From 0500af5ccc00046d96ffae565696ec8a43b9ba379f0846b2f829130f6631bd49 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Sun, 17 Dec 2023 21:29:03 +0000
Subject: [PATCH] Accepting request 1133116 from
 home:ohollmann:branches:security:tls

- Use constants X509_VERSION_3 and X509_REQ_VERSION_1 when available (#GH-449)
  * Add Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch

OBS-URL: https://build.opensuse.org/request/show/1133116
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Net-SSLeay?expand=0&rev=54
---
 ...nd-X509_REQ_VERSION_1-when-available.patch | 72 +++++++++++++++++++
 perl-Net-SSLeay.changes                       |  6 ++
 perl-Net-SSLeay.spec                          |  6 +-
 3 files changed, 82 insertions(+), 2 deletions(-)
 create mode 100644 Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch

diff --git a/Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch b/Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch
new file mode 100644
index 0000000..d191ebc
--- /dev/null
+++ b/Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch
@@ -0,0 +1,72 @@
+From 87e8d288e4ab42e0b9e934850195a3498e4de4be Mon Sep 17 00:00:00 2001
+From: Heikki Vatiainen <hvn@radiatorsoftware.com>
+Date: Wed, 6 Dec 2023 23:19:45 +0200
+Subject: [PATCH] GH-449 Use constants X509_VERSION_3 and X509_REQ_VERSION_1
+ when available.
+
+OpenSSL 3.2.0 no longer allows setting certificate version field value to 3
+because the highest current value is 2. The confusion likely arises from the
+definition of version field values in ASN.1 definitions where value 2 means
+version 3, value 1 is version 2, and so forth for certificate request and CRLs.
+
+Test 33_x509_create_cert.t was directly setting certificate version to integer
+3 which no longer worked. Using a valid value allows all tests to pass with
+OpenSSL 3.2.0.
+---
+ t/local/33_x509_create_cert.t | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+Index: Net-SSLeay-1.92/t/local/33_x509_create_cert.t
+===================================================================
+--- Net-SSLeay-1.92.orig/t/local/33_x509_create_cert.t
++++ Net-SSLeay-1.92/t/local/33_x509_create_cert.t
+@@ -53,7 +53,8 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer
+   #set organizationName via add_entry_by_txt
+   ok(Net::SSLeay::X509_NAME_add_entry_by_txt($name, "organizationName", MBSTRING_UTF8, "Company Name"), "X509_NAME_add_entry_by_txt");
+   
+-  ok(Net::SSLeay::X509_set_version($x509, 3), "X509_set_version");
++  my $x509_version_3 = (defined &Net::SSLeay::X509_VERSION_3) ? Net::SSLeay::X509_VERSION_3() : 2; # Note: X509_VERSION_3 is 2
++  ok(Net::SSLeay::X509_set_version($x509, $x509_version_3), "X509_set_version");
+   ok(my $sn = Net::SSLeay::X509_get_serialNumber($x509), "X509_get_serialNumber");
+   
+   my $pubkey = Net::SSLeay::X509_get_X509_PUBKEY($x509);
+@@ -96,7 +97,7 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer
+   ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname");
+   ok(Net::SSLeay::X509_sign($x509, $ca_pk, $sha1_digest), "X509_sign");
+   
+-  is(Net::SSLeay::X509_get_version($x509), 3, "X509_get_version");  
++  is(Net::SSLeay::X509_get_version($x509), $x509_version_3, "X509_get_version");
+   is(Net::SSLeay::X509_verify($x509, Net::SSLeay::X509_get_pubkey($ca_cert)), 1, "X509_verify");
+   
+   like(my $crt_pem = Net::SSLeay::PEM_get_string_X509($x509), qr/-----BEGIN CERTIFICATE-----/, "PEM_get_string_X509");
+@@ -183,8 +184,9 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer
+   ok(Net::SSLeay::X509_REQ_add1_attr_by_NID($req, 54, MBSTRING_ASC, 'password xyz'), "X509_REQ_add1_attr_by_NID");
