d5a92c035d
- update to 1.0.1g: * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299) * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945) * Workaround for the "TLS hang bug" (see FAQ and PR#2771) - remove CVE-2014-0076.patch - openssl.keyring: upstream changed to: pub 4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org> uid Dr Stephen Henson <shenson@drh-consultancy.co.uk> uid Dr Stephen Henson <shenson@opensslfoundation.com> OBS-URL: https://build.opensuse.org/request/show/229370 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=110
104 lines
2.6 KiB
Diff
104 lines
2.6 KiB
Diff
Index: openssl-1.0.1g/apps/s_client.c
|
|
===================================================================
|
|
--- openssl-1.0.1g.orig/apps/s_client.c
|
|
+++ openssl-1.0.1g/apps/s_client.c
|
|
@@ -1174,12 +1174,19 @@ bad:
|
|
if (!set_cert_key_stuff(ctx,cert,key))
|
|
goto end;
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(ctx)))
|
|
+ if (CAfile == NULL && CApath == NULL)
|
|
{
|
|
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
|
|
- ERR_print_errors(bio_err);
|
|
- /* goto end; */
|
|
+ if (!SSL_CTX_set_default_verify_paths(ctx))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_TLSEXT
|
|
Index: openssl-1.0.1g/apps/s_server.c
|
|
===================================================================
|
|
--- openssl-1.0.1g.orig/apps/s_server.c
|
|
+++ openssl-1.0.1g/apps/s_server.c
|
|
@@ -1572,13 +1572,21 @@ bad:
|
|
}
|
|
#endif
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(ctx)))
|
|
+ if (CAfile == NULL && CApath == NULL)
|
|
{
|
|
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
|
|
- ERR_print_errors(bio_err);
|
|
- /* goto end; */
|
|
+ if (!SSL_CTX_set_default_verify_paths(ctx))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
}
|
|
+
|
|
if (vpm)
|
|
SSL_CTX_set1_param(ctx, vpm);
|
|
|
|
@@ -1629,8 +1637,11 @@ bad:
|
|
else
|
|
SSL_CTX_sess_set_cache_size(ctx2,128);
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(ctx2)))
|
|
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
|
|
{
|
|
ERR_print_errors(bio_err);
|
|
}
|
|
Index: openssl-1.0.1g/apps/s_time.c
|
|
===================================================================
|
|
--- openssl-1.0.1g.orig/apps/s_time.c
|
|
+++ openssl-1.0.1g/apps/s_time.c
|
|
@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
|
|
|
|
SSL_load_error_strings();
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
|
|
+ if (CAfile == NULL && CApath == NULL)
|
|
{
|
|
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
|
|
- ERR_print_errors(bio_err);
|
|
- /* goto end; */
|
|
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
|
|
+ {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
}
|
|
|
|
if (tm_cipher == NULL)
|