Accepting request 826265 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.0.0 Alpha 6
* Allow SSL_set1_host() and SSL_add1_host() to take IP literal
addresses as well as actual hostnames. (David Woodhouse)
* The 'MinProtocol' and 'MaxProtocol' configuration commands now
silently ignore TLS protocol version bounds when configuring
DTLS-based contexts, and conversely, silently ignore DTLS protocol
version bounds when configuring TLS-based contexts. The commands
can be repeated to set bounds of both types. The same applies with
the corresponding 'min_protocol' and 'max_protocol' command-line
switches, in case some application uses both TLS and DTLS.
* SSL_CTX instances that are created for a fixed protocol version
(e.g. TLSv1_server_method()) also silently ignore version bounds.
Previously attempts to apply bounds to these protocol versions
would result in an error. Now only the 'version-flexible' SSL_CTX
instances are subject to limits in configuration files in
command-line options. (Viktor Dukhovni)
- Add lsof dependency during build to fix tests failures
- Enable test 81-test_cmp_cli.t fixed upstream
- Remove 0001-Fix-typo-for-SSL_get_peer_certificate.patch
OBS-URL: https://build.opensuse.org/request/show/826265
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=15
This commit is contained in:
Tomáš Chvátal
Git OBS Bridge
parent
bda45a31f3
commit
2d441cd663
@ -1,27 +0,0 @@
|
||||
From 43b3ab6f872ef64622d98ab0e3c88e312453c089 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Levitte <levitte@openssl.org>
|
||||
Date: Thu, 16 Jul 2020 19:21:22 +0200
|
||||
Subject: [PATCH] Fix typo for SSL_get_peer_certificate()
|
||||
|
||||
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/12468)
|
||||
---
|
||||
include/openssl/ssl.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
|
||||
index 53664229c2..c030346760 100644
|
||||
--- a/include/openssl/ssl.h
|
||||
+++ b/include/openssl/ssl.h
|
||||
@@ -1710,7 +1710,7 @@ __owur X509 *SSL_get0_peer_certificate(const SSL *s);
|
||||
__owur X509 *SSL_get1_peer_certificate(const SSL *s);
|
||||
/* Deprecated in 3.0.0 */
|
||||
# ifndef OPENSSL_NO_DEPRECATED_3_0
|
||||
-# define SSL_get_peer_certificate SSL_get1_peer_certifiate
|
||||
+# define SSL_get_peer_certificate SSL_get1_peer_certificate
|
||||
# endif
|
||||
# endif
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJIBAABCgAyFiEEeVOsH7w9yLOykjk+1enkP3357owFAl8QVLgUHGxldml0dGVA
|
||||
b3BlbnNzbC5vcmcACgkQ1enkP3357oxYpA//REAEr+T8YIxYRWxLUAayzxuWMA1a
|
||||
vYWUg6Z2CJWVG1w/JNmrbWNgoeJNdnYe80uFeMLBvJhe7nbq2mOrUQ/IrlzVyT5F
|
||||
Tg5upCRTeiCnX36sOG+Bkw6RMIccqQH1Rjrmib6TAfvlmqOoALDM9COSqIEDpG9L
|
||||
h0B++LjDfeFwsbXR5dvU5ZJCv+RvO7vg+uTOryphEi8XeyNmelQJSpH7XNVnw81i
|
||||
+/dac5rup/wkTHA8yUJQ4OpSy2tC8Ht+WdluNEsT6+ewxiuVM3PQ7NAWSYtNiWzG
|
||||
eEZPM27yrY+xSBkIPvtzWDZ0e7EUU/SH2dsSYBsuk7lO2fSqBS9er3oe67tw/Gax
|
||||
W67ei+aMbEGoSkN1JCtsCjzcMp/QZ+5932pWy/d76I4smCxdmaJd5O/B0y4O1FQv
|
||||
6jrquxowzPtirKEm5qEW9xC85fsrCj6kFp3YhhlRh9I4UtZ9DX7cM+FwVE71khE8
|
||||
+hyZqjGT4aE9auxMI7+rk/xirEmNbIQhEwDVQhuSgSHLDC4P1ITPS8MPMasFLfdI
|
||||
crhpjA+N1Q2sSzB2/mlGvgTtvin+Plj7rDJawd69drm59y59Z19nfMYkRPxzXDS/
|
||||
kSYAOF42KrUMZf9+MP8hWiaeC1nM8iqz619NNF/WbBh583ujaFNbThgbJoPgTQLD
|
||||
fA3L8F13TU3zuXE=
|
||||
=L52Y
|
||||
-----END PGP SIGNATURE-----
|
||||
3
openssl-3.0.0-alpha6.tar.gz
Normal file
3
openssl-3.0.0-alpha6.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1e8143b152f33f76530da2eaedc5d841121ff9e7247a857390cceac6503f482b
|
||||
size 13963353
|
||||
11
openssl-3.0.0-alpha6.tar.gz.asc
Normal file
11
openssl-3.0.0-alpha6.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl8r/u0ACgkQ2cTSbQ5g
|
||||
RJEImgf+INJsre+OZBICUb9rVRgzIzBqP/OmoujzJ4lfGuYmgrpAs+3l5kQpSDpO
|
||||
++7375mCGR3KP/mZ4FRbtoVfaALcqtD/egY3iM5jj5fezDtOmf+Zcg2HG2vOwvYw
|
||||
RZ6K3vwutcgbEfctLXZvcJaDywKIuav0hetVq6xoAz/x+KqAgDmqV6qru247eSr6
|
||||
qy50nmYaLF8xYwSAZX9eWLQz9zpPiqcjeHQ3UK7FPOpgylsJHMW9x3ivls4H/HqK
|
||||
oETMZfjgLsakyMNgSD3JI7LdTY/sFRQhyE/iU3lMcxXD1hYiJxED5GYl/VONjJwU
|
||||
GXn0xiGy8oiR6LMxHshcFEWQsHCJKA==
|
||||
=q+6h
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,3 +1,26 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 13 09:21:33 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Update to 3.0.0 Alpha 6
|
||||
* Allow SSL_set1_host() and SSL_add1_host() to take IP literal
|
||||
addresses as well as actual hostnames. (David Woodhouse)
|
||||
* The 'MinProtocol' and 'MaxProtocol' configuration commands now
|
||||
silently ignore TLS protocol version bounds when configuring
|
||||
DTLS-based contexts, and conversely, silently ignore DTLS protocol
|
||||
version bounds when configuring TLS-based contexts. The commands
|
||||
can be repeated to set bounds of both types. The same applies with
|
||||
the corresponding 'min_protocol' and 'max_protocol' command-line
|
||||
switches, in case some application uses both TLS and DTLS.
|
||||
* SSL_CTX instances that are created for a fixed protocol version
|
||||
(e.g. TLSv1_server_method()) also silently ignore version bounds.
|
||||
Previously attempts to apply bounds to these protocol versions
|
||||
would result in an error. Now only the 'version-flexible' SSL_CTX
|
||||
instances are subject to limits in configuration files in
|
||||
command-line options. (Viktor Dukhovni)
|
||||
- Add lsof dependency during build to fix tests failures
|
||||
- Enable test 81-test_cmp_cli.t fixed upstream
|
||||
- Remove 0001-Fix-typo-for-SSL_get_peer_certificate.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 20 08:40:26 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
%define sover 3
|
||||
%define _rname openssl
|
||||
%define vernum 3.0.0
|
||||
%define relnum alpha5
|
||||
%define relnum alpha6
|
||||
%define dash_version %{vernum}-%{relnum}
|
||||
Name: openssl-3
|
||||
# Don't forget to update the version in the "openssl" package!
|
||||
@ -45,8 +45,8 @@ Patch3: openssl-pkgconfig.patch
|
||||
Patch4: openssl-DEFAULT_SUSE_cipher.patch
|
||||
Patch5: openssl-ppc64-config.patch
|
||||
Patch6: openssl-no-date.patch
|
||||
Patch7: 0001-Fix-typo-for-SSL_get_peer_certificate.patch
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: lsof
|
||||
Conflicts: ssl
|
||||
Provides: ssl
|
||||
Provides: openssl(cli)
|
||||
@ -146,8 +146,6 @@ perl configdata.pm --dump
|
||||
%check
|
||||
export MALLOC_CHECK_=3
|
||||
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
|
||||
# Disable broken test (needs lsof) https://github.com/openssl/openssl/issues/12324
|
||||
rm test/recipes/81-test_cmp_cli.t
|
||||
LD_LIBRARY_PATH="$PWD" make test -j1
|
||||
# show cyphers
|
||||
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
|
||||
|
||||
Loading…
Reference in New Issue
Block a user