public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: disable verification of certificate, CRL, and OCSP signatures using MD5
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; 2+ messages in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 9caf868063fd085ed4b2246f5f8dde91873d1c15
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2013-11-13T20:06:28+01:00
Stats : +25/-0 in 1 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/9caf868063fd085ed4b2246f5f8dde91873d1c15?branch=rebase_40beta
Log:
disable verification of certificate, CRL, and OCSP signatures using MD5
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
---
diff --git a/openssl-1.0.1e-no-md5-verify.patch b/openssl-1.0.1e-no-md5-verify.patch
new file mode 100644
index 0000000..f379735
--- /dev/null
+++ b/openssl-1.0.1e-no-md5-verify.patch
@@ -0,0 +1,25 @@
+diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
+--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/a_verify.c 2013-11-13 16:30:04.628791616 +0100
+@@ -56,6 +56,9 @@
+ * [including the GNU Public Licence.]
+ */
+
++/* for secure_getenv */
++#define _GNU_SOURCE
++
+ #include <stdio.h>
+ #include <time.h>
+
+@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
+ goto err;
+ ret = -1;
+ }
++ else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
++ {
++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++ goto err;
++ }
+ else
+ {
+ const EVP_MD *type;
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [rpms/openssl] rebase_40beta: disable verification of certificate, CRL, and OCSP signatures using MD5
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; 2+ messages in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : dcd0fb1ec9e2ef9bace5473cb3924a8d867ce84b
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2013-11-13T19:42:54+01:00
Stats : +10/-1 in 1 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/dcd0fb1ec9e2ef9bace5473cb3924a8d867ce84b?branch=rebase_40beta
Log:
disable verification of certificate, CRL, and OCSP signatures using MD5
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
---
diff --git a/openssl.spec b/openssl.spec
index b1a0022..f85f646 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1e
-Release: 31%{?dist}
+Release: 32%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -74,6 +74,7 @@ Patch70: openssl-1.0.1e-fips-ec.patch
Patch71: openssl-1.0.1e-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch
+Patch74: openssl-1.0.1e-no-md5-verify.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch
@@ -188,6 +189,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch70 -p1 -b .fips-ec
%patch72 -p1 -b .fips-ctor
%patch73 -p1 -b .suiteb
+%patch74 -p1 -b .no-md5-verify
%patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports
@@ -275,6 +277,8 @@ patch -p1 -R < %{PATCH33}
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
+OPENSSL_ENABLE_MD5_VERIFY=
+export OPENSSL_ENABLE_MD5_VERIFY
make -C test apps tests
%{__cc} -o openssl-thread-test \
`krb5-config --cflags` \
@@ -456,6 +460,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Wed Nov 13 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-32
+- disable verification of certificate, CRL, and OCSP signatures
+ using MD5 if OPENSSL_ENABLE_MD5_VERIFY environment variable
+ is not set
+
* Fri Nov 8 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-31
- add back support for secp521r1 EC curve
- add aarch64 to Configure (#969692)
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: disable verification of certificate, CRL, and OCSP signatures using MD5 Tomas Mraz
-- strict thread matches above, loose matches on Subject: below --
2026-06-09 12:43 Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox