diff --git a/openssl-0.9.8b-x509-name-cmp.patch b/openssl-0.9.8b-x509-name-cmp.patch index b10f6e0..c7e8848 100644 --- a/openssl-0.9.8b-x509-name-cmp.patch +++ b/openssl-0.9.8b-x509-name-cmp.patch @@ -1,21 +1,18 @@ -Make X509_NAME_cmp transitive. --- openssl-0.9.8b/crypto/x509/x509_cmp.c.name-cmp 2004-12-01 02:45:30.000000000 +0100 -+++ openssl-0.9.8b/crypto/x509/x509_cmp.c 2006-11-23 21:21:40.000000000 +0100 -@@ -287,7 +287,16 @@ - nbbit = ASN1_tag2bit(nb->value->type); - if (!(nabit & STR_TYPE_CMP) || - !(nbbit & STR_TYPE_CMP)) ++++ openssl-0.9.8b/crypto/x509/x509_cmp.c 2006-11-30 23:37:26.000000000 +0100 +@@ -282,14 +282,7 @@ + nb=sk_X509_NAME_ENTRY_value(b->entries,i); + j=na->value->type-nb->value->type; + if (j) +- { +- nabit = ASN1_tag2bit(na->value->type); +- nbbit = ASN1_tag2bit(nb->value->type); +- if (!(nabit & STR_TYPE_CMP) || +- !(nbbit & STR_TYPE_CMP)) - return j; -+ { -+ if (!(nabit & STR_TYPE_CMP) && -+ (nbbit & STR_TYPE_CMP)) -+ return -1; -+ else if ((nabit & STR_TYPE_CMP) && -+ !(nbbit & STR_TYPE_CMP)) -+ return 1; -+ else -+ return j; -+ } - j = asn1_string_memcmp(na->value, nb->value); - } +- j = asn1_string_memcmp(na->value, nb->value); +- } ++ return j; else if (na->value->type == V_ASN1_PRINTABLESTRING) + j=nocase_spacenorm_cmp(na->value, nb->value); + else if (na->value->type == V_ASN1_IA5STRING diff --git a/openssl.spec b/openssl.spec index 1eb1e5f..b1db21e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: The OpenSSL toolkit Name: openssl Version: 0.9.8b -Release: 10%{?dist} +Release: 11%{?dist} Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -367,6 +367,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint %postun -p /sbin/ldconfig %changelog +* Thu Nov 30 2006 Tomas Mraz 0.9.8b-11 +- the previous change still didn't make X509_NAME_cmp transitive + * Thu Nov 23 2006 Tomas Mraz 0.9.8b-10 - make X509_NAME_cmp transitive otherwise certificate lookup is broken (#216050)