Browse Source
Changes between 1.0.1e and 1.0.1f [6 Jan 2014] *) Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) *) Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need to be resent. (CVE-2013-6450) [Steve Henson] *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. [Rob Stradling, Adam Langley]stable/0.6
2 changed files with 3 additions and 49 deletions
@ -1,46 +0,0 @@ |
|||||||
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
|
||||||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
|
||||||
#
|
|
||||||
# Filename: package/.../openssl/openssl-1.0.1e-SSL_get_certificate.patch
|
|
||||||
# Copyright (C) 2013 The OpenSDE Project
|
|
||||||
#
|
|
||||||
# More information can be found in the files COPYING and README.
|
|
||||||
#
|
|
||||||
# This patch file is dual-licensed. It is available under the license the
|
|
||||||
# patched project is licensed under, as long as it is an OpenSource license
|
|
||||||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
|
||||||
# of the GNU General Public License as published by the Free Software
|
|
||||||
# Foundation; either version 2 of the License, or (at your option) any later
|
|
||||||
# version.
|
|
||||||
# --- SDE-COPYRIGHT-NOTE-END ---
|
|
||||||
|
|
||||||
From 147dbb2fe3bead7a10e2f280261b661ce7af7adc Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Dr. Stephen Henson" <[email protected]>
|
|
||||||
Date: Mon, 11 Feb 2013 18:24:03 +0000
|
|
||||||
Subject: [PATCH] Fix for SSL_get_certificate
|
|
||||||
|
|
||||||
Now we set the current certificate to the one used by a server
|
|
||||||
there is no need to call ssl_get_server_send_cert which will
|
|
||||||
fail if we haven't sent a certificate yet.
|
|
||||||
---
|
|
||||||
ssl/ssl_lib.c | 4 +---
|
|
||||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
|
||||||
index 14d143d..ff5a85a 100644
|
|
||||||
--- a/ssl/ssl_lib.c
|
|
||||||
+++ b/ssl/ssl_lib.c
|
|
||||||
@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
|
|
||||||
/* Fix this function so that it takes an optional type parameter */
|
|
||||||
X509 *SSL_get_certificate(const SSL *s)
|
|
||||||
{
|
|
||||||
- if (s->server)
|
|
||||||
- return(ssl_get_server_send_cert(s));
|
|
||||||
- else if (s->cert != NULL)
|
|
||||||
+ if (s->cert != NULL)
|
|
||||||
return(s->cert->key->x509);
|
|
||||||
else
|
|
||||||
return(NULL);
|
|
||||||
--
|
|
||||||
1.7.9.5
|
|
||||||
|
|
Loading…
Reference in new issue