minor upstream release 1.0.2k fixing security issues
also fix locking of RNG in FIPS mode for some obscure use-cases
This commit is contained in:
parent
c914702332
commit
d060315de9
1
.gitignore
vendored
1
.gitignore
vendored
@ -32,3 +32,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.0.2i-hobbled.tar.xz
|
||||
/openssl-1.0.2j-hobbled.tar.xz
|
||||
/openssl-1.0.2k-hobbled.tar.xz
|
||||
/openssl-1.0.2m-hobbled.tar.xz
|
||||
|
@ -1,115 +0,0 @@
|
||||
From e93f7d9c9873e8e9538c0be0b0d3b6851344dd6d Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. Stephen Henson" <steve@openssl.org>
|
||||
Date: Thu, 26 Jan 2017 17:39:48 +0000
|
||||
Subject: [PATCH] Use correct signature algorithm list when sending or
|
||||
checking.
|
||||
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/2298)
|
||||
---
|
||||
ssl/s3_lib.c | 2 +-
|
||||
ssl/s3_srvr.c | 2 +-
|
||||
ssl/ssl_locl.h | 2 +-
|
||||
ssl/t1_lib.c | 12 ++++++------
|
||||
4 files changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
||||
index 0385e03..1014a3f 100644
|
||||
--- a/ssl/s3_lib.c
|
||||
+++ b/ssl/s3_lib.c
|
||||
@@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
|
||||
return (int)s->cert->ctype_num;
|
||||
}
|
||||
/* get configured sigalgs */
|
||||
- siglen = tls12_get_psigalgs(s, &sig);
|
||||
+ siglen = tls12_get_psigalgs(s, 1, &sig);
|
||||
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
|
||||
nostrict = 0;
|
||||
for (i = 0; i < siglen; i += 2, sig += 2) {
|
||||
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
|
||||
index ea56f9c..e5ee384 100644
|
||||
--- a/ssl/s3_srvr.c
|
||||
+++ b/ssl/s3_srvr.c
|
||||
@@ -2084,7 +2084,7 @@ int ssl3_send_certificate_request(SSL *s)
|
||||
|
||||
if (SSL_USE_SIGALGS(s)) {
|
||||
const unsigned char *psigs;
|
||||
- nl = tls12_get_psigalgs(s, &psigs);
|
||||
+ nl = tls12_get_psigalgs(s, 1, &psigs);
|
||||
s2n(nl, p);
|
||||
memcpy(p, psigs, nl);
|
||||
p += nl;
|
||||
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
||||
index d50edd1..f582d5f 100644
|
||||
--- a/ssl/ssl_locl.h
|
||||
+++ b/ssl/ssl_locl.h
|
||||
@@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
|
||||
long ssl_get_algorithm2(SSL *s);
|
||||
int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
|
||||
int tls1_process_sigalgs(SSL *s);
|
||||
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
|
||||
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
|
||||
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
|
||||
const unsigned char *sig, EVP_PKEY *pkey);
|
||||
void ssl_set_client_disabled(SSL *s);
|
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||
index e60c88b..5355f0e 100644
|
||||
--- a/ssl/t1_lib.c
|
||||
+++ b/ssl/t1_lib.c
|
||||
@@ -1035,7 +1035,7 @@ static unsigned char suiteb_sigalgs[] = {
|
||||
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
|
||||
};
|
||||
# endif
|
||||
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
|
||||
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
|
||||
{
|
||||
/*
|
||||
* If Suite B mode use Suite B sigalgs only, ignore any other
|
||||
@@ -1057,7 +1057,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
|
||||
}
|
||||
# endif
|
||||
/* If server use client authentication sigalgs if not NULL */
|
||||
- if (s->server && s->cert->client_sigalgs) {
|
||||
+ if (s->server == sent && s->cert->client_sigalgs) {
|
||||
*psigs = s->cert->client_sigalgs;
|
||||
return s->cert->client_sigalgslen;
|
||||
} else if (s->cert->conf_sigalgs) {
|
||||
@@ -1121,7 +1121,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
|
||||
# endif
|
||||
|
||||
/* Check signature matches a type we sent */
|
||||
- sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
|
||||
+ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
|
||||
for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
|
||||
if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
|
||||
break;
|
||||
@@ -1169,7 +1169,7 @@ void ssl_set_client_disabled(SSL *s)
|
||||
* Now go through all signature algorithms seeing if we support any for
|
||||
* RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
|
||||
*/
|
||||
- sigalgslen = tls12_get_psigalgs(s, &sigalgs);
|
||||
+ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
|
||||
for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
|
||||
switch (sigalgs[1]) {
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
@@ -1440,7 +1440,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
||||
if (SSL_CLIENT_USE_SIGALGS(s)) {
|
||||
size_t salglen;
|
||||
const unsigned char *salg;
|
||||
- salglen = tls12_get_psigalgs(s, &salg);
|
||||
+ salglen = tls12_get_psigalgs(s, 1, &salg);
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
@@ -3803,7 +3803,7 @@ static int tls1_set_shared_sigalgs(SSL *s)
|
||||
conf = c->conf_sigalgs;
|
||||
conflen = c->conf_sigalgslen;
|
||||
} else
|
||||
- conflen = tls12_get_psigalgs(s, &conf);
|
||||
+ conflen = tls12_get_psigalgs(s, 0, &conf);
|
||||
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
|
||||
pref = conf;
|
||||
preflen = conflen;
|
||||
--
|
||||
2.9.3
|
||||
|
78
openssl-1.0.2k-fips-randlock.patch
Normal file
78
openssl-1.0.2k-fips-randlock.patch
Normal file
@ -0,0 +1,78 @@
|
||||
diff -up openssl-1.0.2k/crypto/fips/fips_drbg_lib.c.fips-randlock openssl-1.0.2k/crypto/fips/fips_drbg_lib.c
|
||||
--- openssl-1.0.2k/crypto/fips/fips_drbg_lib.c.fips-randlock 2017-03-09 17:59:26.249231181 +0100
|
||||
