public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: disable verification of certificate, CRL, and OCSP signatures using MD5
Date: Tue, 09 Jun 2026 12:43:08 GMT [thread overview]
Message-ID: <178100898888.1.15393310675436311070.rpms-openssl-dcd0fb1ec9e2@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : dcd0fb1ec9e2ef9bace5473cb3924a8d867ce84b
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2013-11-13T19:42:54+01:00
Stats : +10/-1 in 1 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/dcd0fb1ec9e2ef9bace5473cb3924a8d867ce84b?branch=rebase_40beta
Log:
disable verification of certificate, CRL, and OCSP signatures using MD5
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
---
diff --git a/openssl.spec b/openssl.spec
index b1a0022..f85f646 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1e
-Release: 31%{?dist}
+Release: 32%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -74,6 +74,7 @@ Patch70: openssl-1.0.1e-fips-ec.patch
Patch71: openssl-1.0.1e-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch
+Patch74: openssl-1.0.1e-no-md5-verify.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch
@@ -188,6 +189,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch70 -p1 -b .fips-ec
%patch72 -p1 -b .fips-ctor
%patch73 -p1 -b .suiteb
+%patch74 -p1 -b .no-md5-verify
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports
@@ -275,6 +277,8 @@ patch -p1 -R < %{PATCH33}
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
+OPENSSL_ENABLE_MD5_VERIFY=
+export OPENSSL_ENABLE_MD5_VERIFY
make -C test apps tests
%{__cc} -o openssl-thread-test \
`krb5-config --cflags` \
@@ -456,6 +460,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Wed Nov 13 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-32
+- disable verification of certificate, CRL, and OCSP signatures
+ using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable
+ is not set
+
* Fri Nov 8 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-31
- add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)
next reply other threads:[~2026-06-09 12:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 12:43 Tomas Mraz [this message]
2026-06-09 12:43 [rpms/openssl] rebase_40beta: disable verification of certificate, CRL, and OCSP signatures using MD5 Tomas Mraz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100898888.1.15393310675436311070.rpms-openssl-dcd0fb1ec9e2@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox