forked from pool/openssl
bdf3209e96
- update to 1.0.2a
* Major changes since 1.0.1:
- Suite B support for TLS 1.2 and DTLS 1.2
- Support for DTLS 1.2
- TLS automatic EC curve selection.
- API to set TLS supported signature algorithms and curves
- SSL_CONF configuration API.
- TLS Brainpool support.
- ALPN support.
- CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
- packaging changes:
* merged patches modifying CIPHER_LIST into one, dropping:
- openssl-1.0.1e-add-suse-default-cipher-header.patch
- openssl-libssl-noweakciphers.patch
* fix a manpage with invalid name
- added openssl-fix_invalid_manpage_name.patch
* remove a missing fips function
- openssl-missing_FIPS_ec_group_new_by_curve_name.patch
* reimported patches from Fedora
dropped patches:
- openssl-1.0.1c-default-paths.patch
- openssl-1.0.1c-ipv6-apps.patch
- openssl-1.0.1e-fips-ctor.patch
- openssl-1.0.1e-fips-ec.patch
- openssl-1.0.1e-fips.patch
- openssl-1.0.1e-new-fips-reqs.patch
- VIA_padlock_support_on_64systems.patch
added patches:
- openssl-1.0.2a-default-paths.patch
- openssl-1.0.2a-fips-ctor.patch (forwarded request 309611 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/310849
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=127
95 lines
3.4 KiB
Diff
95 lines
3.4 KiB
Diff
diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_client.c
|
|
--- openssl-1.0.2a/apps/s_client.c.default-paths 2015-04-20 14:48:31.462166971 +0200
|
|
+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 14:52:55.125316170 +0200
|
|
@@ -1336,19 +1336,16 @@ int MAIN(int argc, char **argv)
|
|
|
|
SSL_CTX_set_verify(ctx, verify, verify_callback);
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(ctx))) {
|
|
- /*
|
|
- * BIO_printf(bio_err,"error setting default verify locations\n");
|
|
- */
|
|
- ERR_print_errors(bio_err);
|
|
- /* goto end; */
|
|
+ if (CAfile == NULL && CApath == NULL) {
|
|
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ } else {
|
|
+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
}
|
|
|
|
- ssl_ctx_add_crls(ctx, crls, crl_download);
|
|
- if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
|
|
- goto end;
|
|
-
|
|
#ifndef OPENSSL_NO_TLSEXT
|
|
if (servername != NULL) {
|
|
tlsextcbp.biodebug = bio_err;
|
|
diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_server.c
|
|
--- openssl-1.0.2a/apps/s_server.c.default-paths 2015-03-19 14:30:36.000000000 +0100
|
|
+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 14:48:31.462166971 +0200
|
|
@@ -1768,12 +1768,16 @@ int MAIN(int argc, char *argv[])
|
|
}
|
|
#endif
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(ctx))) {
|
|
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
|
|
- ERR_print_errors(bio_err);
|
|
- /* goto end; */
|
|
+ if (CAfile == NULL && CApath == NULL) {
|
|
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ } else {
|
|
+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
}
|
|
+
|
|
if (vpm)
|
|
SSL_CTX_set1_param(ctx, vpm);
|
|
|
|
@@ -1830,8 +1834,10 @@ int MAIN(int argc, char *argv[])
|
|
else
|
|
SSL_CTX_sess_set_cache_size(ctx2, 128);
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(ctx2))) {
|
|
+ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ if (!SSL_CTX_set_default_verify_paths(ctx2)) {
|
|
ERR_print_errors(bio_err);
|
|
}
|
|
if (vpm)
|
|
diff -up openssl-1.0.2a/apps/s_time.c.default-paths openssl-1.0.2a/apps/s_time.c
|
|
--- openssl-1.0.2a/apps/s_time.c.default-paths 2015-04-20 14:48:31.462166971 +0200
|
|
+++ openssl-1.0.2a/apps/s_time.c 2015-04-20 14:55:14.232542738 +0200
|
|
@@ -381,13 +381,14 @@ int MAIN(int argc, char **argv)
|
|
|
|
SSL_load_error_strings();
|
|
|
|
- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
|
|
- (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
|
|
- /*
|
|
- * BIO_printf(bio_err,"error setting default verify locations\n");
|
|
- */
|
|
- ERR_print_errors(bio_err);
|
|
- /* goto end; */
|
|
+ if (CAfile == NULL && CApath == NULL) {
|
|
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
+ } else {
|
|
+ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) {
|
|
+ ERR_print_errors(bio_err);
|
|
+ }
|
|
}
|
|
|
|
if (tm_cipher == NULL)
|