openssl/openssl-0.9.8j-readme-warning.patch

diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
--- openssl-0.9.8j/README.warning	2009-01-07 11:50:53.000000000 +0100
+++ openssl-0.9.8j/README	2009-01-14 17:43:02.000000000 +0100
@@ -5,6 +5,31 @@
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
+ WARNING
+ -------
+
+ This version of OpenSSL is built in a way that supports operation in
+ the so called FIPS mode. Note though that the library as we build it
+ is not FIPS validated and the FIPS mode is present for testing purposes
+ only.
+ 
+ This version also contains a few differences from the upstream code
+ some of which are:
+   * The FIPS integrity verification check is implemented differently
+     from the upstream FIPS validated OpenSSL module. It verifies
+     HMAC-SHA256 checksum of the whole libcrypto shared library.
+   * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
+     tries to initialize the FIPS mode if it is set to 1 aborting if the
+     FIPS mode could not be initialized. It is also possible to force the
+     OpenSSL library to FIPS mode especially for debugging purposes by
+     setting the environment variable OPENSSL_FORCE_FIPS_MODE.
+   * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
+     will not automatically load the built in compression method ZLIB
+     when initialized. Applications can still explicitely ask for ZLIB
+     compression method.
+   * There is added a support for EAP-FAST through TLS extension. This code
+     is backported from OpenSSL upstream development branch.
+
  DESCRIPTION
  -----------
- new upstream version with necessary soname bump (#455753) - temporarily provide symlink to old soname to make it possible to rebuild the dependent packages in rawhide - add eap-fast support (#428181) - add possibility to disable zlib by setting - add fips mode support for testing purposes - do not null dereference on some invalid smime files - add buildrequires pkgconfig (#479493) 2009-01-15 09:10:25 +00:00			`diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README`
			`--- openssl-0.9.8j/README.warning 2009-01-07 11:50:53.000000000 +0100`
			`+++ openssl-0.9.8j/README 2009-01-14 17:43:02.000000000 +0100`
			`@@ -5,6 +5,31 @@`
			`Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson`
			`All rights reserved.`

			`+ WARNING`
			`+ -------`
			`+`
			`+ This version of OpenSSL is built in a way that supports operation in`
			`+ the so called FIPS mode. Note though that the library as we build it`
			`+ is not FIPS validated and the FIPS mode is present for testing purposes`
			`+ only.`
			`+`
			`+ This version also contains a few differences from the upstream code`
			`+ some of which are:`
			`+ * The FIPS integrity verification check is implemented differently`
			`+ from the upstream FIPS validated OpenSSL module. It verifies`
			`+ HMAC-SHA256 checksum of the whole libcrypto shared library.`
			`+ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and`
			`+ tries to initialize the FIPS mode if it is set to 1 aborting if the`
			`+ FIPS mode could not be initialized. It is also possible to force the`
			`+ OpenSSL library to FIPS mode especially for debugging purposes by`
			`+ setting the environment variable OPENSSL_FORCE_FIPS_MODE.`
			`+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module`
			`+ will not automatically load the built in compression method ZLIB`
			`+ when initialized. Applications can still explicitely ask for ZLIB`
			`+ compression method.`
			`+ * There is added a support for EAP-FAST through TLS extension. This code`
			`+ is backported from OpenSSL upstream development branch.`
			`+`
			`DESCRIPTION`
			`-----------`