openssl/openssl-1.0.1-beta2-ssl-op-all.patch

diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h
--- openssl-1.0.1-beta2/ssl/ssl.h.op-all	2012-02-02 12:49:00.828035916 +0100
+++ openssl-1.0.1-beta2/ssl/ssl.h	2012-02-02 12:52:27.297818182 +0100
@@ -540,7 +540,7 @@ struct ssl_session_st
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
@@ -558,7 +558,7 @@ struct ssl_session_st
 
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
  *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL					0x80000BFFL
+#define SSL_OP_ALL					0x80000BF7L /* we still have to include SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
 
 /* DTLS options */
 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
New upstream release from the 1.0.1 branch, ABI compatible - also add documentation for the -no_ign_eof option 2012-02-07 12:46:42 +00:00			`diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h`
			`--- openssl-1.0.1-beta2/ssl/ssl.h.op-all 2012-02-02 12:49:00.828035916 +0100`
			`+++ openssl-1.0.1-beta2/ssl/ssl.h 2012-02-02 12:52:27.297818182 +0100`
			`@@ -540,7 +540,7 @@ struct ssl_session_st`
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) 2005-12-15 10:45:33 +00:00			`#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L`
- new upstream release 2010-01-21 08:12:12 +00:00			`/* Allow initial connection to servers that don't support RI */`
			`#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L`
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) 2005-12-15 10:45:33 +00:00			`-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L`
More accurate comment for the SSL_OP_NETSCAPE_CIPHER_CHANGE_BUG 2010-12-09 10:46:08 +00:00			`+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */`
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) 2005-12-15 10:45:33 +00:00			`#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L`
			`#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L`
			`#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */`
New upstream release from the 1.0.1 branch, ABI compatible - also add documentation for the -no_ign_eof option 2012-02-07 12:46:42 +00:00			`@@ -558,7 +558,7 @@ struct ssl_session_st`
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) 2005-12-15 10:45:33 +00:00
			`/* SSL_OP_ALL: various bug workarounds that should be rather harmless.`
			`* This used to be 0x000FFFFFL before 0.9.7. */`
New upstream release from the 1.0.1 branch, ABI compatible - also add documentation for the -no_ign_eof option 2012-02-07 12:46:42 +00:00			`-#define SSL_OP_ALL 0x80000BFFL`
new upstream version 2012-04-26 16:10:52 +00:00			`+#define SSL_OP_ALL 0x80000BF7L /* we still have to include SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */`
- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG in SSL_OP_ALL (#175779) 2005-12-15 10:45:33 +00:00
			`/* DTLS options */`
			`#define SSL_OP_NO_QUERY_MTU 0x00001000L`