diff --git a/openssl-1.0.1e-bnc822642.patch b/openssl-1.0.1e-bnc822642.patch new file mode 100644 index 0000000..6042d81 --- /dev/null +++ b/openssl-1.0.1e-bnc822642.patch @@ -0,0 +1,26 @@ +commit 9fe4603b8245425a4c46986ed000fca054231253 +Author: David Woodhouse +Date: Tue Feb 12 14:55:32 2013 +0000 + + Check DTLS_BAD_VER for version number. + + The version check for DTLS1_VERSION was redundant as + DTLS1_VERSION > TLS1_1_VERSION, however we do need to + check for DTLS1_BAD_VER for compatibility. + + PR:2984 + (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index 02edf3f..443a31e 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned padding_length, good, to_check, i; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + /* Check if version requires explicit IV */ +- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) + { + /* These lengths are all public so we can test them in + * non-constant time. diff --git a/openssl.changes b/openssl.changes index 725cdb4..dbd8ef1 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 27 10:26:43 UTC 2013 - dmacvicar@suse.de + +- VPN openconnect problem (DTLS handshake failed) + (git 9fe4603b8, bnc#822642, openssl ticket#2984) + ------------------------------------------------------------------- Wed Sep 4 18:56:38 UTC 2013 - guillaume@opensuse.org diff --git a/openssl.spec b/openssl.spec index 3ea8725..4d5adca 100644 --- a/openssl.spec +++ b/openssl.spec @@ -54,6 +54,7 @@ Patch8: 0005-libssl-Hide-library-private-symbols.patch Patch9: openssl-1.0.1c-default-paths.patch Patch10: openssl-pkgconfig.patch Patch11: SSL_get_certificate-broken.patch +Patch12: openssl-1.0.1e-bnc822642.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -141,6 +142,7 @@ this package's base documentation. %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure"