import perl-Net-SSLeay-1.92-1.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
3de6995c74
commit
bc59f1fd09
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/Net-SSLeay-1.90.tar.gz
|
||||
SOURCES/Net-SSLeay-1.92.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
675c9df74163d48477ecf06601a589f3c3b096dd SOURCES/Net-SSLeay-1.90.tar.gz
|
||||
03daf8b342ea57a9b1eef0689275ec99e5008e21 SOURCES/Net-SSLeay-1.92.tar.gz
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
diff -ru Net-SSLeay-1.90.orig/t/local/05_passwd_cb.t Net-SSLeay-1.90/t/local/05_passwd_cb.t
|
||||
--- Net-SSLeay-1.90.orig/t/local/05_passwd_cb.t 2020-11-18 10:12:44.000000000 +0100
|
||||
+++ Net-SSLeay-1.90/t/local/05_passwd_cb.t 2021-08-11 12:50:16.452681751 +0200
|
||||
@@ -5,7 +5,12 @@
|
||||
use Net::SSLeay;
|
||||
use Test::Net::SSLeay qw( data_file_path initialise_libssl );
|
||||
|
||||
-plan tests => 36;
|
||||
+my $callback_double_use_in_pem_read_bio_key = check_callback_double_use_in_pem_read_bio_key();
|
||||
+if (! $callback_double_use_in_pem_read_bio_key) {
|
||||
+ plan tests => 36;
|
||||
+} else {
|
||||
+ plan tests => 40;
|
||||
+}
|
||||
|
||||
initialise_libssl();
|
||||
|
||||
@@ -99,7 +104,13 @@
|
||||
ok( !Net::SSLeay::CTX_use_PrivateKey_file($ctx_1, $key_pem, &Net::SSLeay::FILETYPE_PEM),
|
||||
'CTX_use_PrivateKey_file doesn\'t work with wrong passphrase' );
|
||||
|
||||
-is($cb_1_calls, 2, 'callback1 called 2 times');
|
||||
+my $right_cb_1_calls;
|
||||
+if (! $callback_double_use_in_pem_read_bio_key) {
|
||||
+ $right_cb_1_calls = 2;
|
||||
+} else {
|
||||
+ $right_cb_1_calls = 3;
|
||||
+}
|
||||
+is($cb_1_calls, $right_cb_1_calls, 'callback1 called '.$right_cb_1_calls.' times');
|
||||
|
||||
|
||||
# OpenSSL 1.1.0 has SSL_set_default_passwd_cb, but the callback is not
|
||||
@@ -177,5 +188,35 @@
|
||||
ok( !Net::SSLeay::use_PrivateKey_file($ssl_1, $key_pem, &Net::SSLeay::FILETYPE_PEM),
|
||||
'use_PrivateKey_file doesn\'t work with wrong passphrase' );
|
||||
|
||||
- is($cb_1_calls, 2, 'callback1 called 2 times');
|
||||
+ my $right_cb_1_calls;
|
||||
+ if (! $callback_double_use_in_pem_read_bio_key) {
|
||||
+ $right_cb_1_calls = 2;
|
||||
+ } else {
|
||||
+ $right_cb_1_calls = 3;
|
||||
+ }
|
||||
+
|
||||
+ is($cb_1_calls, $right_cb_1_calls, 'callback1 called '.$right_cb_1_calls.' times');
|
||||
+}
|
||||
+
|
||||
+# In OpenSSL between alpha16 and alpha17 was change (7bc027d73bc51cfa0ae23fbfd91134be9464d694)
|
||||
+# which add one callback call in case of failing pem_read_bio_key_decoder()
|
||||
+# In OpenSSL between beta1 and beta2 was change (66a7c9f34b46edd462d647ae2febe8276bb9b4f7)
|
||||
+# which add passphrase caching to avoid asking for password twice
|
||||
+sub check_callback_double_use_in_pem_read_bio_key {
|
||||
+ my $ssleay_version = Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() );
|
||||
+ my ($openssl_alpha_version, $openssl_beta_version);
|
||||
+ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-alpha(\d+)\ /) {
|
||||
+ $openssl_alpha_version = $1;
|
||||
+ }
|
||||
+ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-beta(\d+)\ /) {
|
||||
+ $openssl_beta_version = $1;
|
||||
+ }
|
||||
+ if ((Net::SSLeay::SSLeay == 0x30000000 && defined $openssl_alpha_version && $openssl_alpha_version < 17)
|
||||
+ || Net::SSLeay::SSLeay == 0x30000000 && defined $openssl_beta_version && $openssl_beta_version > 1
|
||||
+ || Net::SSLeay::SSLeay < 0x30000000) {
|
||||
+
|
||||
+ return 0;
|
||||
+ } else {
|
||||
+ return 1;
|
||||
+ }
|
||||
}
|
||||
@ -1,12 +0,0 @@
|
||||
diff -ru Net-SSLeay-1.90.orig/t/local/32_x509_get_cert_info.t Net-SSLeay-1.90/t/local/32_x509_get_cert_info.t
|
||||
--- Net-SSLeay-1.90.orig/t/local/32_x509_get_cert_info.t 2020-11-18 10:12:44.000000000 +0100
|
||||
+++ Net-SSLeay-1.90/t/local/32_x509_get_cert_info.t 2021-06-02 00:37:27.881748999 +0200
|
||||
@@ -190,7 +190,7 @@
|
||||
Net::SSLeay::SSLeay < 0x30000000
|
||||
|| (
|
||||
Net::SSLeay::SSLeay == 0x30000000
|
||||
- && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1/
|
||||
+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1\ /
|
||||
)
|
||||
)
|
||||
) {
|
||||
@ -1,12 +0,0 @@
|
||||
diff -ru Net-SSLeay-1.90.orig/SSLeay.xs Net-SSLeay-1.90/SSLeay.xs
|
||||
--- Net-SSLeay-1.90.orig/SSLeay.xs 2021-01-21 16:14:11.000000000 +0100
|
||||
+++ Net-SSLeay-1.90/SSLeay.xs 2021-06-02 01:47:55.724962156 +0200
|
||||
@@ -4556,7 +4556,7 @@
|
||||
if (passwd_len>0) {
|
||||
/* encrypted key */
|
||||
if (!enc_alg)
|
||||
- PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u);
|
||||
+ PEM_write_bio_PrivateKey(bp,pk,EVP_des_ede(),(unsigned char *)passwd,passwd_len,cb,u);
|
||||
else
|
||||
PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u);
|
||||
}
|
||||
@ -1,60 +0,0 @@
|
||||
commit 327550f61f5e1e932ea911e59ccc496ebb307030
|
||||
Author: Chris Novakovic <chris@chrisn.me.uk>
|
||||
Date: Tue Jun 8 21:49:40 2021 +0100
|
||||
|
||||
39_pkcs12.t: validate CA certificate CNs with all libssl versions
|
||||
|
||||
When verifying common names in the PKCS#12 certificate chain, account
|
||||
for the fact that PKCS12_parse() returns the CA certificate chain in a
|
||||
different order in different versions of libssl.
|
||||
|
||||
Since the CA certificate chain tests now cover all versions of OpenSSL
|
||||
and LibreSSL, don't skip the order check for versions of OpenSSL before
|
||||
1.0.0, and remove the generic tests that ensure X509_NAME_oneline()
|
||||
returns a valid-looking common name for each of the CA certificates
|
||||
(since they're now redundant).
|
||||
|
||||
diff --git a/t/local/39_pkcs12.t b/t/local/39_pkcs12.t
|
||||
index 5c7fb8b..5083331 100644
|
||||
--- a/t/local/39_pkcs12.t
|
||||
+++ b/t/local/39_pkcs12.t
|
||||
@@ -3,7 +3,7 @@ use lib 'inc';
|
||||
use Net::SSLeay;
|
||||
use Test::Net::SSLeay qw( data_file_path initialise_libssl );
|
||||
|
||||
-plan tests => 19;
|
||||
+plan tests => 17;
|
||||
|
||||
initialise_libssl();
|
||||
|
||||
@@ -36,12 +36,24 @@ my $filename3 = data_file_path('simple-cert.p12');
|
||||
my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]);
|
||||
my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]);
|
||||
is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]");
|
||||
- like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]");
|
||||
- like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]");
|
||||
- SKIP: {
|
||||
- skip("cert order in CA chain is different in openssl pre-1.0.0", 2) unless Net::SSLeay::SSLeay >= 0x01000000;
|
||||
- is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
|
||||
- is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/5]");
|
||||
+ # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of
|
||||
+ # LibreSSL return the CA certificate chain with the root CA certificate at the
|
||||
+ # end; all other versions return the certificate chain with the root CA
|
||||
+ # certificate at the start
|
||||
+ if (
|
||||
+ Net::SSLeay::SSLeay < 0x10000002
|
||||
+ || (
|
||||
+ Net::SSLeay::SSLeay == 0x30000000
|
||||
+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] /
|
||||
+ )
|
||||
+ || Net::SSLeay::SSLeay > 0x30000000
|
||||
+ ) {
|
||||
+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]");
|
||||
+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
|
||||
+ }
|
||||
+ else {
|
||||
+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]");
|
||||
+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]");
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,45 +0,0 @@
|
||||
diff -ru Net-SSLeay-1.90.orig/t/local/43_misc_functions.t Net-SSLeay-1.90/t/local/43_misc_functions.t
|
||||
--- Net-SSLeay-1.90.orig/t/local/43_misc_functions.t 2021-01-21 16:14:11.000000000 +0100
|
||||
+++ Net-SSLeay-1.90/t/local/43_misc_functions.t 2021-06-04 17:30:29.508947419 +0200
|
||||
@@ -245,6 +245,23 @@
|
||||
|
||||
my $ciphersuites = join(':', keys(%tls_1_3_aead_cipher_to_keyblock_size));
|
||||
|
||||
+ # In OpenSSL 3.0.0 alpha 11 (commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9) was
|
||||
+ # changed api of set_ciphersuites to ignore unknown ciphers.
|
||||
+ my $ret_partially_bad_ciphersuites;
|
||||
+ my $ssleay_version = Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() );
|
||||
+ my $openssl_alpha_version;
|
||||
+ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-alpha(\d+)\ /) {
|
||||
+ $openssl_alpha_version = $1;
|
||||
+ }
|
||||
+ if ((Net::SSLeay::SSLeay == 0x30000000
|
||||
+ && defined $openssl_alpha_version && $openssl_alpha_version < 11)
|
||||
+ || Net::SSLeay::SSLeay < 0x30000000) {
|
||||
+
|
||||
+ $ret_partially_bad_ciphersuites = 0;
|
||||
+ } else {
|
||||
+ $ret_partially_bad_ciphersuites = 1;
|
||||
+ }
|
||||
+
|
||||
my ($ctx, $rv, $ssl);
|
||||
$ctx = Net::SSLeay::CTX_new();
|
||||
$rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $ciphersuites);
|
||||
@@ -257,7 +271,7 @@
|
||||
};
|
||||
is($rv, 1, 'CTX set undef ciphersuites');
|
||||
$rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:' . $ciphersuites);
|
||||
- is($rv, 0, 'CTX set partially bad ciphersuites');
|
||||
+ is($rv, $ret_partially_bad_ciphersuites, 'CTX set partially bad ciphersuites');
|
||||
$rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:');
|
||||
is($rv, 0, 'CTX set bad ciphersuites');
|
||||
|
||||
@@ -272,7 +286,7 @@
|
||||
};
|
||||
is($rv, 1, 'SSL set undef ciphersuites');
|
||||
$rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:' . $ciphersuites);
