diff --git a/openssl-1.0.1e-manfix.patch b/openssl-1.0.1e-manfix.patch index 05b0df7..038653a 100644 --- a/openssl-1.0.1e-manfix.patch +++ b/openssl-1.0.1e-manfix.patch @@ -1,6 +1,6 @@ diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod --- openssl-1.0.1e/doc/apps/cms.pod.manfix 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/doc/apps/cms.pod 2013-08-16 16:02:17.542089270 +0200 ++++ openssl-1.0.1e/doc/apps/cms.pod 2013-09-12 10:20:05.335913508 +0200 @@ -450,28 +450,28 @@ remains DER. =over 4 @@ -38,7 +38,7 @@ diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod the signers certificates. diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod --- openssl-1.0.1e/doc/apps/ec.pod.manfix 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/doc/apps/ec.pod 2013-08-16 16:02:17.542089270 +0200 ++++ openssl-1.0.1e/doc/apps/ec.pod 2013-09-12 10:20:05.335913508 +0200 @@ -93,10 +93,6 @@ prints out the public, private key compo this option prevents output of the encoded version of the key. @@ -52,7 +52,7 @@ diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod by default a private key is read from the input file: with this option a diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/openssl.pod --- openssl-1.0.1e/doc/apps/openssl.pod.manfix 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/doc/apps/openssl.pod 2013-08-16 16:02:17.542089270 +0200 ++++ openssl-1.0.1e/doc/apps/openssl.pod 2013-09-12 10:20:05.336913530 +0200 @@ -163,7 +163,7 @@ Create or examine a netscape certificate Online Certificate Status Protocol utility. @@ -84,8 +84,8 @@ diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/open L, L, L, L, diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_client.pod ---- openssl-1.0.1e/doc/apps/s_client.pod.manfix 2013-08-16 16:02:17.434086891 +0200 -+++ openssl-1.0.1e/doc/apps/s_client.pod 2013-08-16 16:02:17.543089292 +0200 +--- openssl-1.0.1e/doc/apps/s_client.pod.manfix 2013-09-12 10:20:05.249911624 +0200 ++++ openssl-1.0.1e/doc/apps/s_client.pod 2013-09-12 10:20:36.809602904 +0200 @@ -32,9 +32,14 @@ B B [B<-ssl2>] [B<-ssl3>] @@ -101,7 +101,15 @@ diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_c [B<-bugs>] [B<-cipher cipherlist>] [B<-starttls protocol>] -@@ -182,7 +187,7 @@ Use the PSK key B when using a PSK +@@ -44,6 +49,7 @@ B B + [B<-sess_out filename>] + [B<-sess_in filename>] + [B<-rand file(s)>] ++[B<-nextprotoneg protocols>] + + =head1 DESCRIPTION + +@@ -182,7 +188,7 @@ Use the PSK key B when using a PSK given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. @@ -110,9 +118,27 @@ diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_c these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all +@@ -243,6 +249,17 @@ Multiple files can be specified separate + The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for + all others. + ++=item B<-nextprotoneg protocols> ++ ++enable Next Protocol Negotiation TLS extension and provide a list of ++comma-separated protocol names that the client should advertise ++support for. The list should contain most wanted protocols first. ++Protocol names are printable ASCII strings, for example "http/1.1" or ++"spdy/3". ++Empty list of protocols is treated specially and will cause the client to ++advertise support for the TLS extension but disconnect just after ++reciving ServerHello with a list of server supported protocols. ++ + =back + + =head1 CONNECTED COMMANDS diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.pod --- openssl-1.0.1e/doc/apps/smime.pod.manfix 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/doc/apps/smime.pod 2013-08-16 16:02:17.543089292 +0200 ++++ openssl-1.0.1e/doc/apps/smime.pod 2013-09-12 10:20:05.337913552 +0200 @@ -308,28 +308,28 @@ remains DER. =over 4 @@ -150,7 +176,7 @@ diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime. the signers certificates. diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_server.pod --- openssl-1.0.1e/doc/apps/s_server.pod.manfix 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/doc/apps/s_server.pod 2013-08-16 16:03:56.711273036 +0200 ++++ openssl-1.0.1e/doc/apps/s_server.pod 2013-09-12 10:20:50.295898319 +0200 @@ -40,10 +40,16 @@ B B [B<-ssl2>] [B<-ssl3>] @@ -168,7 +194,15 @@ diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_s [B<-bugs>] [B<-hack>] [B<-www>] -@@ -131,6 +137,10 @@ a static set of parameters hard coded in +@@ -54,6 +60,7 @@ B B + [B<-no_ticket>] + [B<-id_prefix arg>] + [B<-rand file(s)>] ++[B<-nextprotoneg protocols>] + + =head1 DESCRIPTION + +@@ -131,6 +138,10 @@ a static set of parameters hard coded in if this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites. @@ -179,7 +213,7 @@ diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_s =item B<-no_tmp_rsa> certain export cipher suites sometimes use a temporary RSA key, this option -@@ -201,7 +211,7 @@ Use the PSK key B when using a PSK +@@ -201,7 +212,7 @@ Use the PSK key B when using a PSK given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. @@ -188,9 +222,24 @@ diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_s these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all +@@ -276,6 +287,14 @@ Multiple files can be specified separate + The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for + all others. + ++=item B<-nextprotoneg protocols> ++ ++enable Next Protocol Negotiation TLS extension and provide a ++comma-separated list of supported protocol names. ++The list should contain most wanted protocols first. ++Protocol names are printable ASCII strings, for example "http/1.1" or ++"spdy/3". ++ + =back + + =head1 CONNECTED COMMANDS diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL_accept.pod ---- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix 2013-08-16 16:02:17.534089094 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-08-16 16:02:17.544089314 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix 2013-09-12 10:20:05.329913377 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-09-12 10:20:05.337913552 +0200 @@ -44,13 +44,13 @@ The following return values can occur: =over 4 @@ -209,7 +258,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL established. diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_clear.pod --- openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-08-16 16:02:17.544089314 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-09-12 10:20:05.337913552 +0200 @@ -56,12 +56,12 @@ The following return values can occur: =over 4 @@ -226,8 +275,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_ The SSL_clear() operation was successful. diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix 2013-08-16 16:02:17.486088037 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-08-16 16:02:17.544089314 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix 2013-09-12 10:20:05.299912720 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-09-12 10:20:05.338913574 +0200 @@ -60,11 +60,11 @@ SSL_COMP_add_compression_method() may re =over 4 @@ -243,8 +292,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix opens The operation failed. Check the error queue to find out the reason. diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SSL_connect.pod ---- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix 2013-08-16 16:02:17.535089116 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-08-16 16:02:17.545089336 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix 2013-09-12 10:20:05.329913377 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-09-12 10:20:05.338913574 +0200 @@ -41,13 +41,13 @@ The following return values can occur: =over 4 @@ -263,7 +312,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SS established. diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod --- openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-08-16 16:02:17.545089336 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-09-12 10:20:05.338913574 +0200 @@ -52,13 +52,13 @@ The following values are returned by all =over 4 @@ -282,7 +331,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/do diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod --- openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-08-16 16:02:17.545089336 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-09-12 10:20:05.338913574 +0200 @@ -100,13 +100,13 @@ The following return values can occur: =over 4 @@ -300,8 +349,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl The operation succeeded. diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod ---- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix 2013-08-16 16:02:17.535089116 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-08-16 16:02:17.545089336 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix 2013-09-12 10:20:05.330913399 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-09-12 10:20:05.339913596 +0200 @@ -66,13 +66,13 @@ values: =over 4 @@ -320,7 +369,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1. diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod --- openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-08-16 16:02:17.546089358 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-09-12 10:20:05.339913596 +0200 @@ -64,13 +64,13 @@ return the following values: =over 4 @@ -339,7 +388,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openss diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod --- openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-08-16 16:02:17.546089358 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-09-12 10:20:05.339913596 +0200 @@ -42,11 +42,11 @@ and SSL_set_ssl_method(): =over 4 @@ -355,8 +404,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1 The operation succeeded. diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod ---- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix 2013-08-16 16:02:17.535089116 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-08-16 16:02:17.546089358 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix 2013-09-12 10:20:05.330913399 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-09-12 10:20:05.339913596 +0200 @@ -96,7 +96,7 @@ data to B and return the length of connection will fail with decryption_error before it will be finished completely. @@ -367,8 +416,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod ---- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix 2013-08-16 16:02:17.536089138 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-08-16 16:02:17.546089358 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix 2013-09-12 10:20:05.330913399 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-09-12 10:20:05.340913618 +0200 @@ -45,13 +45,13 @@ The following return values can occur: =over 4 @@ -387,7 +436,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/s established. diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_read.pod --- openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-08-16 16:02:17.547089380 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-09-12 10:20:05.340913618 +0200 @@ -86,7 +86,7 @@ The following return values can occur: The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection. @@ -399,7 +448,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_r shutdown due to a "close notify" alert sent by the peer (in which case diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc/ssl/SSL_session_reused.pod --- openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-08-16 16:02:17.547089380 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-09-12 10:20:05.340913618 +0200 @@ -27,11 +27,11 @@ The following return values can occur: =over 4 @@ -416,7 +465,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_fd.pod --- openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-08-16 16:02:17.547089380 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-09-12 10:20:05.341913640 +0200 @@ -35,11 +35,11 @@ The following return values can occur: =over 4 @@ -433,7 +482,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_session.pod --- openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-08-16 16:02:17.547089380 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-09-12 10:20:05.341913640 +0200 @@ -37,11 +37,11 @@ The following return values can occur: =over 4 @@ -449,8 +498,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ss The operation succeeded. diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/SSL_shutdown.pod ---- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix 2013-08-16 16:02:17.536089138 +0200 -+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-08-16 16:02:17.548089402 +0200 +--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix 2013-09-12 10:20:05.330913399 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-09-12 10:20:05.341913640 +0200 @@ -92,14 +92,14 @@ The following return values can occur: =over 4 @@ -470,7 +519,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/S and the peer's "close notify" alert was received. diff -up openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix openssl-1.0.1e/doc/ssl/SSL_write.pod --- openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-08-16 16:02:17.548089402 +0200 ++++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-09-12 10:20:05.341913640 +0200 @@ -79,7 +79,7 @@ The following return values can occur: The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection. diff --git a/openssl.spec b/openssl.spec index be94653..2dd6833 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.1e -Release: 20%{?dist} +Release: 21%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -471,6 +471,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || : %changelog +* Thu Sep 12 2013 Tomáš Mráz 1.0.1e-21 +- document the nextprotoneg option in manual pages + original patch by Hubert Kario + * Wed Sep 4 2013 Tomas Mraz 1.0.1e-20 - try to avoid some races when updating the -fips subpackage