[Pkg-openssl-changes] r622 - openssl/trunk/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Sun Dec 22 16:42:44 UTC 2013
Author: kroeckx
Date: 2013-12-22 16:42:44 +0000 (Sun, 22 Dec 2013)
New Revision: 622
Removed:
openssl/trunk/debian/patches/aesni-mac.patch
openssl/trunk/debian/patches/cpuid.patch
openssl/trunk/debian/patches/dtls_version.patch
openssl/trunk/debian/patches/get_certificate.patch
openssl/trunk/debian/patches/ssltest_no_sslv2.patch
Modified:
openssl/trunk/debian/patches/fix-pod-errors.patch
openssl/trunk/debian/patches/series
Log:
Update to a git snapshot.
Deleted: openssl/trunk/debian/patches/aesni-mac.patch
===================================================================
--- openssl/trunk/debian/patches/aesni-mac.patch 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/aesni-mac.patch 2013-12-22 16:42:44 UTC (rev 622)
@@ -1,26 +0,0 @@
-From: Andy Polyakov <appro at openssl.org>
-Date: Mon, 18 Mar 2013 19:29:41 +0100
-Subject: e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9ab3ce124616cb12bd39c6aa1e1bde0f46969b29
-Bug-Debian: http://bugs.debian.org/701868
-Bug: http://rt.openssl.org/Ticket/Display.html?id=3002&user=guest&pass=guest
-
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index 483e04b..fb2c884 100644
---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
-@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-
- if (res!=SHA_CBLOCK) continue;
-
-- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
-+ /* j is not incremented yet */
-+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
- data->u[SHA_LBLOCK-1] |= bitlen&mask;
- sha1_block_data_order(&key->md,data,1);
-- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
-+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
- pmac->u[0] |= key->md.h0 & mask;
- pmac->u[1] |= key->md.h1 & mask;
- pmac->u[2] |= key->md.h2 & mask;
-
Deleted: openssl/trunk/debian/patches/cpuid.patch
===================================================================
--- openssl/trunk/debian/patches/cpuid.patch 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/cpuid.patch 2013-12-22 16:42:44 UTC (rev 622)
@@ -1,27 +0,0 @@
-From: Andy Polyakov <appro at openssl.org>
-Date: Mon, 4 Mar 2013 19:05:04 +0000 (+0100)
-Subject: x86cpuid.pl: make it work with older CPUs.
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=5702e965d759dde8a098d8108660721ba2b93a7d
-Bug-Debian: http://bugs.debian.org/699692
-Bug: http://rt.openssl.org/Ticket/Display.html?id=3005&user=guest&pass=guest
-
-diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index 3b6c469..e8a7518 100644
---- a/crypto/x86cpuid.pl
-+++ b/crypto/x86cpuid.pl
-@@ -69,6 +69,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- &inc ("esi"); # number of cores
-
- &mov ("eax",1);
-+ &xor ("ecx","ecx");
- &cpuid ();
- &bt ("edx",28);
- &jnc (&label("generic"));
-@@ -102,6 +103,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
- &set_label("nocacheinfo");
- &mov ("eax",1);
-+ &xor ("ecx","ecx");
- &cpuid ();
- &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
- &cmp ("ebp",0);
Deleted: openssl/trunk/debian/patches/dtls_version.patch
===================================================================
--- openssl/trunk/debian/patches/dtls_version.patch 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/dtls_version.patch 2013-12-22 16:42:44 UTC (rev 622)
@@ -1,25 +0,0 @@
-From: David Woodhouse <dwmw2 at infradead.org>
-Date: Tue, 12 Feb 2013 14:55:32 +0000
-Subject: Check DTLS_BAD_VER for version number.
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9fe4603b8245425a4c46986ed000fca054231253
-Bug-Debian: http://bugs.debian.org/701826
-Bug: http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest
-
-The version check for DTLS1_VERSION was redundant as
-DTLS1_VERSION > TLS1_1_VERSION, however we do need to
-check for DTLS1_BAD_VER for compatibility.
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 02edf3f..443a31e 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
- unsigned padding_length, good, to_check, i;
- const unsigned overhead = 1 /* padding length byte */ + mac_size;
- /* Check if version requires explicit IV */
-- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
-+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
- {
- /* These lengths are all public so we can test them in
- * non-constant time.
-
Modified: openssl/trunk/debian/patches/fix-pod-errors.patch
===================================================================
--- openssl/trunk/debian/patches/fix-pod-errors.patch 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/fix-pod-errors.patch 2013-12-22 16:42:44 UTC (rev 622)
@@ -7,9 +7,11 @@
Bug-Debian: http://bugs.debian.org/723954
Bug: http://rt.openssl.org/Ticket/Display.html?id=3146&user=guest&pass=guest
---- openssl-1.0.1e.orig/doc/apps/smime.pod
-+++ openssl-1.0.1e/doc/apps/smime.pod
-@@ -308,28 +308,28 @@ remains DER.
+Index: openssl-1.0.1e/doc/apps/smime.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/apps/smime.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -308,28 +308,28 @@
=over 4
@@ -44,9 +46,11 @@
the message was verified correctly but an error occurred writing out
the signers certificates.
---- openssl-1.0.1e.orig/doc/apps/cms.pod
-+++ openssl-1.0.1e/doc/apps/cms.pod
-@@ -450,28 +450,28 @@ remains DER.
+Index: openssl-1.0.1e/doc/apps/cms.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/apps/cms.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -450,28 +450,28 @@
=over 4
@@ -81,9 +85,11 @@
the message was verified correctly but an error occurred writing out
the signers certificates.
---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod
-@@ -56,12 +56,12 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -56,12 +56,12 @@
=over 4
@@ -98,9 +104,11 @@
The SSL_clear() operation was successful.
---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
-@@ -27,11 +27,11 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -27,11 +27,11 @@
=over 4
@@ -114,9 +122,11 @@
A session was reused.
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod
-@@ -37,11 +37,11 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -37,11 +37,11 @@
=over 4
@@ -130,12 +140,14 @@
The operation succeeded.
---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod
-@@ -49,13 +49,13 @@ not clean. It can also occur of action i
- for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
- to find out the reason.
+Index: openssl-1.0.1e/doc/ssl/SSL_connect.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-12-22 17:22:42.956402467 +0100
+@@ -41,13 +41,13 @@
+ =over 4
+
-=item 0
+=item C<0>
@@ -148,75 +160,78 @@
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
-@@ -92,7 +92,7 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-12-22 17:23:49.347031915 +0100
+@@ -92,14 +92,14 @@
=over 4
+-=item 0
++=item C<0>
+
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+ if a bidirectional shutdown shall be performed.
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+
-=item 1
+=item C<1>
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-@@ -101,7 +101,7 @@ and the peer's "close notify" alert was
+Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:24:41.985942861 +0100
+@@ -66,13 +66,13 @@
=over 4
-=item 0
+=item C<0>
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
-@@ -66,7 +66,7 @@ values:
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
- =over 4
-
-=item 1
+=item C<1>
The operation succeeded.
-@@ -74,7 +74,7 @@ The operation succeeded.
+Index: openssl-1.0.1e/doc/ssl/SSL_accept.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-12-22 17:24:17.466450402 +0100
+@@ -44,13 +44,13 @@
=over 4
-=item 0
+=item C<0>
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod
-@@ -44,7 +44,7 @@ The following return values can occur:
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
- =over 4
-
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-@@ -53,7 +53,7 @@ established.
+Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -64,13 +64,13 @@
=over 4
-=item 0
+=item C<0>
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
-@@ -64,13 +64,13 @@ return the following values:
-
- =over 4
-
--=item 0
-+=item C<0>
-
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
@@ -226,9 +241,11 @@
The operation succeeded.
---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_write.pod
-@@ -79,7 +79,7 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_write.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
@@ -237,9 +254,11 @@
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
-@@ -100,13 +100,13 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -100,13 +100,13 @@
=over 4
@@ -255,9 +274,11 @@
The operation succeeded.
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
-@@ -35,11 +35,11 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -35,11 +35,11 @@
=over 4
@@ -271,20 +292,24 @@
The operation succeeded.
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-@@ -100,7 +100,7 @@ completely.
+Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -96,7 +96,7 @@
+ connection will fail with decryption_error before it will be finished
+ completely.
- =over 4
-
-=item 0
+=item C<0>
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_read.pod
-@@ -86,7 +86,7 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_read.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
@@ -293,9 +318,11 @@
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod
-@@ -24,7 +24,7 @@ The shutdown state of an ssl connection
+Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -24,7 +24,7 @@
=over 4
@@ -304,9 +331,11 @@
No shutdown setting, yet.
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
-@@ -52,13 +52,13 @@ The following values are returned by all
+Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -52,13 +52,13 @@
=over 4
@@ -322,35 +351,37 @@
The operation succeeded.
---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
-@@ -45,7 +45,7 @@ The following return values can occur:
+Index: openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:23:09.503854843 +0100
+@@ -45,13 +45,13 @@
=over 4
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-@@ -54,7 +54,7 @@ established.
+Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -53,11 +53,11 @@
=over 4
-=item 0
+=item C<0>
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
-@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
-
- =over 4
-
--=item 0
-+=item C<0>
-
The operation succeeded.
-=item 1
@@ -358,9 +389,11 @@
The operation failed. Check the error queue to find out the reason.
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
-@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
+Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.913435572 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.909435656 +0100
+@@ -42,11 +42,11 @@
=over 4
Deleted: openssl/trunk/debian/patches/get_certificate.patch
===================================================================
--- openssl/trunk/debian/patches/get_certificate.patch 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/get_certificate.patch 2013-12-22 16:42:44 UTC (rev 622)
@@ -1,27 +0,0 @@
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Mon, 11 Feb 2013 18:24:03 +0000
-Subject: Fix for SSL_get_certificate
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=147dbb2fe3bead7a10e2f280261b661ce7af7adc
-Bug-Debian: http://bugs.debian.org/703031
-
-
-Now we set the current certificate to the one used by a server
-there is no need to call ssl_get_server_send_cert which will
-fail if we haven't sent a certificate yet.
-
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 14d143d..ff5a85a 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
- /* Fix this function so that it takes an optional type parameter */
- X509 *SSL_get_certificate(const SSL *s)
- {
-- if (s->server)
-- return(ssl_get_server_send_cert(s));
-- else if (s->cert != NULL)
-+ if (s->cert != NULL)
- return(s->cert->key->x509);
- else
- return(NULL);
-
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/series 2013-12-22 16:42:44 UTC (rev 622)
@@ -28,11 +28,7 @@
block_diginotar.patch
block_digicert_malaysia.patch
#padlock_conf.patch
+2013-12-21.patch
defaults.patch
-ssltest_no_sslv2.patch
-cpuid.patch
-aesni-mac.patch
-dtls_version.patch
-get_certificate.patch
openssl_fix_for_x32.patch
fix-pod-errors.patch
Deleted: openssl/trunk/debian/patches/ssltest_no_sslv2.patch
===================================================================
--- openssl/trunk/debian/patches/ssltest_no_sslv2.patch 2013-12-22 16:12:32 UTC (rev 621)
+++ openssl/trunk/debian/patches/ssltest_no_sslv2.patch 2013-12-22 16:42:44 UTC (rev 622)
@@ -1,24 +0,0 @@
-From: Dr. Stephen Henson <steve at openssl.org>
-Date: Mon Feb 11 18:17:50 2013 +0000
-Origin: upstream, commit:cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4
-Subject: Fix in ssltest is no-ssl2 configured
-
-diff --git a/ssl/ssltest.c b/ssl/ssltest.c
-index 316bbb0..4f80be8 100644
---- a/ssl/ssltest.c
-+++ b/ssl/ssltest.c
-@@ -881,7 +881,13 @@ bad:
- meth=SSLv23_method();
- #else
- #ifdef OPENSSL_NO_SSL2
-- meth=SSLv3_method();
-+ if (tls1)
-+ meth=TLSv1_method();
-+ else
-+ if (ssl3)
-+ meth=SSLv3_method();
-+ else
-+ meth=SSLv23_method();
- #else
- meth=SSLv2_method();
- #endif
More information about the Pkg-openssl-changes
mailing list