main/openssl: security upgrade to 1.0.2b

CVE-2015-1788 Malformed ECParameters causes infinite loop
CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790 PKCS7 crash with missing EnvelopedContent
CVE-2015-1792 CMS verify infinite loop with unknown hash function
CVE-2015-1791 Race condition handling NewSessionTicket

1 files changed, 0 insertions, 25 deletions

diff --git a/main/openssl/0004-fix-default-ca-path-for-apps.patch b/main/openssl/0004-fix-default-ca-path-for-apps.patch
index 6e17a71f3a..c2c53184a6 100644
--- a/main/openssl/0004-fix-default-ca-path-for-apps.patch
+++ b/main/openssl/0004-fix-default-ca-path-for-apps.patch
@@ -4,35 +4,10 @@ Date: Thu, 5 Feb 2015 08:52:05 +0200
 Subject: [PATCH] fix default ca path for apps
 
 ---
- apps/s_client.c | 13 ++++++-------
  apps/s_server.c | 22 ++++++++++++++--------
  apps/s_time.c   | 13 ++++++-------
  3 files changed, 26 insertions(+), 22 deletions(-)
 
-diff --git a/apps/s_client.c b/apps/s_client.c
-index b1152aa..8aee02a 100644
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -1337,13 +1337,12 @@ int MAIN(int argc, char **argv)
- 
-     SSL_CTX_set_verify(ctx, verify, verify_callback);
- 
--    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
--        (!SSL_CTX_set_default_verify_paths(ctx))) {
--        /*
--         * BIO_printf(bio_err,"error setting default verify locations\n");
--         */
--        ERR_print_errors(bio_err);
--        /* goto end; */
-+    if (CAfile == NULL && CApath == NULL) {
-+        if (!SSL_CTX_set_default_verify_paths(ctx))
-+            ERR_print_errors(bio_err);
-+    } else {
-+        if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
-+            ERR_print_errors(bio_err);
-     }
- 
-     ssl_ctx_add_crls(ctx, crls, crl_download);
 diff --git a/apps/s_server.c b/apps/s_server.c
 index baa2455..2d5dc97 100644
 --- a/apps/s_server.c