+++ openssl-1.0.2k/crypto/fips/fips_drbg_lib.c 2017-11-07 10:06:11.666777108 +0100
|
||||
@@ -338,6 +338,12 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
|
||||
return drbg_reseed(dctx, adin, adinlen, 1);
|
||||
}
|
||||
|
||||
+void FIPS_drbg_set_reseed(DRBG_CTX *dctx)
|
||||
+{
|
||||
+ if (dctx->status == DRBG_STATUS_READY)
|
||||
+ dctx->status = DRBG_STATUS_RESEED;
|
||||
+}
|
||||
+
|
||||
static int fips_drbg_check(DRBG_CTX *dctx)
|
||||
{
|
||||
if (dctx->xflags & DRBG_FLAG_TEST)
|
||||
diff -up openssl-1.0.2k/crypto/fips/fips_rand.h.fips-randlock openssl-1.0.2k/crypto/fips/fips_rand.h
|
||||
--- openssl-1.0.2k/crypto/fips/fips_rand.h.fips-randlock 2017-03-09 17:59:26.252231250 +0100
|
||||
+++ openssl-1.0.2k/crypto/fips/fips_rand.h 2017-11-07 10:06:40.241450151 +0100
|
||||
@@ -86,6 +86,7 @@ extern "C" {
|
||||
const unsigned char *pers, size_t perslen);
|
||||
int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin,
|
||||
size_t adinlen);
|
||||
+ void FIPS_drbg_set_reseed(DRBG_CTX *dctx);
|
||||
int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
|
||||
int prediction_resistance,
|
||||
const unsigned char *adin, size_t adinlen);
|
||||
diff -up openssl-1.0.2k/crypto/rand/md_rand.c.fips-randlock openssl-1.0.2k/crypto/rand/md_rand.c
|
||||
--- openssl-1.0.2k/crypto/rand/md_rand.c.fips-randlock 2017-03-09 17:59:26.255231320 +0100
|
||||
+++ openssl-1.0.2k/crypto/rand/md_rand.c 2017-10-23 17:28:00.999638475 +0200
|
||||
@@ -365,6 +365,14 @@ int ssleay_rand_bytes(unsigned char *buf
|
||||
num_ceil =
|
||||
(1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
|
||||
|
||||
+ /* always poll for external entropy in FIPS mode, drbg provides the
|
||||
+ * expansion
|
||||
+ */
|
||||
+ if (FIPS_module_mode()) {
|
||||
+ RAND_poll();
|
||||
+ initialized = 1;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* (Based on the rand(3) manpage:)
|
||||
*
|
||||
@@ -391,10 +399,7 @@ int ssleay_rand_bytes(unsigned char *buf
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
|
||||
crypto_lock_rand = 1;
|
||||
|
||||
- /* always poll for external entropy in FIPS mode, drbg provides the
|
||||
- * expansion
|
||||
- */
|
||||
- if (!initialized || FIPS_module_mode()) {
|
||||
+ if (!initialized) {
|
||||
RAND_poll();
|
||||
initialized = 1;
|
||||
}
|
||||
diff -up openssl-1.0.2k/crypto/rand/rand_lib.c.fips-randlock openssl-1.0.2k/crypto/rand/rand_lib.c
|
||||
--- openssl-1.0.2k/crypto/rand/rand_lib.c.fips-randlock 2017-03-09 17:59:26.292232183 +0100
|
||||
+++ openssl-1.0.2k/crypto/rand/rand_lib.c 2017-11-07 10:20:08.050403861 +0100
|
||||
@@ -238,7 +238,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
|
||||
RAND_SSLeay()->add(in, inlen, entropy);
|
||||
if (FIPS_rand_status()) {
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
- FIPS_drbg_reseed(ctx, NULL, 0);
|
||||
+ FIPS_drbg_set_reseed(ctx);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
}
|
||||
return 1;
|
||||
@@ -249,7 +249,7 @@ static int drbg_rand_seed(DRBG_CTX *ctx,
|
||||
RAND_SSLeay()->seed(in, inlen);
|
||||
if (FIPS_rand_status()) {
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
- FIPS_drbg_reseed(ctx, NULL, 0);
|
||||
+ FIPS_drbg_set_reseed(ctx);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
}
|
||||
return 1;
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.2j/apps/s_client.c.krb5keytab openssl-1.0.2j/apps/s_client.c
|
||||
--- openssl-1.0.2j/apps/s_client.c.krb5keytab 2017-01-05 17:02:05.481441088 +0100
|
||||
+++ openssl-1.0.2j/apps/s_client.c 2017-01-05 17:08:28.311073180 +0100
|
||||
diff -up openssl-1.0.2m/apps/s_client.c.krb5keytab openssl-1.0.2m/apps/s_client.c
|
||||
--- openssl-1.0.2m/apps/s_client.c.krb5keytab 2017-11-13 09:02:11.741337880 +0100
|
||||
+++ openssl-1.0.2m/apps/s_client.c 2017-11-13 09:02:11.764338368 +0100
|
||||
@@ -171,6 +171,10 @@ typedef unsigned int u_int;
|
||||
#include "s_apps.h"
|
||||
#include "timeouts.h"
|
||||
@ -45,9 +45,9 @@ diff -up openssl-1.0.2j/apps/s_client.c.krb5keytab openssl-1.0.2j/apps/s_client.
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
/* SSL_set_cipher_list(con,"RC4-MD5"); */
|
||||
diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.c
|
||||
--- openssl-1.0.2j/apps/s_server.c.krb5keytab 2017-01-05 17:02:05.482441111 +0100
|
||||
+++ openssl-1.0.2j/apps/s_server.c 2017-01-05 17:16:36.458078609 +0100
|
||||
diff -up openssl-1.0.2m/apps/s_server.c.krb5keytab openssl-1.0.2m/apps/s_server.c
|
||||
--- openssl-1.0.2m/apps/s_server.c.krb5keytab 2017-11-13 09:02:11.742337901 +0100
|
||||
+++ openssl-1.0.2m/apps/s_server.c 2017-11-13 09:02:11.764338368 +0100
|
||||
@@ -206,6 +206,11 @@ typedef unsigned int u_int;
|
||||
# include <fcntl.h>
|
||||
#endif
|
||||
@ -60,7 +60,7 @@ diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||
#endif
|
||||
@@ -579,6 +584,10 @@ static void sv_usage(void)
|
||||
@@ -575,6 +580,10 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
|
||||
BIO_printf(bio_err, " -quiet - No server output\n");
|
||||
BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
|
||||
@ -71,7 +71,7 @@ diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
|
||||
BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
|
||||
@@ -1326,6 +1335,17 @@ int MAIN(int argc, char *argv[])
|
||||
@@ -1322,6 +1331,17 @@ int MAIN(int argc, char *argv[])
|
||||
goto bad;
|
||||
vfyCAfile = *(++argv);
|
||||
}
|
||||
@ -89,7 +89,7 @@ diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.
