public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: copy negotiated digests when switching certs by SNI (#1150032)
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 1f162bf2eec550d133c72ceacf2a22b95f81440f
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2014-10-10T14:16:48+02:00
Stats : +39/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/1f162bf2eec550d133c72ceacf2a22b95f81440f?branch=rebase_40beta
Log:
copy negotiated digests when switching certs by SNI (#1150032)
---
diff --git a/openssl-1.0.1i-copy-algo.patch b/openssl-1.0.1i-copy-algo.patch
new file mode 100644
index 0000000..927c584
--- /dev/null
+++ b/openssl-1.0.1i-copy-algo.patch
@@ -0,0 +1,33 @@
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index 6a33b9d..76a5f9e 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -3177,15 +3177,26 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+
+ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
+ {
++ CERT *ocert = ssl->cert;
+ if (ssl->ctx == ctx)
+ return ssl->ctx;
+ #ifndef OPENSSL_NO_TLSEXT
+ if (ctx == NULL)
+ ctx = ssl->initial_ctx;
+ #endif
+- if (ssl->cert != NULL)
+- ssl_cert_free(ssl->cert);
+ ssl->cert = ssl_cert_dup(ctx->cert);
++ if (ocert)
++ {
++ int i;
++ /* Copy negotiated digests from original */
++ for (i = 0; i < SSL_PKEY_NUM; i++)
++ {
++ CERT_PKEY *cpk = ocert->pkeys + i;
++ CERT_PKEY *rpk = ssl->cert->pkeys + i;
++ rpk->digest = cpk->digest;
++ }
++ ssl_cert_free(ocert);
++ }
+ CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+ if (ssl->ctx != NULL)
+ SSL_CTX_free(ssl->ctx); /* decrement reference count */
diff --git a/openssl.spec b/openssl.spec
index d8f7321..b42bc91 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1i
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -89,6 +89,7 @@ Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch84: openssl-1.0.1i-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
Patch89: openssl-1.0.1e-ephemeral-key-size.patch
+Patch94: openssl-1.0.1i-copy-algo.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -211,6 +212,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch84 -p1 -b .trusted-first
%patch85 -p1 -b .armcap
%patch89 -p1 -b .ephemeral
+%patch94 -p1 -b .copy-algo
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@@ -478,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Fri Oct 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-5
+- copy negotiated digests when switching certs by SNI (#1150032)
+
* Mon Sep 8 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-4
- add support for RFC 5649
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: copy negotiated digests when switching certs by SNI (#1150032) Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox