From bfd45a4fd508e16738b55c98c693c9a0e3123060 Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sahana@redhat.com>
Date: Thu, 16 Apr 2020 18:12:33 +0200
Subject: [PATCH] Updates documentation to specify that the option "curves" can
 be used in server mode only.

---
 stunnel-5.56-curves-doc-update.patch | 66 ++++++++++++++++++++++++++++
 stunnel.spec                         |  7 ++-
 2 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 stunnel-5.56-curves-doc-update.patch

diff --git a/stunnel-5.56-curves-doc-update.patch b/stunnel-5.56-curves-doc-update.patch
new file mode 100644
index 0000000..84a01a3
--- /dev/null
+++ b/stunnel-5.56-curves-doc-update.patch
@@ -0,0 +1,66 @@
+--- stunnel-5.56/doc/stunnel.8.in.curves-doc-update	2020-04-16 17:12:48.171590017 +0200
++++ stunnel-5.56/doc/stunnel.8.in	2020-04-16 17:16:07.001603122 +0200
+@@ -473,6 +473,8 @@ This file contains multiple CRLs, used w
+ .IX Item "curves = list"
+ \&\s-1ECDH\s0 curves separated with ':'
+ .Sp
++Note: This option is supported for server mode sockets only.
++.Sp
+ Only a single curve name is allowed for OpenSSL older than 1.1.0.
+ .Sp
+ To get a list of supported curves use:
+--- stunnel-5.56/doc/stunnel.html.in.curves-doc-update	2020-04-16 17:13:25.664962696 +0200
++++ stunnel-5.56/doc/stunnel.html.in	2020-04-16 17:16:55.897111302 +0200
+@@ -568,6 +568,8 @@
+ 
+ <p>ECDH curves separated with &#39;:&#39;</p>
+ 
++<p>Note: This option is supported for server mode sockets only.</p>
++
+ <p>Only a single curve name is allowed for OpenSSL older than 1.1.0.</p>
+ 
+ <p>To get a list of supported curves use:</p>
+--- stunnel-5.56/doc/stunnel.pod.in.curves-doc-update	2020-04-16 17:13:43.412139122 +0200
++++ stunnel-5.56/doc/stunnel.pod.in	2020-04-16 17:17:25.414418073 +0200
+@@ -499,6 +499,8 @@ I<verifyPeer> options.
+ 
+ ECDH curves separated with ':'
+ 
++Note: This option is supported for server mode sockets only.
++
+ Only a single curve name is allowed for OpenSSL older than 1.1.0.
+ 
+ To get a list of supported curves use:
+--- stunnel-5.56/doc/stunnel.pl.pod.in.curves-doc-update	2020-04-16 17:25:22.631934496 +0200
++++ stunnel-5.56/doc/stunnel.pl.pod.in	2020-04-16 17:47:46.872353210 +0200
+@@ -507,6 +507,8 @@ przez opcje I<verifyChain> i I<verifyPee
+ 
+ krzywe ECDH odddzielone ':'
+ 
++Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
++
+ Wersje OpenSSL starsze niż 1.1.0 pozwalają na użycie tylko jednej krzywej.
+ 
+ Listę dostępnych krzywych można uzyskać poleceniem:
+--- stunnel-5.56/doc/stunnel.pl.html.in.curves-doc-update	2020-04-16 17:24:46.857579674 +0200
++++ stunnel-5.56/doc/stunnel.pl.html.in	2020-04-16 17:46:13.385404626 +0200
+@@ -564,6 +564,8 @@
+ 
+ <p>krzywe ECDH odddzielone &#39;:&#39;</p>
+ 
++<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
++
+ <p>Wersje OpenSSL starsze ni&#x17C; 1.1.0 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
+ 
+ <p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
+--- stunnel-5.56/doc/stunnel.pl.8.in.curves-doc-update	2020-04-16 17:24:25.665369474 +0200
++++ stunnel-5.56/doc/stunnel.pl.8.in	2020-04-16 17:45:14.141792786 +0200
+@@ -483,6 +483,8 @@ przez opcje \fIverifyChain\fR i \fIverif
+ .IX Item "curves = lista"
+ krzywe \s-1ECDH\s0 odddzielone ':'
+ .Sp
++Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
++.Sp
+ Wersje OpenSSL starsze niż 1.1.0 pozwalają na użycie tylko jednej krzywej.
+ .Sp
+ Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/stunnel.spec b/stunnel.spec
index d0da52e..f479682 100644
--- a/stunnel.spec
+++ b/stunnel.spec
@@ -10,7 +10,7 @@
 Summary: A TLS-encrypting socket wrapper
 Name: stunnel
 Version: 5.56
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 URL: http://www.stunnel.org/
 Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
@@ -26,6 +26,7 @@ Patch1: stunnel-5.50-systemd-service.patch
 Patch3: stunnel-5.56-system-ciphers.patch
 Patch4: stunnel-5.56-coverity.patch
 Patch5: stunnel-5.56-default-tls-version.patch
+Patch6: stunnel-5.56-curves-doc-update.patch
 # util-linux is needed for rename
 BuildRequires: gcc
 BuildRequires: openssl-devel, pkgconfig, util-linux
@@ -53,6 +54,7 @@ conjunction with imapd to create a TLS secure IMAP server.
 %patch3 -p1 -b .system-ciphers
 %patch4 -p1 -b .coverity
 %patch5 -p1 -b .default-tls-version
+%patch6 -p1 -b .curves-doc-update
 
 # Fix the configure script output for FIPS mode and stack protector flag
 sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure
@@ -138,6 +140,9 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done)
 %systemd_postun_with_restart %{name}.service
 
 %changelog
+* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-7
+- Updates documentation to specify that the option "curves" can be used in server mode only.
+
 * Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
 - Fixes default tls version patch to handle default values from OpenSSL crypto policies