[Pkg-openssl-changes] r598 - in openssl/trunk/debian: . patches

Kurt Roeckx kroeckx at alioth.debian.org
Mon Mar 18 19:37:58 UTC 2013 

Author: kroeckx
Date: 2013-03-18 19:37:58 +0000 (Mon, 18 Mar 2013)
New Revision: 598

Added:
   openssl/trunk/debian/patches/get_certificate.patch
Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/debian/patches/series
Log:
Fix segfault in SSL_get_certificate (Closes: #703031)


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2013-03-18 19:30:23 UTC (rev 597)
+++ openssl/trunk/debian/changelog	2013-03-18 19:37:58 UTC (rev 598)
@@ -4,8 +4,9 @@
   * Make cpuid work on cpu's that don't set ecx (Closes: #699692)
   * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
   * Fix problem with DTLS version check (Closes: #701826)
+  * Fix segfault in SSL_get_certificate (Closes: #703031)
 
- -- Kurt Roeckx <kurt at roeckx.be>  Mon, 18 Mar 2013 20:19:58 +0100
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 18 Mar 2013 20:37:11 +0100
 
 openssl (1.0.1e-1) unstable; urgency=high
 

Added: openssl/trunk/debian/patches/get_certificate.patch
===================================================================
--- openssl/trunk/debian/patches/get_certificate.patch	                        (rev 0)
+++ openssl/trunk/debian/patches/get_certificate.patch	2013-03-18 19:37:58 UTC (rev 598)
@@ -0,0 +1,27 @@
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 11 Feb 2013 18:24:03 +0000
+Subject: Fix for SSL_get_certificate
+Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=147dbb2fe3bead7a10e2f280261b661ce7af7adc
+Bug-Debian: http://bugs.debian.org/703031
+
+
+Now we set the current certificate to the one used by a server
+there is no need to call ssl_get_server_send_cert which will
+fail if we haven't sent a certificate yet.
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 14d143d..ff5a85a 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ 	{
+-	if (s->server)
+-		return(ssl_get_server_send_cert(s));
+-	else if (s->cert != NULL)
++	if (s->cert != NULL)
+ 		return(s->cert->key->x509);
+ 	else
+ 		return(NULL);
+

Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series	2013-03-18 19:30:23 UTC (rev 597)
+++ openssl/trunk/debian/patches/series	2013-03-18 19:37:58 UTC (rev 598)
@@ -35,3 +35,4 @@
 cpuid.patch
 aesni-mac.patch
 dtls_version.patch
+get_certificate.patch

More information about the Pkg-openssl-changes mailing list