forked from pool/openssl-3
Pedro Monreal Gonzalez
aa970d108e
- Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch - Build with enabled sm2 and sm4 support [bsc#1222899] OBS-URL: https://build.opensuse.org/request/show/1188975 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=106
18 lines
942 B
Diff
18 lines
942 B
Diff
Don't use the legacy /etc/ssl/certs directory anymore but rather the
|
|
p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991)
|
|
Index: openssl-1.1.1-pre1/include/internal/cryptlib.h
|
|
===================================================================
|
|
--- openssl-1.1.1-pre1.orig/include/internal/cryptlib.h 2018-02-13 14:48:12.000000000 +0100
|
|
+++ openssl-1.1.1-pre1/include/internal/cryptlib.h 2018-02-13 16:30:11.738161984 +0100
|
|
@@ -59,8 +59,8 @@ DEFINE_LHASH_OF(MEM);
|
|
|
|
# ifndef OPENSSL_SYS_VMS
|
|
# define X509_CERT_AREA OPENSSLDIR
|
|
-# define X509_CERT_DIR OPENSSLDIR "/certs"
|
|
-# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
|
|
+# define X509_CERT_DIR "/var/lib/ca-certificates/openssl"
|
|
+# define X509_CERT_FILE "/var/lib/ca-certificates/ca-bundle.pem"
|
|
# define X509_PRIVATE_DIR OPENSSLDIR "/private"
|
|
# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf"
|
|
# else
|