|
||||
- is($rv, 0, 'SSL set partially bad ciphersuites');
|
||||
+ is($rv, $ret_partially_bad_ciphersuites, 'SSL set partially bad ciphersuites');
|
||||
$rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:');
|
||||
is($rv, 0, 'SSL set bad ciphersuites');
|
||||
|
||||
@ -5,19 +5,14 @@
|
||||
%endif
|
||||
|
||||
Name: perl-Net-SSLeay
|
||||
Version: 1.90
|
||||
Release: 8%{?dist}
|
||||
Version: 1.92
|
||||
Release: 1%{?dist}
|
||||
Summary: Perl extension for using OpenSSL
|
||||
License: Artistic 2.0
|
||||
URL: https://metacpan.org/release/Net-SSLeay
|
||||
Source0: https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
|
||||
Patch10: Net-SSLeay-1.90-pkgconfig.patch
|
||||
Patch11: Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch
|
||||
Patch12: Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch
|
||||
Patch13: Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch
|
||||
Patch14: Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch
|
||||
Patch15: Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
|
||||
Patch16: Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch
|
||||
Patch1: Net-SSLeay-1.90-pkgconfig.patch
|
||||
Patch2: Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
|
||||
# =========== Module Build ===========================
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: findutils
|
||||
@ -28,13 +23,17 @@ BuildRequires: openssl-devel
|
||||
BuildRequires: perl-devel
|
||||
BuildRequires: perl-generators
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: perl(constant)
|
||||
BuildRequires: perl(Cwd)
|
||||
BuildRequires: perl(English)
|
||||
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
|
||||
BuildRequires: perl(ExtUtils::PkgConfig)
|
||||
BuildRequires: perl(ExtUtils::MM)
|
||||
BuildRequires: perl(File::Basename)
|
||||
BuildRequires: perl(File::Path)
|
||||
BuildRequires: perl(File::Spec::Functions)
|
||||
BuildRequires: perl(Symbol)
|
||||
BuildRequires: perl(Text::Wrap)
|
||||
BuildRequires: perl(utf8)
|
||||
# =========== Module Runtime =========================
|
||||
BuildRequires: perl(AutoLoader)
|
||||
@ -53,6 +52,7 @@ BuildRequires: perl(IO::Socket::INET)
|
||||
BuildRequires: perl(lib)
|
||||
BuildRequires: perl(Storable)
|
||||
BuildRequires: perl(strict)
|
||||
BuildRequires: perl(Test::Builder)
|
||||
BuildRequires: perl(Test::More) >= 0.61
|
||||
BuildRequires: perl(threads)
|
||||
BuildRequires: perl(warnings)
|
||||
@ -85,25 +85,10 @@ so you can write servers or clients for more complicated applications.
|
||||
|
||||
# Get libraries to link against from pkg-config
|
||||
# https://github.com/radiator-software/p5-net-ssleay/pull/127
|
||||
%patch10
|
||||
|
||||
# https://github.com/radiator-software/p5-net-ssleay/pull/271
|
||||
%patch11 -p1
|
||||
|
||||
# https://github.com/radiator-software/p5-net-ssleay/issues/272
|
||||
%patch12 -p1
|
||||
|
||||
# https://github.com/radiator-software/p5-net-ssleay/pull/274
|
||||
%patch13 -p1
|
||||
|
||||
# https://github.com/radiator-software/p5-net-ssleay/pull/275
|
||||
%patch14 -p1
|
||||
%patch1
|
||||
|
||||
# Disable TLS1 and TLS1_1 from tests
|
||||
%patch15 -p1
|
||||
|
||||
# https://github.com/radiator-software/p5-net-ssleay/pull/282
|
||||
%patch16 -p1
|
||||
%patch2 -p1
|
||||
|
||||
# Fix permissions in examples to avoid bogus doc-file dependencies
|
||||
chmod -c 644 examples/*
|
||||
@ -141,6 +126,9 @@ make test
|
||||
%{_mandir}/man3/Net::SSLeay::Handle.3*
|
||||
|
||||
%changelog
|
||||
* Wed Jan 26 2022 Michal Josef Špaček <mspacek@redhat.com> - 1.92-1
|
||||
- Update to 1.92
|
||||
|
||||
* Wed Aug 11 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-8
|
||||
- Fix tests for openssl 3.0.0-beta2. rhbz#1992571
|
||||
- Add another fix for t/05_passwd_cb.t, because change in passphrase caching
|
||||
|
||||
Loading…
Reference in New Issue
Block a user