apply properly revert SSL_read() behavior change - patch from upstream (#1394677)
- fix behavior on client certificate request in renegotiation (#1393579)
This commit is contained in:
Tomas Mraz
parent
e443a79334
commit
3a8593870a
|
|
@ -0,0 +1,21 @@
|
|||
diff -up openssl-1.1.0c/ssl/statem/statem.c.certreq openssl-1.1.0c/ssl/statem/statem.c
|
||||
--- openssl-1.1.0c/ssl/statem/statem.c.certreq 2016-11-10 15:03:46.000000000 +0100
|
||||
+++ openssl-1.1.0c/ssl/statem/statem.c 2016-11-30 14:23:14.274758723 +0100
|
||||
@@ -361,6 +361,8 @@ static int state_machine(SSL *s, int ser
|
||||
*/
|
||||
s->ctx->stats.sess_accept_renegotiate++;
|
||||
}
|
||||
+
|
||||
+ s->s3->tmp.cert_request = 0;
|
||||
} else {
|
||||
s->ctx->stats.sess_connect++;
|
||||
|
||||
@@ -368,7 +370,7 @@ static int state_machine(SSL *s, int ser
|
||||
memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
|
||||
s->hit = 0;
|
||||
|
||||
- s->s3->tmp.cert_request = 0;
|
||||
+ s->s3->tmp.cert_req = 0;
|
||||
|
||||
if (SSL_IS_DTLS(s)) {
|
||||
st->use_timer = 1;
|
||||
12
openssl.spec
12
openssl.spec
|
|
@ -22,7 +22,7 @@
|
|||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.0c
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
|
|
@ -60,6 +60,8 @@ Patch41: openssl-1.1.0-system-cipherlist.patch
|
|||
Patch42: openssl-1.1.0-fips.patch
|
||||
Patch43: openssl-1.1.0-afalg-eventfd2.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch60: openssl-1.1.0-sslread-revert.patch
|
||||
Patch61: openssl-1.1.0-cert-req.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
|
|
@ -159,6 +161,9 @@ cp %{SOURCE13} test/
|
|||
%patch42 -p1 -b .fips
|
||||
%patch43 -p1 -b .eventfd2
|
||||
|
||||
%patch60 -p1 -b .sslread-revert
|
||||
%patch61 -p1 -b .cert-req
|
||||
|
||||
%build
|
||||
# Figure out which flags we want to use.
|
||||
# default
|
||||
|
|
@ -425,8 +430,11 @@ export LD_LIBRARY_PATH
|
|||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue Nov 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-2
|
||||
* Wed Nov 30 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-3
|
||||
- revert SSL_read() behavior change - patch from upstream (#1394677)
|
||||
- fix behavior on client certificate request in renegotiation (#1393579)
|
||||
|
||||
* Tue Nov 22 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0c-2
|
||||
- EC curve NIST P-224 is now allowed, still kept disabled in TLS due
|
||||
to less than optimal security
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue