diff options
Diffstat (limited to 'main/openssl/fix-default-apps-capath.patch')
| -rw-r--r-- | main/openssl/fix-default-apps-capath.patch | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/main/openssl/fix-default-apps-capath.patch b/main/openssl/fix-default-apps-capath.patch new file mode 100644 index 0000000000..4c48f26612 --- /dev/null +++ b/main/openssl/fix-default-apps-capath.patch @@ -0,0 +1,102 @@ +http://rt.openssl.org/Ticket/Display.html?id=2936&user=guest&pass=guest + +diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c +--- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100 ++++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100 +@@ -1166,12 +1166,19 @@ bad: + if (!set_cert_key_stuff(ctx,cert,key)) + goto end; + +- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx))) ++ if (CAfile == NULL && CApath == NULL) + { +- /* BIO_printf(bio_err,"error setting default verify locations\n"); */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (!SSL_CTX_set_default_verify_paths(ctx)) ++ { ++ ERR_print_errors(bio_err); ++ } ++ } ++ else ++ { ++ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ++ { ++ ERR_print_errors(bio_err); ++ } + } + + #ifndef OPENSSL_NO_TLSEXT +diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c +--- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100 ++++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100 +@@ -1565,13 +1565,21 @@ bad: + } + #endif + +- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx))) ++ if (CAfile == NULL && CApath == NULL) + { +- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (!SSL_CTX_set_default_verify_paths(ctx)) ++ { ++ ERR_print_errors(bio_err); ++ } ++ } ++ else ++ { ++ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ++ { ++ ERR_print_errors(bio_err); ++ } + } ++ + if (vpm) + SSL_CTX_set1_param(ctx, vpm); + +@@ -1622,8 +1630,11 @@ bad: + else + SSL_CTX_sess_set_cache_size(ctx2,128); + +- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || +- (!SSL_CTX_set_default_verify_paths(ctx2))) ++ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ++ { ++ ERR_print_errors(bio_err); ++ } ++ if (!SSL_CTX_set_default_verify_paths(ctx2)) + { + ERR_print_errors(bio_err); + } +diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c +--- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200 ++++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100 +@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv) + + SSL_load_error_strings(); + +- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || +- (!SSL_CTX_set_default_verify_paths(tm_ctx))) ++ if (CAfile == NULL && CApath == NULL) + { +- /* BIO_printf(bio_err,"error setting default verify locations\n"); */ +- ERR_print_errors(bio_err); +- /* goto end; */ ++ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) ++ { ++ ERR_print_errors(bio_err); ++ } ++ } ++ else ++ { ++ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ++ { ++ ERR_print_errors(bio_err); ++ } + } + + if (tm_cipher == NULL) |