[Pkg-openssl-changes] r598 - in openssl/trunk/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Mon Mar 18 19:37:58 UTC 2013
Author: kroeckx
Date: 2013-03-18 19:37:58 +0000 (Mon, 18 Mar 2013)
New Revision: 598
Added:
openssl/trunk/debian/patches/get_certificate.patch
Modified:
openssl/trunk/debian/changelog
openssl/trunk/debian/patches/series
Log:
Fix segfault in SSL_get_certificate (Closes: #703031)
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2013-03-18 19:30:23 UTC (rev 597)
+++ openssl/trunk/debian/changelog 2013-03-18 19:37:58 UTC (rev 598)
@@ -4,8 +4,9 @@
* Make cpuid work on cpu's that don't set ecx (Closes: #699692)
* Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
* Fix problem with DTLS version check (Closes: #701826)
+ * Fix segfault in SSL_get_certificate (Closes: #703031)
- -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:19:58 +0100
+ -- Kurt Roeckx <kurt at roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
openssl (1.0.1e-1) unstable; urgency=high
Added: openssl/trunk/debian/patches/get_certificate.patch
===================================================================
--- openssl/trunk/debian/patches/get_certificate.patch (rev 0)
+++ openssl/trunk/debian/patches/get_certificate.patch 2013-03-18 19:37:58 UTC (rev 598)
@@ -0,0 +1,27 @@
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 11 Feb 2013 18:24:03 +0000
+Subject: Fix for SSL_get_certificate
+Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=147dbb2fe3bead7a10e2f280261b661ce7af7adc
+Bug-Debian: http://bugs.debian.org/703031
+
+
+Now we set the current certificate to the one used by a server
+there is no need to call ssl_get_server_send_cert which will
+fail if we haven't sent a certificate yet.
+
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 14d143d..ff5a85a 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ {
+- if (s->server)
+- return(ssl_get_server_send_cert(s));
+- else if (s->cert != NULL)
++ if (s->cert != NULL)
+ return(s->cert->key->x509);
+ else
+ return(NULL);
+
Modified: openssl/trunk/debian/patches/series
===================================================================
--- openssl/trunk/debian/patches/series 2013-03-18 19:30:23 UTC (rev 597)
+++ openssl/trunk/debian/patches/series 2013-03-18 19:37:58 UTC (rev 598)
@@ -35,3 +35,4 @@
cpuid.patch
aesni-mac.patch
dtls_version.patch
+get_certificate.patch
More information about the Pkg-openssl-changes
mailing list