openssl/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch

Index: openssl-1.0.1f/test/testssl
===================================================================
--- openssl-1.0.1f.orig/test/testssl
+++ openssl-1.0.1f/test/testssl
@@ -136,6 +136,25 @@ for protocol in TLSv1.2 SSLv3; do
   done
 done
 
+echo "Testing default ciphersuites"
+
+for cipher_suite in DEFAULT_SUSE DEFAULT; do
+    ../util/shlib_wrap.sh ../apps/openssl ciphers $cipher_suite
+    if [ $? -ne 0 ]; then
+        echo "Failed default ciphersuite $cipher_suite"
+        exit 1
+    fi
+done
+
+echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite"
+../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES-[^CBC3]" 
+
+if [ $? -ne 1 ];then
+    echo "weak ciphers are present on DEFAULT_SUSE cipher suite"
+    exit 1
+fi
+
+
 #############################################################################
 
 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
Accepting request 236989 from Base:System NOTE: I submitted perl-Net-SSLeay 1.64 update to devel:languages:perl which fixes its regression. - updated openssl to 1.0.1h (bnc#880891): - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream - CVE-2014-0198.patch: removed, upstream - 0009-Fix-double-frees.patch: removed, upstream - 0012-Fix-eckey_priv_encode.patch: removed, upstream - 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream - 0018-fix-coverity-issues-966593-966596.patch: removed, upstream - 0020-Initialize-num-properly.patch: removed, upstream - 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream - 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream - 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream - 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream - 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase - openssl-1.0.1c-ipv6-apps.patch: refreshed - openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed - Added new SUSE default cipher suite openssl-1.0.1e-add-suse-default-cipher.patch OBS-URL: https://build.opensuse.org/request/show/236989 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=118 2014-06-18 07:47:41 +02:00			`Index: openssl-1.0.1f/test/testssl`
			`===================================================================`
			`--- openssl-1.0.1f.orig/test/testssl`
			`+++ openssl-1.0.1f/test/testssl`
			`@@ -136,6 +136,25 @@ for protocol in TLSv1.2 SSLv3; do`
			`done`
			`done`

			`+echo "Testing default ciphersuites"`
			`+`
			`+for cipher_suite in DEFAULT_SUSE DEFAULT; do`
			`+ ../util/shlib_wrap.sh ../apps/openssl ciphers $cipher_suite`
			`+ if [ $? -ne 0 ]; then`
			`+ echo "Failed default ciphersuite $cipher_suite"`
			`+ exit 1`
			`+ fi`
			`+done`
			`+`
			`+echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite"`
			`+../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE\| grep "MD5\\|RC4\\|DES-[^CBC3]"`
			`+`
			`+if [ $? -ne 1 ];then`
			`+ echo "weak ciphers are present on DEFAULT_SUSE cipher suite"`
			`+ exit 1`
			`+fi`
			`+`
			`+`
			`#############################################################################`

			`if ../util/shlib_wrap.sh ../apps/openssl no-dh; then`