main/openssl: upgrade to 1.0.2 and rebase all patches

1 files changed, 104 insertions, 0 deletions

diff --git a/main/openssl/0004-fix-default-ca-path-for-apps.patch b/main/openssl/0004-fix-default-ca-path-for-apps.patch
new file mode 100644
index 0000000000..6e17a71f3a
--- /dev/null
+++ b/main/openssl/0004-fix-default-ca-path-for-apps.patch
@@ -0,0 +1,104 @@
+From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 08:52:05 +0200
+Subject: [PATCH] fix default ca path for apps
+
+---
+ apps/s_client.c | 13 ++++++-------
+ apps/s_server.c | 22 ++++++++++++++--------
+ apps/s_time.c   | 13 ++++++-------
+ 3 files changed, 26 insertions(+), 22 deletions(-)
+
+diff --git a/apps/s_client.c b/apps/s_client.c
+index b1152aa..8aee02a 100644
+--- a/apps/s_client.c
++++ b/apps/s_client.c
+@@ -1337,13 +1337,12 @@ int MAIN(int argc, char **argv)
+ 
+     SSL_CTX_set_verify(ctx, verify, verify_callback);
+ 
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+-        (!SSL_CTX_set_default_verify_paths(ctx))) {
+-        /*
+-         * BIO_printf(bio_err,"error setting default verify locations\n");
+-         */
+-        ERR_print_errors(bio_err);
+-        /* goto end; */
++    if (CAfile == NULL && CApath == NULL) {
++        if (!SSL_CTX_set_default_verify_paths(ctx))
++            ERR_print_errors(bio_err);
++    } else {
++        if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
++            ERR_print_errors(bio_err);
+     }
+ 
+     ssl_ctx_add_crls(ctx, crls, crl_download);
+diff --git a/apps/s_server.c b/apps/s_server.c
+index baa2455..2d5dc97 100644
+--- a/apps/s_server.c
++++ b/apps/s_server.c
+@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[])
+     }
+ #endif
+ 
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+-        (!SSL_CTX_set_default_verify_paths(ctx))) {
+-        /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+-        ERR_print_errors(bio_err);
+-        /* goto end; */
++    if (CAfile == NULL && CApath == NULL) {
++        if (!SSL_CTX_set_default_verify_paths(ctx))
++            ERR_print_errors(bio_err);
++    } else {
++        if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
++            ERR_print_errors(bio_err);
+     }
++
+     if (vpm)
+         SSL_CTX_set1_param(ctx, vpm);
+ 
+@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[])
+         else
+             SSL_CTX_sess_set_cache_size(ctx2, 128);
+ 
+-        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
+-            (!SSL_CTX_set_default_verify_paths(ctx2))) {
+-            ERR_print_errors(bio_err);
++        if (CAfile == NULL && CApath == NULL) {
++            if (!SSL_CTX_set_default_verify_paths(ctx2))
++                ERR_print_errors(bio_err);
++        } else {
++            if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath))
++                ERR_print_errors(bio_err);
+         }
++
+         if (vpm)
+             SSL_CTX_set1_param(ctx2, vpm);
+ 
+diff --git a/apps/s_time.c b/apps/s_time.c
+index 5846f3a..c8f371a 100644
+--- a/apps/s_time.c
++++ b/apps/s_time.c
+@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
+ 
+     SSL_load_error_strings();
+ 
+-    if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+-        (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
+-        /*
+-         * BIO_printf(bio_err,"error setting default verify locations\n");
+-         */
+-        ERR_print_errors(bio_err);
+-        /* goto end; */
++    if (CAfile == NULL && CApath == NULL) {
++        if (!SSL_CTX_set_default_verify_paths(tm_ctx))
++            ERR_print_errors(bio_err);
++    } else {
++        if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath))
++            ERR_print_errors(bio_err);
+     }
+ 
+     if (tm_cipher == NULL)
+-- 
+2.2.2
+