openssl/openssl-1.1.0-no-md5-verify.patch

diff -up openssl-1.1.0-pre6/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0-pre6/crypto/asn1/a_verify.c
--- openssl-1.1.0-pre6/crypto/asn1/a_verify.c.no-md5-verify	2016-08-04 16:00:45.000000000 +0200
+++ openssl-1.1.0-pre6/crypto/asn1/a_verify.c	2016-08-08 16:01:38.382424922 +0200
@@ -7,6 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
+
 #include <stdio.h>
 #include <time.h>
 
@@ -129,6 +132,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
         if (ret != 2)
             goto err;
         ret = -1;
+    } else if (mdnid == NID_md5
+               && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+        goto err;
     } else {
         const EVP_MD *type;
         type = EVP_get_digestbynid(mdnid);
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`diff -up openssl-1.1.0-pre6/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0-pre6/crypto/asn1/a_verify.c`
			`--- openssl-1.1.0-pre6/crypto/asn1/a_verify.c.no-md5-verify 2016-08-04 16:00:45.000000000 +0200`
			`+++ openssl-1.1.0-pre6/crypto/asn1/a_verify.c 2016-08-08 16:01:38.382424922 +0200`
			`@@ -7,6 +7,9 @@`
			`* https://www.openssl.org/source/license.html`
rebase to 1.0.2 branch 2015-04-23 11:57:26 +00:00			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`+`
			`#include <stdio.h>`
			`#include <time.h>`

update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -129,6 +132,11 @@ int ASN1_item_verify(const ASN1_ITEM *it`
rebase to 1.0.2 branch 2015-04-23 11:57:26 +00:00			`if (ret != 2)`
			`goto err;`
			`ret = -1;`
			`+ } else if (mdnid == NID_md5`
			`+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) {`
			`+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,`
			`+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);`
			`+ goto err;`
			`} else {`
			`const EVP_MD *type;`
			`type = EVP_get_digestbynid(mdnid);`