Pedro Monreal Gonzalez
8cce2e6a14
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
OBS-URL: https://build.opensuse.org/request/show/960455
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=107
30 lines
770 B
Diff
30 lines
770 B
Diff
Index: openssl-1.1.1m/apps/openssl.cnf
|
|
===================================================================
|
|
--- openssl-1.1.1m.orig/apps/openssl.cnf
|
|
+++ openssl-1.1.1m/apps/openssl.cnf
|
|
@@ -11,6 +11,24 @@
|
|
# defined.
|
|
HOME = .
|
|
|
|
+openssl_conf = openssl_init
|
|
+
|
|
+[ openssl_init ]
|
|
+
|
|
+engines = engine_section
|
|
+
|
|
+[ engine_section ]
|
|
+
|
|
+# This include will look through the directory that will contain the
|
|
+# engine declarations for any engines provided by other packages.
|
|
+.include /etc/ssl/engines.d
|
|
+
|
|
+# This include will look through the directory that will contain the
|
|
+# definitions of the engines declared in the engine section.
|
|
+.include /etc/ssl/engdef.d
|
|
+
|
|
+[ oid_section ]
|
|
+
|
|
# Extra OBJECT IDENTIFIER info:
|
|
#oid_file = $ENV::HOME/.oid
|
|
oid_section = new_oids
|