rpms/openssl/devel openssl-0.9.8g-default-paths.patch, NONE, 1.1 openssl-0.9.8g-no-extssl.patch, NONE, 1.1 openssl.spec, 1.99, 1.100
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Thu Dec 13 17:17:20 UTC 2007
- Previous message (by thread): rpms/gstreamer-plugins-base/F-8 gstreamer-plugins-base.spec, 1.37, 1.38
- Next message (by thread): rpms/zabbix/EL-5 .cvsignore, 1.7, 1.8 sources, 1.7, 1.8 zabbix.spec, 1.12, 1.13 zabbix-1.4.2-include.patch, 1.1, NONE zabbix-1.4.2-initgroups.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14647
Modified Files:
openssl.spec
Added Files:
openssl-0.9.8g-default-paths.patch
openssl-0.9.8g-no-extssl.patch
Log Message:
* Thu Dec 13 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8g-3
- set default paths when no explicit paths are set (#418771)
- do not add tls extensions to client hello for SSLv3 (#422081)
openssl-0.9.8g-default-paths.patch:
--- NEW FILE openssl-0.9.8g-default-paths.patch ---
diff -up openssl-0.9.8g/apps/s_server.c.default-paths openssl-0.9.8g/apps/s_server.c
--- openssl-0.9.8g/apps/s_server.c.default-paths 2007-12-13 17:41:34.000000000 +0100
+++ openssl-0.9.8g/apps/s_server.c 2007-12-13 17:36:58.000000000 +0100
@@ -1077,12 +1077,13 @@ bad:
}
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx))
{
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
@@ -1132,8 +1133,11 @@ bad:
SSL_CTX_sess_set_cache_size(ctx2,128);
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
{
ERR_print_errors(bio_err);
}
diff -up openssl-0.9.8g/apps/s_client.c.default-paths openssl-0.9.8g/apps/s_client.c
--- openssl-0.9.8g/apps/s_client.c.default-paths 2007-12-13 17:41:34.000000000 +0100
+++ openssl-0.9.8g/apps/s_client.c 2007-12-13 17:37:34.000000000 +0100
@@ -673,12 +673,13 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx))
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
store = SSL_CTX_get_cert_store(ctx);
diff -up openssl-0.9.8g/apps/s_time.c.default-paths openssl-0.9.8g/apps/s_time.c
--- openssl-0.9.8g/apps/s_time.c.default-paths 2003-12-27 15:40:17.000000000 +0100
+++ openssl-0.9.8g/apps/s_time.c 2007-12-13 17:35:27.000000000 +0100
@@ -476,12 +476,13 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
- /* goto end; */
}
if (tm_cipher == NULL)
openssl-0.9.8g-no-extssl.patch:
--- NEW FILE openssl-0.9.8g-no-extssl.patch ---
Skip adding tls extensions to client hello when protocol version is
not TLS.
diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200
+++ openssl-0.9.8g/ssl/t1_lib.c 2007-12-13 17:22:10.000000000 +0100
@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
int extdatalen=0;
unsigned char *ret = p;
+ if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
+ {
+ return ret;
+ }
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- openssl.spec 3 Dec 2007 19:57:11 -0000 1.99
+++ openssl.spec 13 Dec 2007 17:16:43 -0000 1.100
@@ -22,7 +22,7 @@
Summary: The OpenSSL toolkit
Name: openssl
Version: 0.9.8g
-Release: 2%{?dist}
+Release: 3%{?dist}
Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -44,6 +44,8 @@
# Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch
Patch22: openssl-0.9.8b-x509-name-cmp.patch
+Patch23: openssl-0.9.8g-default-paths.patch
+Patch24: openssl-0.9.8g-no-extssl.patch
# Functionality changes
Patch32: openssl-0.9.7-beta6-ia64.patch
Patch33: openssl-0.9.7f-ca-dir.patch
@@ -106,6 +108,8 @@
%patch21 -p1 -b .aliasing-bug
%patch22 -p1 -b .name-cmp
+%patch23 -p1 -b .default-paths
+%patch24 -p1 -b .no-extssl
%patch32 -p1 -b .ia64
#patch33 is applied after make test
@@ -356,6 +360,10 @@
%postun -p /sbin/ldconfig
%changelog
+* Thu Dec 13 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8g-3
+- set default paths when no explicit paths are set (#418771)
+- do not add tls extensions to client hello for SSLv3 (#422081)
+
* Tue Dec 4 2007 Tomas Mraz <tmraz at redhat.com> 0.9.8g-2
- enable some new crypto algorithms and features
- add some more important bug fixes from openssl CVS
- Previous message (by thread): rpms/gstreamer-plugins-base/F-8 gstreamer-plugins-base.spec, 1.37, 1.38
- Next message (by thread): rpms/zabbix/EL-5 .cvsignore, 1.7, 1.8 sources, 1.7, 1.8 zabbix.spec, 1.12, 1.13 zabbix-1.4.2-include.patch, 1.1, NONE zabbix-1.4.2-initgroups.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list