|
||||
#ifdef FIONBIO
|
||||
else if (strcmp(*argv, "-nbio") == 0) {
|
||||
s_nbio = 1;
|
||||
@@ -2226,8 +2246,10 @@ static int sv_body(char *hostname, int s
|
||||
@@ -2222,8 +2242,10 @@ static int sv_body(char *hostname, int s
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((kctx = kssl_ctx_new()) != NULL) {
|
||||
SSL_set0_kssl_ctx(con, kctx);
|
||||
@ -102,7 +102,7 @@ diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if (context)
|
||||
@@ -2836,8 +2858,11 @@ static int www_body(char *hostname, int
|
||||
@@ -2832,8 +2854,11 @@ static int www_body(char *hostname, int
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((kctx = kssl_ctx_new()) != NULL) {
|
||||
@ -116,18 +116,18 @@ diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if (context)
|
||||
diff -up openssl-1.0.2j/doc/apps/s_client.pod.krb5keytab openssl-1.0.2j/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2j/doc/apps/s_client.pod.krb5keytab 2016-09-26 11:49:07.000000000 +0200
|
||||
+++ openssl-1.0.2j/doc/apps/s_client.pod 2017-01-05 17:21:30.562709291 +0100
|
||||
@@ -43,6 +43,7 @@ B<openssl> B<s_client>
|
||||
[B<-fallback_scsv>]
|
||||
[B<-bugs>]
|
||||
diff -up openssl-1.0.2m/doc/apps/s_client.pod.krb5keytab openssl-1.0.2m/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_client.pod.krb5keytab 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_client.pod 2017-11-13 09:03:07.388519323 +0100
|
||||
@@ -46,6 +46,7 @@ B<openssl> B<s_client>
|
||||
[B<-sigalgs sigalglist>]
|
||||
[B<-curves curvelist>]
|
||||
[B<-cipher cipherlist>]
|
||||
+[B<-krb5svc service>]
|
||||
[B<-serverpref>]
|
||||
[B<-starttls protocol>]
|
||||
[B<-engine id>]
|
||||
@@ -228,6 +229,12 @@ command for more information.
|
||||
@@ -246,6 +247,12 @@ command for more information.
|
||||
|
||||
use the server's cipher preferences; only used for SSLV2.
|
||||
|
||||
@ -140,11 +140,11 @@ diff -up openssl-1.0.2j/doc/apps/s_client.pod.krb5keytab openssl-1.0.2j/doc/apps
|
||||
=item B<-starttls protocol>
|
||||
|
||||
send the protocol-specific message(s) to switch to TLS for communication.
|
||||
diff -up openssl-1.0.2j/doc/apps/s_server.pod.krb5keytab openssl-1.0.2j/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2j/doc/apps/s_server.pod.krb5keytab 2017-01-05 17:02:05.482441111 +0100
|
||||
+++ openssl-1.0.2j/doc/apps/s_server.pod 2017-01-05 17:20:54.769902331 +0100
|
||||
@@ -37,6 +37,8 @@ B<openssl> B<s_server>
|
||||
[B<-nocert>]
|
||||
diff -up openssl-1.0.2m/doc/apps/s_server.pod.krb5keytab openssl-1.0.2m/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_server.pod.krb5keytab 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_server.pod 2017-11-13 09:03:19.316772571 +0100
|
||||
@@ -40,6 +40,8 @@ B<openssl> B<s_server>
|
||||
[B<-named_curve curve>]
|
||||
[B<-cipher cipherlist>]
|
||||
[B<-serverpref>]
|
||||
+[B<-krb5svc service>]
|
||||
@ -152,7 +152,7 @@ diff -up openssl-1.0.2j/doc/apps/s_server.pod.krb5keytab openssl-1.0.2j/doc/apps
|
||||
[B<-quiet>]
|
||||
[B<-no_tmp_rsa>]
|
||||
[B<-ssl2>]
|
||||
@@ -246,6 +248,17 @@ the B<ciphers> command for more informat
|
||||
@@ -262,6 +264,17 @@ the B<ciphers> command for more informat
|
||||
|
||||
use the server's cipher preferences, rather than the client's preferences.
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-1.0.2g/doc/apps/ec.pod.manfix openssl-1.0.2g/doc/apps/ec.pod
|
||||
--- openssl-1.0.2g/doc/apps/ec.pod.manfix 2016-03-01 14:35:05.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/ec.pod 2016-03-01 16:47:35.331568290 +0100
|
||||
@@ -93,10 +93,6 @@ prints out the public, private key compo
|
||||
diff -up openssl-1.0.2m/doc/apps/ec.pod.manfix openssl-1.0.2m/doc/apps/ec.pod
|
||||
--- openssl-1.0.2m/doc/apps/ec.pod.manfix 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/ec.pod 2017-11-13 09:06:06.372591988 +0100
|
||||
@@ -94,10 +94,6 @@ prints out the public, private key compo
|
||||
|
||||
this option prevents output of the encoded version of the key.
|
||||
|
||||
@ -12,9 +12,9 @@ diff -up openssl-1.0.2g/doc/apps/ec.pod.manfix openssl-1.0.2g/doc/apps/ec.pod
|
||||
=item B<-pubin>
|
||||
|
||||
by default a private key is read from the input file: with this option a
|
||||
diff -up openssl-1.0.2g/doc/apps/openssl.pod.manfix openssl-1.0.2g/doc/apps/openssl.pod
|
||||
--- openssl-1.0.2g/doc/apps/openssl.pod.manfix 2016-03-01 14:35:05.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/openssl.pod 2016-03-01 16:47:35.331568290 +0100
|
||||
diff -up openssl-1.0.2m/doc/apps/openssl.pod.manfix openssl-1.0.2m/doc/apps/openssl.pod
|
||||
--- openssl-1.0.2m/doc/apps/openssl.pod.manfix 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/openssl.pod 2017-11-13 09:06:06.372591988 +0100
|
||||
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
|
||||
|
||||
Online Certificate Status Protocol utility.
|
||||
@ -45,10 +45,10 @@ diff -up openssl-1.0.2g/doc/apps/openssl.pod.manfix openssl-1.0.2g/doc/apps/open
|
||||
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
|
||||
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
|
||||
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
|
||||
diff -up openssl-1.0.2g/doc/apps/s_client.pod.manfix openssl-1.0.2g/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2g/doc/apps/s_client.pod.manfix 2016-03-01 14:35:53.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/s_client.pod 2016-03-01 16:47:35.358568902 +0100
|
||||
@@ -35,6 +35,9 @@ B<openssl> B<s_client>
|
||||
diff -up openssl-1.0.2m/doc/apps/s_client.pod.manfix openssl-1.0.2m/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_client.pod.manfix 2017-11-13 09:06:06.346591381 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_client.pod 2017-11-13 09:07:05.273965939 +0100
|
||||
@@ -36,6 +36,9 @@ B<openssl> B<s_client>
|
||||
[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
@ -58,19 +58,19 @@ diff -up openssl-1.0.2g/doc/apps/s_client.pod.manfix openssl-1.0.2g/doc/apps/s_c
|
||||
[B<-no_ssl2>]
|
||||
[B<-no_ssl3>]
|
||||
[B<-no_tls1>]
|
||||
@@ -201,7 +204,7 @@ Use the PSK key B<key> when using a PSK
|
||||
given as a hexadecimal number without leading 0x, for example -psk
|
||||
@@ -208,7 +211,7 @@ given as a hexadecimal number without le
|
||||
1a2b3c4d.
