rpm/openssl-1_1
SHA256
1
0
Fork 0
forked from pool/openssl-1_1
Code Pull Requests Activity
18ecb7a582
openssl-1_1/openssl-1_1-use-seclevel2-in-tests.patch
Pedro Monreal Gonzalez 18ecb7a582 - Build with no-afalgeng [bsc#1226463] 
- Security fix: [bsc#1227138, CVE-2024-5535]
  * SSL_select_next_proto buffer overread
  * Add openssl-CVE-2024-5535.patch

- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
  security vulnerability. Calling the function SSL_free_buffers()
  potentially caused memory to be accessed that was previously
  freed in some situations and a malicious attacker could attempt
  to engineer a stituation where this occurs to facilitate a
  denial-of-service attack. [CVE-2024-4741, bsc#1225551]

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=164
2024-07-25 08:07:48 +00:00

39 lines
1.9 KiB
Diff
Raw Blame History

Index: openssl-1.1.1d/test/ssl_test.c
===================================================================
--- openssl-1.1.1d.orig/test/ssl_test.c
+++ openssl-1.1.1d/test/ssl_test.c
@@ -435,6 +440,7 @@ static int test_handshake(int idx)
#endif
if (test_ctx->method == SSL_TEST_METHOD_TLS) {
server_ctx = SSL_CTX_new(TLS_server_method());
+ SSL_CTX_set_security_level(server_ctx, 1);
if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
TLS_MAX_VERSION)))
goto err;
@@ -443,21 +449,25 @@ static int test_handshake(int idx)
SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
goto err;
+ SSL_CTX_set_security_level(server2_ctx, 1);
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
TLS_MAX_VERSION)))
goto err;
}
client_ctx = SSL_CTX_new(TLS_client_method());
+ SSL_CTX_set_security_level(client_ctx, 1);
if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
TLS_MAX_VERSION)))
goto err;
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(TLS_server_method());
+ SSL_CTX_set_security_level(resume_server_ctx, 1);
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
TLS_MAX_VERSION)))
goto err;
resume_client_ctx = SSL_CTX_new(TLS_client_method());
+ SSL_CTX_set_security_level(resume_client_ctx, 1);
if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
TLS_MAX_VERSION)))
goto err;
View Git Blame Copy Permalink