[Pkg-openssl-changes] r574 - in openssl/trunk/debian: . patches

[Kurt Roeckx]

Author: kroeckx
Date: 2012-06-05 22:44:19 +0000 (Tue, 05 Jun 2012)
New Revision: 574

Added:
   openssl/trunk/debian/patches/renegiotate_tls.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/patches/series
Log:
Fix renegiotation when using TLS > 1.0.  This breaks tor.  Patch from
upstream.  (Closes: #675990)


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2012-05-11 16:46:14 UTC (rev 573)
+++ openssl/trunk/debian/changelog	2012-06-05 22:44:19 UTC (rev 574)
@@ -1,3 +1,10 @@
+openssl (1.0.1c-2) unstable; urgency=high
+
+  * Fix renegiotation when using TLS > 1.0.  This breaks tor.  Patch from
+    upstream.  (Closes: #675990)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Wed, 06 Jun 2012 00:37:39 +0200
+
 openssl (1.0.1c-1) unstable; urgency=high
 
   * New upstream version

Added: openssl/trunk/debian/patches/renegiotate_tls.patch
===================================================================
--- openssl/trunk/debian/patches/renegiotate_tls.patch	                        (rev 0)
+++ openssl/trunk/debian/patches/renegiotate_tls.patch	2012-06-05 22:44:19 UTC (rev 574)
@@ -0,0 +1,10 @@
+--- a/openssl/ssl/s3_pkt.c	2012/04/17 13:21:19	1.95
++++ b/openssl/ssl/s3_pkt.c	2012/05/11 13:34:29	1.96
+@@ -744,6 +744,7 @@
+ 	 * bytes and record version number > TLS 1.0
+ 	 */
+ 	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
++				&& !s->renegotiate
+ 				&& TLS1_get_version(s) > TLS1_VERSION)
+ 		*(p++) = 0x1;
+ 	else

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2012-05-11 16:46:14 UTC (rev 573)
+++ openssl/trunk/debian/patches/series	2012-06-05 22:44:19 UTC (rev 574)
@@ -29,3 +29,4 @@
 block_diginotar.patch
 block_digicert_malaysia.patch
 c_rehash-multi.patch
+renegiotate_tls.patch