|
||||
This option must be provided in order to use a PSK cipher.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
|
||||
These options require or disable the use of the specified SSL or TLS protocols.
|
||||
By default the initial handshake uses a I<version-flexible> method which will
|
||||
diff -up openssl-1.0.2g/doc/apps/s_server.pod.manfix openssl-1.0.2g/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2g/doc/apps/s_server.pod.manfix 2016-03-01 14:35:53.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/s_server.pod 2016-03-01 16:47:35.359568925 +0100
|
||||
@@ -42,6 +42,8 @@ B<openssl> B<s_server>
|
||||
diff -up openssl-1.0.2m/doc/apps/s_server.pod.manfix openssl-1.0.2m/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_server.pod.manfix 2017-11-13 09:06:06.346591381 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_server.pod 2017-11-13 09:07:24.481413978 +0100
|
||||
@@ -47,6 +47,8 @@ B<openssl> B<s_server>
|
||||
[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
@ -79,9 +79,9 @@ diff -up openssl-1.0.2g/doc/apps/s_server.pod.manfix openssl-1.0.2g/doc/apps/s_s
|
||||
[B<-no_ssl2>]
|
||||
[B<-no_ssl3>]
|
||||
[B<-no_tls1>]
|
||||
@@ -217,7 +219,7 @@ Use the PSK key B<key> when using a PSK
|
||||
given as a hexadecimal number without leading 0x, for example -psk
|
||||
@@ -224,7 +226,7 @@ given as a hexadecimal number without le
|
||||
1a2b3c4d.
|
||||
This option must be provided in order to use a PSK cipher.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_api.c
|
||||
--- openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/conf/conf_api.c 2016-09-22 13:51:29.847742209 +0200
|
||||
diff -up openssl-1.0.2m/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2m/crypto/conf/conf_api.c
|
||||
--- openssl-1.0.2m/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:32:57.000000000 +0100
|
||||
+++ openssl-1.0.2m/crypto/conf/conf_api.c 2017-11-13 09:04:24.456214656 +0100
|
||||
@@ -63,6 +63,8 @@
|
||||
# define NDEBUG
|
||||
#endif
|
||||
@ -28,9 +28,9 @@ diff -up openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2i/cryp
|
||||
}
|
||||
|
||||
#if 0 /* There's no way to provide error checking
|
||||
diff -up openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_mod.c
|
||||
--- openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/conf/conf_mod.c 2016-09-22 13:51:29.847742209 +0200
|
||||
diff -up openssl-1.0.2m/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2m/crypto/conf/conf_mod.c
|
||||
--- openssl-1.0.2m/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:32:57.000000000 +0100
|
||||
+++ openssl-1.0.2m/crypto/conf/conf_mod.c 2017-11-13 09:04:24.456214656 +0100
|
||||
@@ -57,6 +57,8 @@
|
||||
*
|
||||
*/
|
||||
@ -49,9 +49,9 @@ diff -up openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2i/cryp
|
||||
if (file)
|
||||
return BUF_strdup(file);
|
||||
|
||||
diff -up openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2i/crypto/engine/eng_list.c
|
||||
--- openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/engine/eng_list.c 2016-09-22 13:51:29.847742209 +0200
|
||||
diff -up openssl-1.0.2m/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2m/crypto/engine/eng_list.c
|
||||
--- openssl-1.0.2m/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/crypto/engine/eng_list.c 2017-11-13 09:04:24.456214656 +0100
|
||||
@@ -62,6 +62,8 @@
|
||||
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
||||
*/
|
||||
@ -74,9 +74,9 @@ diff -up openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2i/cr
|
||||
load_dir = ENGINESDIR;
|
||||
# endif
|
||||
iterator = ENGINE_by_id("dynamic");
|
||||
diff -up openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2i/crypto/md5/md5_dgst.c
|
||||
--- openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv 2016-09-22 13:51:29.840742047 +0200
|
||||
+++ openssl-1.0.2i/crypto/md5/md5_dgst.c 2016-09-22 13:51:29.847742209 +0200
|
||||
diff -up openssl-1.0.2m/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2m/crypto/md5/md5_dgst.c
|
||||
--- openssl-1.0.2m/crypto/md5/md5_dgst.c.secure-getenv 2017-11-13 09:04:24.446214423 +0100
|
||||
+++ openssl-1.0.2m/crypto/md5/md5_dgst.c 2017-11-13 09:04:24.456214656 +0100
|
||||
@@ -56,6 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
@ -96,9 +96,9 @@ diff -up openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2i/crypt
|
||||
OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");
|
||||
return private_MD5_Init(c);
|
||||
}
|
||||
diff -up openssl-1.0.2i/crypto/o_init.c.secure-getenv openssl-1.0.2i/crypto/o_init.c
|
||||
--- openssl-1.0.2i/crypto/o_init.c.secure-getenv 2016-09-22 13:51:29.830741814 +0200
|
||||
+++ openssl-1.0.2i/crypto/o_init.c 2016-09-22 13:51:30.046746834 +0200
|
||||
diff -up openssl-1.0.2m/crypto/o_init.c.secure-getenv openssl-1.0.2m/crypto/o_init.c
|
||||
--- openssl-1.0.2m/crypto/o_init.c.secure-getenv 2017-11-13 09:04:24.431214072 +0100
|
||||
+++ openssl-1.0.2m/crypto/o_init.c 2017-11-13 09:04:24.456214656 +0100
|
||||
@@ -53,6 +53,8 @@
|
||||
*
|
||||
*/
|
||||
@ -117,9 +117,9 @@ diff -up openssl-1.0.2i/crypto/o_init.c.secure-getenv openssl-1.0.2i/crypto/o_in
|
||||
buf[0] = '1';
|
||||
} else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
|
||||
while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
|
||||
diff -up openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv openssl-1.0.2i/crypto/rand/randfile.c
|
||||
--- openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/rand/randfile.c 2016-09-22 13:53:17.222237626 +0200
|
||||
diff -up openssl-1.0.2m/crypto/rand/randfile.c.secure-getenv openssl-1.0.2m/crypto/rand/randfile.c
|
||||
--- openssl-1.0.2m/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/crypto/rand/randfile.c 2017-11-13 09:04:24.457214679 +0100
|
||||
@@ -55,6 +55,8 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
@ -146,9 +146,9 @@ diff -up openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv openssl-1.0.2i/cryp
|
||||
#ifdef DEFAULT_HOME
|
||||
if (s == NULL) {
|
||||
s = DEFAULT_HOME;
