Update to 1.78
- New upstream release 1.78 - Fixed broken (since 1.75) OCSP code and tests
This commit is contained in:
Paul Howarth
parent
78424dc1fa
commit
a218f8cfda
@ -1,122 +0,0 @@
|
||||
Index: SSLeay.xs
|
||||
===================================================================
|
||||
--- SSLeay.xs (revision 477)
|
||||
+++ SSLeay.xs (working copy)
|
||||
@@ -6011,7 +6011,7 @@
|
||||
X509 *issuer;
|
||||
X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
|
||||
if ( (issuer = find_issuer(last,store,chain))) {
|
||||
- OCSP_basic_add1_cert(bsr, X509_dup(issuer));
|
||||
+ OCSP_basic_add1_cert(bsr, issuer);
|
||||
TRACE(1,"run OCSP_basic_verify with issuer for last chain element");
|
||||
RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
|
||||
}
|
||||
@@ -6058,11 +6058,8 @@
|
||||
goto end;
|
||||
}
|
||||
int first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */
|
||||
- if (first >= 0)
|
||||
- {
|
||||
- sir = OCSP_resp_get0(bsr,first);
|
||||
- break;
|
||||
- }
|
||||
+ if (first >= 0)
|
||||
+ sir = OCSP_resp_get0(bsr,first);
|
||||
}
|
||||
|
||||
int status, revocationReason;
|
||||
@@ -6073,7 +6070,8 @@
|
||||
status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate);
|
||||
#else
|
||||
status = sir->certStatus->type;
|
||||
- revocationTime = sir->certStatus->value.revoked->revocationTime;
|
||||
+ if (status == V_OCSP_CERTSTATUS_REVOKED)
|
||||
+ revocationTime = sir->certStatus->value.revoked->revocationTime;
|
||||
thisupdate = sir->thisUpdate;
|
||||
nextupdate = sir->nextUpdate;
|
||||
#endif
|
||||
Index: t/external/ocsp.t
|
||||
===================================================================
|
||||
--- t/external/ocsp.t (revision 477)
|
||||
+++ t/external/ocsp.t (working copy)
|
||||
@@ -14,17 +14,17 @@
|
||||
my @tests = (
|
||||
{
|
||||
# this should give us OCSP stapling
|
||||
- host => 'www.live.com',
|
||||
+ host => 'www.microsoft.com',
|
||||
port => 443,
|
||||
- fingerprint => '10c56ee9e2acaf2e77caeb7072bf6522dd7422b8',
|
||||
+ fingerprint => '5f0b37e633840ca02468552ea3b1197e5e118f7b',
|
||||
ocsp_staple => 1,
|
||||
expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(),
|
||||
},
|
||||
{
|
||||
- # no OCSP stapling yet
|
||||
- host => 'www.google.com',
|
||||
+ # no OCSP stapling
|
||||
+ host => 'www.spiegel.de',
|
||||
port => 443,
|
||||
- fingerprint => '007a5ab302f14446e2ea24d3a829de22ba1bf950',
|
||||
+ fingerprint => 'ad737048455485d8c817b7d0f7403553a7b9f65b',
|
||||
expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(),
|
||||
},
|
||||
{
|
||||
@@ -31,12 +31,13 @@
|
||||
# this is revoked
|
||||
host => 'revoked.grc.com',
|
||||
port => 443,
|
||||
- fingerprint => '34703c40093461ad3ce087e161c7b7f42abe770c',
|
||||
+ fingerprint => '310665f4c8e78db761c764e798dca66047341264',
|
||||
expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_REVOKED(),
|
||||
},
|
||||
);
|
||||
|
||||
-plan tests => 0+@tests;
|
||||
+my $release_tests = $ENV{RELEASE_TESTING} ? 1:0;
|
||||
+plan tests => $release_tests + @tests;
|
||||
|
||||
|
||||
my $timeout = 10; # used to TCP connect and SSL connect
|
||||
@@ -50,6 +51,7 @@
|
||||
|
||||
TEST:
|
||||
|
||||
+my @fp_mismatch;
|
||||
for my $test (@tests) {
|
||||
my $cleanup = __cleanup__->new;
|
||||
SKIP: {
|
||||
@@ -114,8 +116,11 @@
|
||||
my $fp = $leaf_cert
|
||||
&& unpack("H*",Net::SSLeay::X509_digest($leaf_cert,$sha1));
|
||||
skip "could not get fingerprint",1 if !$fp;
|
||||
- skip "bad fingerprint $fp for $test->{host}:$test->{port}",1
|
||||
- if $fp ne $test->{fingerprint};
|
||||
+ if ($fp ne $test->{fingerprint}) {
|
||||
+ push @fp_mismatch, [ $fp,$test ];
|
||||
+ skip("bad fingerprint for $test->{host}:$test->{port} -".
|
||||
+ " expected $test->{fingerprint}, got $fp",1)
|
||||
+ }
|
||||
diag("fingerprint matches");
|
||||
|
||||
if ( $test->{ocsp_staple} && ! $stapled_response ) {
|
||||
@@ -225,6 +230,19 @@
|
||||
}
|
||||
}
|
||||
|
||||
+if ($release_tests) {
|
||||
+ if (!@fp_mismatch) {
|
||||
+ pass("all fingerprints matched");
|
||||
+ } else {
|
||||
+ for(@fp_mismatch) {
|
||||
+ my ($fp,$test) = @$_;
|
||||
+ diag("fingerprint mismatch for $test->{host}:$test->{port} -".
|
||||
+ " expected $test->{fingerprint}, got $fp")
|
||||
+ }
|
||||
+ fail("some fingerprints did not matched - please adjust test");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
{
|
||||
# cleanup stuff when going out of scope
|
||||
package __cleanup__;
|
||||
@ -2,14 +2,13 @@
|
||||
%global rpm49 %(rpm --version | perl -p -e 's/^.* (\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null || echo 0)
|
||||
|
||||
Name: perl-Net-SSLeay
|
||||
Version: 1.77
|
||||
Release: 2%{?dist}
|
||||
Version: 1.78
|
||||
Release: 1%{?dist}
|
||||
Summary: Perl extension for using OpenSSL
|
||||
Group: Development/Libraries
|
||||
License: Artistic 2.0
|
||||
URL: http://search.cpan.org/dist/Net-SSLeay/
|
||||
Source0: http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-%{version}.tar.gz
|
||||
Patch0: Net-SSLeay-1.77-rt116795.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
|
||||
# =========== Module Build ===========================
|
||||
BuildRequires: coreutils
|
||||
@ -60,9 +59,6 @@ so you can write servers or clients for more complicated applications.
|
||||
%prep
|
||||
%setup -q -n Net-SSLeay-%{version}
|
||||
|
||||
# Fix OCSP (CPAN RT#116795)
|
||||
%patch0
|
||||
|
||||
# Fix permissions in examples to avoid bogus doc-file dependencies
|
||||
chmod -c 644 examples/*
|
||||
|
||||
@ -113,6 +109,10 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man3/Net::SSLeay::Handle.3*
|
||||
|
||||
%changelog
|
||||
* Sun Aug 14 2016 Paul Howarth <paul@city-fan.org> - 1.78-1
|
||||
- Update to 1.78
|
||||
- Fixed broken (since 1.75) OCSP code and tests
|
||||
|
||||
* Thu Aug 11 2016 Paul Howarth <paul@city-fan.org> - 1.77-2
|
||||
- Fix OCSP (CPAN RT#116795)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user