:13.116279853 +0200 +++ openssl-1.0.2h/doc/apps/ts.pod 2016-05-03 18:01:16.732557042 +0200
@@ -46,6 +46,7 @@ B<-verify> @@ -46,6 +46,7 @@ B<-verify>
[B<-token_in>] [B<-token_in>]
[B<-CApath> trusted_cert_path] [B<-CApath> trusted_cert_path]
@ -262,9 +260,9 @@ diff -up openssl-1.0.2c/doc/apps/ts.pod.trusted-first openssl-1.0.2c/doc/apps/ts
=item B<-untrusted> cert_file.pem =item B<-untrusted> cert_file.pem
Set of additional untrusted certificates in PEM format which may be Set of additional untrusted certificates in PEM format which may be
diff -up openssl-1.0.2c/doc/apps/verify.pod.trusted-first openssl-1.0.2c/doc/apps/verify.pod diff -up openssl-1.0.2h/doc/apps/verify.pod.trusted-first openssl-1.0.2h/doc/apps/verify.pod
--- openssl-1.0.2c/doc/apps/verify.pod.trusted-first 2015-06-12 16:51:21.000000000 +0200 --- openssl-1.0.2h/doc/apps/verify.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200
+++ openssl-1.0.2c/doc/apps/verify.pod 2015-06-15 17:45:13.116279853 +0200 +++ openssl-1.0.2h/doc/apps/verify.pod 2016-05-03 18:01:16.732557042 +0200
@@ -9,6 +9,7 @@ verify - Utility to verify certificates. @@ -9,6 +9,7 @@ verify - Utility to verify certificates.
B<openssl> B<verify> B<openssl> B<verify>
[B<-CApath directory>] [B<-CApath directory>]
@ -273,7 +271,7 @@ diff -up openssl-1.0.2c/doc/apps/verify.pod.trusted-first openssl-1.0.2c/doc/app
[B<-purpose purpose>] [B<-purpose purpose>]
[B<-policy arg>] [B<-policy arg>]
[B<-ignore_critical>] [B<-ignore_critical>]
@@ -79,6 +80,12 @@ If a valid CRL cannot be found an error @@ -85,6 +86,12 @@ If a valid CRL cannot be found an error
A file of untrusted certificates. The file should contain multiple certificates A file of untrusted certificates. The file should contain multiple certificates
in PEM format concatenated together. in PEM format concatenated together.

2
sources
View File

@ -1 +1 @@
e9d29bc1688f65fcb9d1b564d53d6f13 openssl-1.0.2f-hobbled.tar.xz 020793e7b8901a1ac62d38f3a77f9a0c openssl-1.0.2h-hobbled.tar.xz