|
||||
diff -up openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2i/crypto/x509/by_dir.c
|
||||
--- openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/x509/by_dir.c 2016-09-22 13:51:30.047746858 +0200
|
||||
diff -up openssl-1.0.2m/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2m/crypto/x509/by_dir.c
|
||||
--- openssl-1.0.2m/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/crypto/x509/by_dir.c 2017-11-13 09:04:24.457214679 +0100
|
||||
@@ -56,6 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
@ -167,9 +167,9 @@ diff -up openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2i/crypto
|
||||
if (dir)
|
||||
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
|
||||
else
|
||||
diff -up openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv openssl-1.0.2i/crypto/x509/by_file.c
|
||||
--- openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv 2016-09-22 13:51:29.812741396 +0200
|
||||
+++ openssl-1.0.2i/crypto/x509/by_file.c 2016-09-22 13:51:30.047746858 +0200
|
||||
diff -up openssl-1.0.2m/crypto/x509/by_file.c.secure-getenv openssl-1.0.2m/crypto/x509/by_file.c
|
||||
--- openssl-1.0.2m/crypto/x509/by_file.c.secure-getenv 2017-11-13 09:04:24.405213466 +0100
|
||||
+++ openssl-1.0.2m/crypto/x509/by_file.c 2017-11-13 09:05:04.115139752 +0100
|
||||
@@ -56,6 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
@ -183,14 +183,14 @@ diff -up openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv openssl-1.0.2i/crypt
|
||||
switch (cmd) {
|
||||
case X509_L_FILE_LOAD:
|
||||
if (argl == X509_FILETYPE_DEFAULT) {
|
||||
- file = (char *)getenv(X509_get_default_cert_file_env());
|
||||
+ file = (char *)secure_getenv(X509_get_default_cert_file_env());
|
||||
- file = getenv(X509_get_default_cert_file_env());
|
||||
+ file = secure_getenv(X509_get_default_cert_file_env());
|
||||
if (file)
|
||||
ok = (X509_load_cert_crl_file(ctx, file,
|
||||
X509_FILETYPE_PEM) != 0);
|
||||
diff -up openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2i/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/x509/x509_vfy.c 2016-09-22 13:51:30.048746881 +0200
|
||||
diff -up openssl-1.0.2m/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2m/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.2m/crypto/x509/x509_vfy.c.secure-getenv 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/crypto/x509/x509_vfy.c 2017-11-13 09:04:24.458214702 +0100
|
||||
@@ -56,6 +56,8 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
@ -209,9 +209,9 @@ diff -up openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2i/cryp
|
||||
allow_proxy_certs = 1;
|
||||
purpose = ctx->param->purpose;
|
||||
}
|
||||
diff -up openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.2i/engines/ccgost/gost_ctl.c
|
||||
--- openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/engines/ccgost/gost_ctl.c 2016-09-22 13:51:30.048746881 +0200
|
||||
diff -up openssl-1.0.2m/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.2m/engines/ccgost/gost_ctl.c
|
||||
--- openssl-1.0.2m/engines/ccgost/gost_ctl.c.secure-getenv 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/engines/ccgost/gost_ctl.c 2017-11-13 09:04:24.458214702 +0100
|
||||
@@ -6,6 +6,8 @@
|
||||
* Implementation of control commands for GOST engine *
|
||||
* OpenSSL 0.9.9 libraries required *
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-1.0.2i/apps/cms.c.trusted-first openssl-1.0.2i/apps/cms.c
|
||||
--- openssl-1.0.2i/apps/cms.c.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/apps/cms.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -646,6 +646,8 @@ int MAIN(int argc, char **argv)
|
||||
diff -up openssl-1.0.2m/apps/cms.c.trusted-first openssl-1.0.2m/apps/cms.c
|
||||
--- openssl-1.0.2m/apps/cms.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
|
||||
+++ openssl-1.0.2m/apps/cms.c 2017-11-13 09:08:18.613672265 +0100
|
||||
@@ -644,6 +644,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -10,9 +10,9 @@ diff -up openssl-1.0.2i/apps/cms.c.trusted-first openssl-1.0.2i/apps/cms.c
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
diff -up openssl-1.0.2i/apps/ocsp.c.trusted-first openssl-1.0.2i/apps/ocsp.c
|
||||
--- openssl-1.0.2i/apps/ocsp.c.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/apps/ocsp.c 2016-09-22 14:01:27.436630359 +0200
|
||||
diff -up openssl-1.0.2m/apps/ocsp.c.trusted-first openssl-1.0.2m/apps/ocsp.c
|
||||
--- openssl-1.0.2m/apps/ocsp.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
|
||||
+++ openssl-1.0.2m/apps/ocsp.c 2017-11-13 09:08:18.613672265 +0100
|
||||
@@ -537,6 +537,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CAfile file trusted certificates file\n");
|
||||
@ -22,10 +22,10 @@ diff -up openssl-1.0.2i/apps/ocsp.c.trusted-first openssl-1.0.2i/apps/ocsp.c
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-VAfile file validator certificates file\n");
|
||||
diff -up openssl-1.0.2i/apps/s_client.c.trusted-first openssl-1.0.2i/apps/s_client.c
|
||||
--- openssl-1.0.2i/apps/s_client.c.trusted-first 2016-09-22 14:01:27.402629569 +0200
|
||||
+++ openssl-1.0.2i/apps/s_client.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -330,6 +330,8 @@ static void sc_usage(void)
|
||||
diff -up openssl-1.0.2m/apps/s_client.c.trusted-first openssl-1.0.2m/apps/s_client.c
|
||||
--- openssl-1.0.2m/apps/s_client.c.trusted-first 2017-11-13 09:08:18.571671320 +0100
|
||||
+++ openssl-1.0.2m/apps/s_client.c 2017-11-13 09:08:18.613672265 +0100
|
||||
@@ -334,6 +334,8 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -34,10 +34,10 @@ diff -up openssl-1.0.2i/apps/s_client.c.trusted-first openssl-1.0.2i/apps/s_clie
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||
diff -up openssl-1.0.2i/apps/smime.c.trusted-first openssl-1.0.2i/apps/smime.c
|
||||
--- openssl-1.0.2i/apps/smime.c.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/apps/smime.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
|
||||
diff -up openssl-1.0.2m/apps/smime.c.trusted-first openssl-1.0.2m/apps/smime.c
|
||||
--- openssl-1.0.2m/apps/smime.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
|
||||
+++ openssl-1.0.2m/apps/smime.c 2017-11-13 09:08:18.614672288 +0100
|
||||
@@ -440,6 +440,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -46,10 +46,10 @@ diff -up openssl-1.0.2i/apps/smime.c.trusted-first openssl-1.0.2i/apps/smime.c
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
diff -up openssl-1.0.2i/apps/s_server.c.trusted-first openssl-1.0.2i/apps/s_server.c
|
||||
--- openssl-1.0.2i/apps/s_server.c.trusted-first 2016-09-22 14:01:27.374628918 +0200
|
||||
+++ openssl-1.0.2i/apps/s_server.c 2016-09-22 14:01:27.437630382 +0200
|
||||
@@ -571,6 +571,8 @@ static void sv_usage(void)
|
||||
diff -up openssl-1.0.2m/apps/s_server.c.trusted-first openssl-1.0.2m/apps/s_server.c
|
||||
--- openssl-1.0.2m/apps/s_server.c.trusted-first 2017-11-13 09:08:18.560671072 +0100
|
||||
+++ openssl-1.0.2m/apps/s_server.c 2017-11-13 09:08:18.614672288 +0100
|
||||
@@ -572,6 +572,8 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -58,9 +58,9 @@ diff -up openssl-1.0.2i/apps/s_server.c.trusted-first openssl-1.0.2i/apps/s_serv
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
diff -up openssl-1.0.2i/apps/s_time.c.trusted-first openssl-1.0.2i/apps/s_time.c
|
||||
--- openssl-1.0.2i/apps/s_time.c.trusted-first 2016-09-22 14:01:27.368628779 +0200
|
||||
+++ openssl-1.0.2i/apps/s_time.c 2016-09-22 14:01:27.437630382 +0200
|
||||
diff -up openssl-1.0.2m/apps/s_time.c.trusted-first openssl-1.0.2m/apps/s_time.c
|
||||
--- openssl-1.0.2m/apps/s_time.c.trusted-first 2017-11-13 09:08:18.526670306 +0100
|
||||
+++ openssl-1.0.2m/apps/s_time.c 2017-11-13 09:08:18.614672288 +0100
|
||||
@@ -182,6 +182,7 @@ static void s_time_usage(void)
|
||||
file if not specified by this option\n\
|
||||
-CApath arg - PEM format directory of CA's\n\
|
||||
@ -69,9 +69,9 @@ diff -up openssl-1.0.2i/apps/s_time.c.trusted-first openssl-1.0.2i/apps/s_time.c
|
||||
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
|
||||
|
||||
printf("usage: s_time <args>\n\n");
|
||||
diff -up openssl-1.0.2i/apps/ts.c.trusted-first openssl-1.0.2i/apps/ts.c
|
||||
--- openssl-1.0.2i/apps/ts.c.trusted-first 2016-09-22 14:01:27.400629522 +0200
|
||||
+++ openssl-1.0.2i/apps/ts.c 2016-09-22 14:01:27.437630382 +0200
|
||||
diff -up openssl-1.0.2m/apps/ts.c.trusted-first openssl-1.0.2m/apps/ts.c
|
||||
--- openssl-1.0.2m/apps/ts.c.trusted-first 2017-11-13 09:08:18.569671275 +0100
|
||||
+++ openssl-1.0.2m/apps/ts.c 2017-11-13 09:08:18.614672288 +0100
|
||||
@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv)
|
||||
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
|
||||
"[-queryfile request.tsq] "
|
||||
@ -81,10 +81,10 @@ diff -up openssl-1.0.2i/apps/ts.c.trusted-first openssl-1.0.2i/apps/ts.c
|
||||
"-untrusted cert_file.pem\n");
|
||||
cleanup:
|
||||
/* Clean up. */
|
||||
diff -up openssl-1.0.2i/apps/verify.c.trusted-first openssl-1.0.2i/apps/verify.c
|
||||
--- openssl-1.0.2i/apps/verify.c.trusted-first 2016-09-22 14:01:27.438630405 +0200
|
||||
+++ openssl-1.0.2i/apps/verify.c 2016-09-22 14:02:37.951269140 +0200
|
||||
@@ -231,7 +231,7 @@ int MAIN(int argc, char **argv)
|
||||
diff -up openssl-1.0.2m/apps/verify.c.trusted-first openssl-1.0.2m/apps/verify.c
|
||||
--- openssl-1.0.2m/apps/verify.c.trusted-first 2017-11-02 15:32:57.000000000 +0100
|
||||
+++ openssl-1.0.2m/apps/verify.c 2017-11-13 09:08:18.615672310 +0100
|
||||
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
|
||||
usage:
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,
|
||||
@ -93,10 +93,10 @@ diff -up openssl-1.0.2i/apps/verify.c.trusted-first openssl-1.0.2i/apps/verify.c
|
||||
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, " [-engine e]");
|
||||
diff -up openssl-1.0.2i/doc/apps/cms.pod.trusted-first openssl-1.0.2i/doc/apps/cms.pod
|
||||
--- openssl-1.0.2i/doc/apps/cms.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/cms.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
||||
diff -up openssl-1.0.2m/doc/apps/cms.pod.trusted-first openssl-1.0.2m/doc/apps/cms.pod
|
||||
--- openssl-1.0.2m/doc/apps/cms.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/cms.pod 2017-11-13 09:08:18.615672310 +0100
|
||||
@@ -36,6 +36,7 @@ B<openssl> B<cms>
|
||||
[B<-print>]
|
||||
[B<-CAfile file>]
|
||||
[B<-CApath dir>]
|
||||
@ -104,7 +104,7 @@ diff -up openssl-1.0.2i/doc/apps/cms.pod.trusted-first openssl-1.0.2i/doc/apps/c
|
||||
[B<-no_alt_chains>]
|
||||
[B<-md digest>]
|
||||
[B<-[cipher]>]
|
||||
@@ -248,6 +249,12 @@ B<-verify>. This directory must be a sta
|
||||
@@ -249,6 +250,12 @@ B<-verify>. This directory must be a sta
|
||||
is a hash of each subject name (using B<x509 -hash>) should be linked
|
||||
to each certificate.
|
||||
|
||||
@ -117,10 +117,10 @@ diff -up openssl-1.0.2i/doc/apps/cms.pod.trusted-first openssl-1.0.2i/doc/apps/c
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.2i/doc/apps/ocsp.pod.trusted-first openssl-1.0.2i/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.2i/doc/apps/ocsp.pod.trusted-first 2016-09-22 14:01:27.401629545 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/ocsp.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
||||
diff -up openssl-1.0.2m/doc/apps/ocsp.pod.trusted-first openssl-1.0.2m/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.2m/doc/apps/ocsp.pod.trusted-first 2017-11-13 09:08:18.569671275 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/ocsp.pod 2017-11-13 09:08:18.615672310 +0100
|
||||
@@ -31,6 +31,7 @@ B<openssl> B<ocsp>
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
@ -128,7 +128,7 @@ diff -up openssl-1.0.2i/doc/apps/ocsp.pod.trusted-first openssl-1.0.2i/doc/apps/
|
||||
[B<-no_alt_chains>]
|
||||
[B<-VAfile file>]
|
||||
[B<-validity_period n>]
|
||||
@@ -144,6 +145,13 @@ connection timeout to the OCSP responder
|
||||
@@ -154,6 +155,13 @@ connection timeout to the OCSP responder
|
||||
file or pathname containing trusted CA certificates. These are used to verify
|
||||
the signature on the OCSP response.
|
||||
|
||||
@ -142,10 +142,10 @@ diff -up openssl-1.0.2i/doc/apps/ocsp.pod.trusted-first openssl-1.0.2i/doc/apps/
|
||||
=item B<-no_alt_chains>
|
||||
|
||||
See L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2i/doc/apps/s_client.pod.trusted-first openssl-1.0.2i/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2i/doc/apps/s_client.pod.trusted-first 2016-09-22 14:01:27.412629801 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/s_client.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
|
||||
diff -up openssl-1.0.2m/doc/apps/s_client.pod.trusted-first openssl-1.0.2m/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_client.pod.trusted-first 2017-11-13 09:08:18.582671567 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_client.pod 2017-11-13 09:08:18.615672310 +0100
|
||||
@@ -20,6 +20,7 @@ B<openssl> B<s_client>
|
||||
[B<-pass arg>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
@ -153,7 +153,7 @@ diff -up openssl-1.0.2i/doc/apps/s_client.pod.trusted-first openssl-1.0.2i/doc/a
|
||||
[B<-no_alt_chains>]
|
||||
[B<-reconnect>]
|
||||
[B<-pause>]
|
||||
@@ -125,7 +126,7 @@ also used when building the client certi
|
||||
@@ -129,7 +130,7 @@ also used when building the client certi
|
||||
A file containing trusted certificates to use during server authentication
|
||||
and to use when attempting to build the client certificate chain.
|
||||
|
||||
@ -162,10 +162,10 @@ diff -up openssl-1.0.2i/doc/apps/s_client.pod.trusted-first openssl-1.0.2i/doc/a
|
||||
|
||||
Set various certificate chain valiadition option. See the
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2i/doc/apps/smime.pod.trusted-first openssl-1.0.2i/doc/apps/smime.pod
|
||||
--- openssl-1.0.2i/doc/apps/smime.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/smime.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -15,6 +15,9 @@ B<openssl> B<smime>
|
||||
diff -up openssl-1.0.2m/doc/apps/smime.pod.trusted-first openssl-1.0.2m/doc/apps/smime.pod
|
||||
--- openssl-1.0.2m/doc/apps/smime.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/smime.pod 2017-11-13 09:08:18.615672310 +0100
|
||||
@@ -16,6 +16,9 @@ B<openssl> B<smime>
|
||||
[B<-pk7out>]
|
||||
[B<-[cipher]>]
|
||||
[B<-in file>]
|
||||
@ -175,7 +175,7 @@ diff -up openssl-1.0.2i/doc/apps/smime.pod.trusted-first openssl-1.0.2i/doc/apps
|
||||
[B<-no_alt_chains>]
|
||||
[B<-certfile file>]
|
||||
[B<-signer file>]
|
||||
@@ -150,6 +153,12 @@ B<-verify>. This directory must be a sta
|
||||
@@ -151,6 +154,12 @@ B<-verify>. This directory must be a sta
|
||||
is a hash of each subject name (using B<x509 -hash>) should be linked
|
||||
to each certificate.
|
||||
|
||||
@ -188,18 +188,18 @@ diff -up openssl-1.0.2i/doc/apps/smime.pod.trusted-first openssl-1.0.2i/doc/apps
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.2i/doc/apps/s_server.pod.trusted-first openssl-1.0.2i/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2i/doc/apps/s_server.pod.trusted-first 2016-09-22 14:01:27.412629801 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/s_server.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
|
||||
diff -up openssl-1.0.2m/doc/apps/s_server.pod.trusted-first openssl-1.0.2m/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_server.pod.trusted-first 2017-11-13 09:08:18.583671590 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_server.pod 2017-11-13 09:09:04.706710088 +0100
|
||||
@@ -34,6 +34,7 @@ B<openssl> B<s_server>
|
||||
[B<-state>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-nocert>]
|
||||
[B<-cipher cipherlist>]
|
||||
@@ -178,6 +179,12 @@ and to use when attempting to build the
|
||||
[B<-client_sigalgs sigalglist>]
|
||||
@@ -183,6 +184,12 @@ and to use when attempting to build the
|
||||
is also used in the list of acceptable client CAs passed to the client when
|
||||
a certificate is requested.
|
||||
|
||||
@ -212,10 +212,10 @@ diff -up openssl-1.0.2i/doc/apps/s_server.pod.trusted-first openssl-1.0.2i/doc/a
|
||||
=item B<-no_alt_chains>
|
||||
|
||||
See the L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2i/doc/apps/s_time.pod.trusted-first openssl-1.0.2i/doc/apps/s_time.pod
|
||||
--- openssl-1.0.2i/doc/apps/s_time.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/s_time.pod 2016-09-22 14:01:27.439630429 +0200
|
||||
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
|
||||
diff -up openssl-1.0.2m/doc/apps/s_time.pod.trusted-first openssl-1.0.2m/doc/apps/s_time.pod
|
||||
--- openssl-1.0.2m/doc/apps/s_time.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/s_time.pod 2017-11-13 09:08:18.616672333 +0100
|
||||
@@ -15,6 +15,7 @@ B<openssl> B<s_time>
|
||||
[B<-key filename>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
@ -223,7 +223,7 @@ diff -up openssl-1.0.2i/doc/apps/s_time.pod.trusted-first openssl-1.0.2i/doc/app
|
||||
[B<-reuse>]
|
||||
[B<-new>]
|
||||
[B<-verify depth>]
|
||||
@@ -76,6 +77,12 @@ also used when building the client certi
|
||||
@@ -77,6 +78,12 @@ also used when building the client certi
|
||||
A file containing trusted certificates to use during server authentication
|
||||
and to use when attempting to build the client certificate chain.
|
||||
|
||||
@ -236,10 +236,10 @@ diff -up openssl-1.0.2i/doc/apps/s_time.pod.trusted-first openssl-1.0.2i/doc/app
|
||||
=item B<-new>
|
||||
|
||||
performs the timing test using a new session ID for each connection.
