[Pkg-openssl-changes] r556 - in openssl/trunk/debian: . patches

Kurt Roeckx kroeckx at alioth.debian.org
Sat Mar 31 16:36:31 UTC 2012 

Author: kroeckx
Date: 2012-03-31 16:36:31 +0000 (Sat, 31 Mar 2012)
New Revision: 556

Added:
   openssl/trunk/debian/patches/tls1.2_client_algorithms.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/patches/series
Log:
use client version when deciding whether to send supported signature
algorithms extension


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2012-03-31 16:33:52 UTC (rev 555)
+++ openssl/trunk/debian/changelog	2012-03-31 16:36:31 UTC (rev 556)
@@ -1,8 +1,10 @@
 openssl (1.0.1-3) unstable; urgency=high
 
   * Fix crash in vpaes (Closes: #665836)
+  * use client version when deciding whether to send supported signature
+    algorithms extension
 
- -- Kurt Roeckx <kurt at roeckx.be>  Sat, 31 Mar 2012 18:28:50 +0200
+ -- Kurt Roeckx <kurt at roeckx.be>  Sat, 31 Mar 2012 18:35:59 +0200
 
 openssl (1.0.1-2) unstable; urgency=low
 

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2012-03-31 16:33:52 UTC (rev 555)
+++ openssl/trunk/debian/patches/series	2012-03-31 16:36:31 UTC (rev 556)
@@ -31,3 +31,5 @@
 c_rehash-multi.patch
 no_ssl2.patch
 vpaes-x86.patch
+tls1.2_client_algorithms.patch
+

Added: openssl/trunk/debian/patches/tls1.2_client_algorithms.patch
===================================================================
--- openssl/trunk/debian/patches/tls1.2_client_algorithms.patch	                        (rev 0)
+++ openssl/trunk/debian/patches/tls1.2_client_algorithms.patch	2012-03-31 16:36:31 UTC (rev 556)
@@ -0,0 +1,13 @@
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 57d1107..27c8e34 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -544,7 +544,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
+ 		}
+ 		skip_ext:
+ 
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
++	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+ 		{
+ 		if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
+ 			return NULL;

More information about the Pkg-openssl-changes mailing list