diff options
author | Timo Teräs <timo.teras@iki.fi> | 2013-06-15 19:45:12 +0300 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-03 13:36:34 +0000 |
commit | 4b76335f8ece39f111b32e4092d5f5c1e134be4a (patch) | |
tree | d8b12271627c5611d797c73751e40ed0d8407c78 | |
parent | 97c3ecede9d0feee851856364206b71a4a7466cb (diff) | |
download | alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.tar.bz2 alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.tar.xz alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.zip |
main/openssl: fix openssl tools default CApath
Apply patch from openssl rt.
(cherry picked from commit 095daa82b97cc5dd0de237e470e155476a3bc256)
-rw-r--r-- | main/openssl/APKBUILD | 14 | ||||
-rw-r--r-- | main/openssl/fix-default-apps-capath.patch | 102 |
2 files changed, 111 insertions, 5 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index aef1505971..f0dfc3f085 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Timo Teras <timo.teras@iki.fi> | 1 | # Maintainer: Timo Teras <timo.teras@iki.fi> |
2 | pkgname=openssl | 2 | pkgname=openssl |
3 | pkgver=1.0.1e | 3 | pkgver=1.0.1e |
4 | pkgrel=1 | 4 | pkgrel=2 |
5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" | 5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" |
6 | url="http://openssl.org" | 6 | url="http://openssl.org" |
7 | depends= | 7 | depends= |
@@ -20,7 +20,8 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz | |||
20 | 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 20 | 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
21 | 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 21 | 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
22 | 0005-s_client-ircv3-starttls.patch | 22 | 0005-s_client-ircv3-starttls.patch |
23 | openssl-1.0.1-version-eglibc.patch" | 23 | openssl-1.0.1-version-eglibc.patch |
24 | fix-default-apps-capath.patch" | ||
24 | 25 | ||
25 | _builddir="$srcdir"/$pkgname-$pkgver | 26 | _builddir="$srcdir"/$pkgname-$pkgver |
26 | 27 | ||
@@ -97,7 +98,8 @@ ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESH | |||
97 | cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 98 | cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
98 | c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 99 | c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
99 | c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch | 100 | c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch |
100 | d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch" | 101 | d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch |
102 | efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch" | ||
101 | sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz | 103 | sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz |
102 | fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch | 104 | fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch |
103 | 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch | 105 | 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch |
@@ -106,7 +108,8 @@ fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.p | |||
106 | cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 108 | cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
107 | 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 109 | 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
108 | 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch | 110 | 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch |
109 | 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch" | 111 | 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch |
112 | 1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch" | ||
110 | sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz | 113 | sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz |
111 | 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch | 114 | 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch |
112 | 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch | 115 | 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch |
@@ -115,4 +118,5 @@ ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa | |||
115 | b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 118 | b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
116 | 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 119 | 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
117 | 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch | 120 | 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch |
118 | 6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch" | 121 | 6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch |
122 | f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch" | ||
diff --git a/main/openssl/fix-default-apps-capath.patch b/main/openssl/fix-default-apps-capath.patch new file mode 100644 index 0000000000..4c48f26612 --- /dev/null +++ b/main/openssl/fix-default-apps-capath.patch | |||
@@ -0,0 +1,102 @@ | |||
1 | http://rt.openssl.org/Ticket/Display.html?id=2936&user=guest&pass=guest | ||
2 | |||
3 | diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c | ||
4 | --- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100 | ||
5 | +++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100 | ||
6 | @@ -1166,12 +1166,19 @@ bad: | ||
7 | if (!set_cert_key_stuff(ctx,cert,key)) | ||
8 | goto end; | ||
9 | |||
10 | - if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || | ||
11 | - (!SSL_CTX_set_default_verify_paths(ctx))) | ||
12 | + if (CAfile == NULL && CApath == NULL) | ||
13 | { | ||
14 | - /* BIO_printf(bio_err,"error setting default verify locations\n"); */ | ||
15 | - ERR_print_errors(bio_err); | ||
16 | - /* goto end; */ | ||
17 | + if (!SSL_CTX_set_default_verify_paths(ctx)) | ||
18 | + { | ||
19 | + ERR_print_errors(bio_err); | ||
20 | + } | ||
21 | + } | ||
22 | + else | ||
23 | + { | ||
24 | + if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) | ||
25 | + { | ||
26 | + ERR_print_errors(bio_err); | ||
27 | + } | ||
28 | } | ||
29 | |||
30 | #ifndef OPENSSL_NO_TLSEXT | ||
31 | diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c | ||
32 | --- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100 | ||
33 | +++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100 | ||
34 | @@ -1565,13 +1565,21 @@ bad: | ||
35 | } | ||
36 | #endif | ||
37 | |||
38 | - if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || | ||
39 | - (!SSL_CTX_set_default_verify_paths(ctx))) | ||
40 | + if (CAfile == NULL && CApath == NULL) | ||
41 | { | ||
42 | - /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ | ||
43 | - ERR_print_errors(bio_err); | ||
44 | - /* goto end; */ | ||
45 | + if (!SSL_CTX_set_default_verify_paths(ctx)) | ||
46 | + { | ||
47 | + ERR_print_errors(bio_err); | ||
48 | + } | ||
49 | + } | ||
50 | + else | ||
51 | + { | ||
52 | + if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) | ||
53 | + { | ||
54 | + ERR_print_errors(bio_err); | ||
55 | + } | ||
56 | } | ||
57 | + | ||
58 | if (vpm) | ||
59 | SSL_CTX_set1_param(ctx, vpm); | ||
60 | |||
61 | @@ -1622,8 +1630,11 @@ bad: | ||
62 | else | ||
63 | SSL_CTX_sess_set_cache_size(ctx2,128); | ||
64 | |||
65 | - if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || | ||
66 | - (!SSL_CTX_set_default_verify_paths(ctx2))) | ||
67 | + if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) | ||
68 | + { | ||
69 | + ERR_print_errors(bio_err); | ||
70 | + } | ||
71 | + if (!SSL_CTX_set_default_verify_paths(ctx2)) | ||
72 | { | ||
73 | ERR_print_errors(bio_err); | ||
74 | } | ||
75 | diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c | ||
76 | --- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200 | ||
77 | +++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100 | ||
78 | @@ -373,12 +373,19 @@ int MAIN(int argc, char **argv) | ||
79 | |||
80 | SSL_load_error_strings(); | ||
81 | |||
82 | - if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || | ||
83 | - (!SSL_CTX_set_default_verify_paths(tm_ctx))) | ||
84 | + if (CAfile == NULL && CApath == NULL) | ||
85 | { | ||
86 | - /* BIO_printf(bio_err,"error setting default verify locations\n"); */ | ||
87 | - ERR_print_errors(bio_err); | ||
88 | - /* goto end; */ | ||
89 | + if (!SSL_CTX_set_default_verify_paths(tm_ctx)) | ||
90 | + { | ||
91 | + ERR_print_errors(bio_err); | ||
92 | + } | ||
93 | + } | ||
94 | + else | ||
95 | + { | ||
96 | + if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) | ||
97 | + { | ||
98 | + ERR_print_errors(bio_err); | ||
99 | + } | ||
100 | } | ||
101 | |||
102 | if (tm_cipher == NULL) | ||