|
||||
diff -up openssl-1.0.2i/doc/apps/ts.pod.trusted-first openssl-1.0.2i/doc/apps/ts.pod
|
||||
--- openssl-1.0.2i/doc/apps/ts.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/ts.pod 2016-09-22 14:01:27.439630429 +0200
|
||||
@@ -46,6 +46,7 @@ B<-verify>
|
||||
diff -up openssl-1.0.2m/doc/apps/ts.pod.trusted-first openssl-1.0.2m/doc/apps/ts.pod
|
||||
--- openssl-1.0.2m/doc/apps/ts.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/ts.pod 2017-11-13 09:08:18.616672333 +0100
|
||||
@@ -47,6 +47,7 @@ B<-verify>
|
||||
[B<-token_in>]
|
||||
[B<-CApath> trusted_cert_path]
|
||||
[B<-CAfile> trusted_certs.pem]
|
||||
@ -247,7 +247,7 @@ diff -up openssl-1.0.2i/doc/apps/ts.pod.trusted-first openssl-1.0.2i/doc/apps/ts
|
||||
[B<-untrusted> cert_file.pem]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
|
||||
@@ -325,6 +326,12 @@ L<verify(1)|verify(1)> for additional de
|
||||
or B<-CApath> must be specified.
|
||||
(Optional)
|
||||
|
||||
@ -260,10 +260,10 @@ diff -up openssl-1.0.2i/doc/apps/ts.pod.trusted-first openssl-1.0.2i/doc/apps/ts
|
||||
=item B<-untrusted> cert_file.pem
|
||||
|
||||
Set of additional untrusted certificates in PEM format which may be
|
||||
diff -up openssl-1.0.2i/doc/apps/verify.pod.trusted-first openssl-1.0.2i/doc/apps/verify.pod
|
||||
--- openssl-1.0.2i/doc/apps/verify.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/verify.pod 2016-09-22 14:01:27.439630429 +0200
|
||||
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
||||
diff -up openssl-1.0.2m/doc/apps/verify.pod.trusted-first openssl-1.0.2m/doc/apps/verify.pod
|
||||
--- openssl-1.0.2m/doc/apps/verify.pod.trusted-first 2017-11-02 15:32:58.000000000 +0100
|
||||
+++ openssl-1.0.2m/doc/apps/verify.pod 2017-11-13 09:08:18.616672333 +0100
|
||||
@@ -10,6 +10,7 @@ verify - Utility to verify certificates.
|
||||
B<openssl> B<verify>
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile file>]
|
||||
@ -271,7 +271,7 @@ diff -up openssl-1.0.2i/doc/apps/verify.pod.trusted-first openssl-1.0.2i/doc/app
|
||||
[B<-purpose purpose>]
|
||||
[B<-policy arg>]
|
||||
[B<-ignore_critical>]
|
||||
@@ -86,6 +87,12 @@ If a valid CRL cannot be found an error
|
||||
@@ -87,6 +88,12 @@ If a valid CRL cannot be found an error
|
||||
A file of untrusted certificates. The file should contain multiple certificates
|
||||
in PEM format concatenated together.
|
||||
|
20
openssl.spec
20
openssl.spec
@ -22,7 +22,7 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.2k
|
||||
Version: 1.0.2m
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
@ -57,8 +57,8 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||
Patch34: openssl-1.0.2a-x509.patch
|
||||
Patch35: openssl-1.0.2a-version-add-engines.patch
|
||||
Patch39: openssl-1.0.2a-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.2i-fips.patch
|
||||
Patch43: openssl-1.0.2j-krb5keytab.patch
|
||||
Patch40: openssl-1.0.2m-fips.patch
|
||||
Patch43: openssl-1.0.2m-krb5keytab.patch
|
||||
Patch45: openssl-1.0.2a-env-zlib.patch
|
||||
Patch47: openssl-1.0.2a-readme-warning.patch
|
||||
Patch49: openssl-1.0.1i-algo-doc.patch
|
||||
@ -70,9 +70,9 @@ Patch60: openssl-1.0.2a-apps-dgst.patch
|
||||
Patch63: openssl-1.0.2a-xmpp-starttls.patch
|
||||
Patch65: openssl-1.0.2i-chil-fixes.patch
|
||||
Patch66: openssl-1.0.2h-pkgconfig.patch
|
||||
Patch68: openssl-1.0.2i-secure-getenv.patch
|
||||
Patch68: openssl-1.0.2m-secure-getenv.patch
|
||||
Patch70: openssl-1.0.2a-fips-ec.patch
|
||||
Patch71: openssl-1.0.2g-manfix.patch
|
||||
Patch71: openssl-1.0.2m-manfix.patch
|
||||
Patch72: openssl-1.0.2a-fips-ctor.patch
|
||||
Patch73: openssl-1.0.2c-ecc-suiteb.patch
|
||||
Patch74: openssl-1.0.2j-deprecate-algos.patch
|
||||
@ -86,11 +86,11 @@ Patch93: openssl-1.0.2g-disable-sslv2v3.patch
|
||||
Patch94: openssl-1.0.2d-secp256k1.patch
|
||||
Patch95: openssl-1.0.2e-remove-nistp224.patch
|
||||
Patch96: openssl-1.0.2e-speed-doc.patch
|
||||
Patch99: openssl-1.0.2k-fips-randlock.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch80: openssl-1.0.2e-wrap-pad.patch
|
||||
Patch81: openssl-1.0.2a-padlock64.patch
|
||||
Patch82: openssl-1.0.2i-trusted-first-doc.patch
|
||||
Patch83: openssl-1.0.2k-backports.patch
|
||||
Patch82: openssl-1.0.2m-trusted-first-doc.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -212,11 +212,11 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
%patch94 -p1 -b .secp256k1
|
||||
%patch95 -p1 -b .nistp224
|
||||
%patch96 -p1 -b .speed-doc
|
||||
%patch99 -p1 -b .randlock
|
||||
|
||||
%patch80 -p1 -b .wrap
|
||||
%patch81 -p1 -b .padlock64
|
||||
%patch82 -p1 -b .trusted-first
|
||||
%patch83 -p1 -b .backports
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
@ -517,6 +517,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Mon Nov 13 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2m-1
|
||||
- minor upstream release 1.0.2k fixing security issues
|
||||
- fix locking of RNG in FIPS mode for some obscure use-cases
|
||||
|
||||
* Mon Feb 6 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2k-1
|
||||
- minor upstream release 1.0.2k fixing security issues
|
||||
- deprecate and disable verification of insecure hash algorithms
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (openssl-1.0.2k-hobbled.tar.xz) = f702b9a18f4500f0263e0c1fc09985a8caf72c8bcb744b8d3683a49ec889120b1b595db42f2a66cae722312736b09236a0911548590d318382a2981f35fed533
|
||||
SHA512 (openssl-1.0.2m-hobbled.tar.xz) = 6f12a3da610e6824dac5a9eee1384038aaf91b11f9c720cadef5a103d763e8816af1d3d472ca325868a6442311541013fb2eca65334297e14a241c91092fd589
|
||||
|
Loading…
Reference in New Issue
Block a user