[csw-devel] SF.net SVN: gar:[18120] csw/mgar/pkg/openssl1/trunk/files/ block_bad_certificates.patch

chninkel at users.sourceforge.net chninkel at users.sourceforge.net
Fri May 25 22:36:27 CEST 2012 

Revision: 18120
          http://gar.svn.sourceforge.net/gar/?rev=18120&view=rev
Author:   chninkel
Date:     2012-05-25 20:36:27 +0000 (Fri, 25 May 2012)
Log Message:
-----------
openssl1/trunk: fixed the block_bad_certificates.patch

Modified Paths:
--------------
    csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch

Modified: csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch	2012-05-25 13:24:03 UTC (rev 18119)
+++ csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch	2012-05-25 20:36:27 UTC (rev 18120)
@@ -1,24 +1,15 @@
-From: Raphael Geissert <geissert at debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Origin: vendor
-Forwarded: not-needed
-Last-Update: 2011-09-07
-Bug: http://bugs.debian.org/639744
-
-diff -urpN openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c
---- openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c	2009-06-26 06:34:21.000000000 -0500
-+++ openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c	2011-09-07 21:23:58.000000000 -0500
-@@ -78,6 +78,7 @@ static int check_trust(X509_STORE_CTX *c
+diff -ur openssl-1.0.1c.orig/crypto/x509/x509_vfy.c openssl-1.0.1c/crypto/x509/x509_vfy.c
+--- openssl-1.0.1c.orig/crypto/x509/x509_vfy.c	2011-09-23 15:39:35.000000000 +0200
++++ openssl-1.0.1c/crypto/x509/x509_vfy.c	2012-05-24 23:04:15.639610399 +0200
+@@ -117,6 +117,7 @@
  static int check_revocation(X509_STORE_CTX *ctx);
  static int check_cert(X509_STORE_CTX *ctx);
  static int check_policy(X509_STORE_CTX *ctx);
 +static int check_ca_blacklist(X509_STORE_CTX *ctx);
-
+ 
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
  			unsigned int *preasons,
- 			X509_CRL *crl, X509 *x);
-@@ -312,6 +313,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+@@ -369,6 +370,9 @@
  		ok=internal_verify(ctx);
  	if(!ok) goto end;
  
@@ -28,7 +19,7 @@
  #ifndef OPENSSL_NO_RFC3779
  	/* RFC 3779 path validation, now that CRL check has been done */
  	ok = v3_asid_validate_path(ctx);
-@@ -661,6 +666,30 @@ static int check_crl_time(X509_STORE_CTX
+@@ -816,6 +820,31 @@
  	return 1;
  	}
  
@@ -56,6 +47,7 @@
 +	return 1;
 +	}
 +
- /* Lookup CRLs from the supplied list. Look for matching isser name
-  * and validity. If we can't find a valid CRL return the last one
-  * with matching name. This gives more meaningful error codes. Otherwise
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+ 			X509 **pissuer, int *pscore, unsigned int *preasons,
+ 			STACK_OF(X509_CRL) *crls)

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list