+   #49 = NID_pkcs9_unstructuredName - XXX-TODO add new constant
+   ok(Net::SSLeay::X509_REQ_add1_attr_by_NID($req, 49, MBSTRING_ASC, 'Any Uns.name'), "X509_REQ_add1_attr_by_NID");
+-   
+-  ok(Net::SSLeay::X509_REQ_set_version($req, 2), "X509_REQ_set_version");
++
++  my $x509_req_version_1 = (defined &Net::SSLeay::X509_REQ_VERSION_1) ? Net::SSLeay::X509_REQ_VERSION_1() : 0; # Note: X509_REQ_VERSION_1 is 0
++  ok(Net::SSLeay::X509_REQ_set_version($req, $x509_req_version_1), "X509_REQ_set_version");
+ 
+   ok(my $sha1_digest = Net::SSLeay::EVP_get_digestbyname("sha1"), "EVP_get_digestbyname");
+   ok(Net::SSLeay::X509_REQ_sign($req, $pk, $sha1_digest), "X509_REQ_sign");
+@@ -192,7 +194,7 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer
+   ok(my $req_pubkey = Net::SSLeay::X509_REQ_get_pubkey($req), "X509_REQ_get_pubkey");
+   is(Net::SSLeay::X509_REQ_verify($req, $req_pubkey), 1, "X509_REQ_verify");
+   
+-  is(Net::SSLeay::X509_REQ_get_version($req), 2, "X509_REQ_get_version");
++  is(Net::SSLeay::X509_REQ_get_version($req), $x509_req_version_1, "X509_REQ_get_version");
+   ok(my $obj_challengePassword = Net::SSLeay::OBJ_txt2obj('1.2.840.113549.1.9.7'), "OBJ_txt2obj");
+   ok(my $nid_challengePassword = Net::SSLeay::OBJ_obj2nid($obj_challengePassword), "OBJ_obj2nid");  
+   is(Net::SSLeay::X509_REQ_get_attr_count($req), 3, "X509_REQ_get_attr_count");
+@@ -214,7 +216,8 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer
+   
+   ## PHASE2 - turn X509_REQ into X509 cert + sign with CA key
+   ok(my $x509ss = Net::SSLeay::X509_new(), "X509_new");
+-  ok(Net::SSLeay::X509_set_version($x509ss, 2), "X509_set_version");
++  my $x509_version_3 = (defined &Net::SSLeay::X509_VERSION_3) ? Net::SSLeay::X509_VERSION_3() : 2; # Note: X509_VERSION_3 is 2
++  ok(Net::SSLeay::X509_set_version($x509ss, $x509_version_3), "X509_set_version");
+   ok(my $sn = Net::SSLeay::X509_get_serialNumber($x509ss), "X509_get_serialNumber");
+   Net::SSLeay::P_ASN1_INTEGER_set_hex($sn, 'ABCDEF');
+   Net::SSLeay::X509_set_issuer_name($x509ss, Net::SSLeay::X509_get_subject_name($ca_cert));
diff --git a/perl-Net-SSLeay.changes b/perl-Net-SSLeay.changes
index 640459d..3638e28 100644
--- a/perl-Net-SSLeay.changes
+++ b/perl-Net-SSLeay.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Dec 14 13:47:04 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- Use constants X509_VERSION_3 and X509_REQ_VERSION_1 when available (#GH-449)
+  * Add Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch
+
 -------------------------------------------------------------------
 Fri Jan 14 03:07:28 UTC 2022 - Tina Müller <timueller+perl@suse.de>
 
diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec
index e956e61..0596654 100644
--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-Net-SSLeay
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,6 +25,8 @@ License:        Artistic-2.0
 URL:            https://metacpan.org/release/%{cpan_name}
 Source0:        https://cpan.metacpan.org/authors/id/C/CH/CHRISN/%{cpan_name}-%{version}.tar.gz
 Source1:        cpanspec.yml
+# PATCH-FIX-UPSTREAM https://github.com/radiator-software/p5-net-ssleay/issues/449
+Patch0:         Use-constants-X509_VERSION_3-and-X509_REQ_VERSION_1-when-available.patch
 BuildRequires:  perl
 BuildRequires:  perl-macros
 %{perl_requires}
@@ -42,7 +44,7 @@ This module provides Perl bindings for libssl (an SSL/TLS API) and
 libcrypto (a cryptography API).
 
 %prep
-%autosetup  -n %{cpan_name}-%{version}
+%autosetup  -n %{cpan_name}-%{version} -p1
 find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
 
 %build