rpms/openssl/devel openssl-0.9.8g-no-extssl.patch, 1.1, 1.2 openssl.spec, 1.111, 1.112
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Sun Aug 10 19:45:58 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/openssl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5646
Modified Files:
openssl-0.9.8g-no-extssl.patch openssl.spec
Log Message:
* Sun Aug 10 2008 Tomas Mraz <tmraz at redhat.com> 0.9.8g-11
- do not add tls extensions to server hello for SSLv3 either
openssl-0.9.8g-no-extssl.patch:
Index: openssl-0.9.8g-no-extssl.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl-0.9.8g-no-extssl.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssl-0.9.8g-no-extssl.patch 13 Dec 2007 17:16:43 -0000 1.1
+++ openssl-0.9.8g-no-extssl.patch 10 Aug 2008 19:45:27 -0000 1.2
@@ -1,17 +1,27 @@
-Skip adding tls extensions to client hello when protocol version is
-not TLS.
diff -up openssl-0.9.8g/ssl/t1_lib.c.no-extssl openssl-0.9.8g/ssl/t1_lib.c
--- openssl-0.9.8g/ssl/t1_lib.c.no-extssl 2007-10-19 09:44:10.000000000 +0200
-+++ openssl-0.9.8g/ssl/t1_lib.c 2007-12-13 17:22:10.000000000 +0100
++++ openssl-0.9.8g/ssl/t1_lib.c 2008-08-10 21:42:11.000000000 +0200
@@ -132,6 +132,11 @@ unsigned char *ssl_add_clienthello_tlsex
int extdatalen=0;
unsigned char *ret = p;
+ if (s->client_version != TLS1_VERSION && s->client_version != DTLS1_VERSION)
-+ {
++ {
+ return ret;
-+ }
++ }
+
ret+=2;
if (ret>=limit) return NULL; /* this really never occurs, but ... */
+@@ -202,6 +207,11 @@ unsigned char *ssl_add_serverhello_tlsex
+ int extdatalen=0;
+ unsigned char *ret = p;
+
++ if (s->version != TLS1_VERSION && s->version != DTLS1_VERSION)
++ {
++ return ret;
++ }
++
+ ret+=2;
+ if (ret>=limit) return NULL; /* this really never occurs, but ... */
+
Index: openssl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssl/devel/openssl.spec,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -r1.111 -r1.112
--- openssl.spec 2 Jun 2008 11:31:55 -0000 1.111
+++ openssl.spec 10 Aug 2008 19:45:27 -0000 1.112
@@ -22,7 +22,7 @@
Summary: The OpenSSL toolkit
Name: openssl
Version: 0.9.8g
-Release: 10%{?dist}
+Release: 11%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2
@@ -368,6 +368,9 @@
%postun -p /sbin/ldconfig
%changelog
+* Sun Aug 10 2008 Tomas Mraz <tmraz at redhat.com> 0.9.8g-11
+- do not add tls extensions to server hello for SSLv3 either
+
* Mon Jun 2 2008 Joe Orton <jorton at redhat.com> 0.9.8g-10
- move root CA bundle to ca-certificates package
More information about the fedora-extras-commits
mailing list