[csw-devel] SF.net SVN: gar:[18120] csw/mgar/pkg/openssl1/trunk/files/ block_bad_certificates.patch

Fri, 25 May 2012 13:36:45 -0700 

Revision: 18120
          http://gar.svn.sourceforge.net/gar/?rev=18120&view=rev
Author:   chninkel
Date:     2012-05-25 20:36:27 +0000 (Fri, 25 May 2012)
Log Message:
-----------
openssl1/trunk: fixed the block_bad_certificates.patch

Modified Paths:
--------------
    csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch

Modified: csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch      
2012-05-25 13:24:03 UTC (rev 18119)
+++ csw/mgar/pkg/openssl1/trunk/files/block_bad_certificates.patch      
2012-05-25 20:36:27 UTC (rev 18120)
@@ -1,24 +1,15 @@
-From: Raphael Geissert <geiss...@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Origin: vendor
-Forwarded: not-needed
-Last-Update: 2011-09-07
-Bug: http://bugs.debian.org/639744
-
-diff -urpN openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c 
openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c
---- openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c       2009-06-26 
06:34:21.000000000 -0500
-+++ openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c    2011-09-07 
21:23:58.000000000 -0500
-@@ -78,6 +78,7 @@ static int check_trust(X509_STORE_CTX *c
+diff -ur openssl-1.0.1c.orig/crypto/x509/x509_vfy.c 
openssl-1.0.1c/crypto/x509/x509_vfy.c
+--- openssl-1.0.1c.orig/crypto/x509/x509_vfy.c 2011-09-23 15:39:35.000000000 
+0200
++++ openssl-1.0.1c/crypto/x509/x509_vfy.c      2012-05-24 23:04:15.639610399 
+0200
+@@ -117,6 +117,7 @@
  static int check_revocation(X509_STORE_CTX *ctx);
  static int check_cert(X509_STORE_CTX *ctx);
  static int check_policy(X509_STORE_CTX *ctx);
 +static int check_ca_blacklist(X509_STORE_CTX *ctx);
-
+ 
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
                        unsigned int *preasons,
-                       X509_CRL *crl, X509 *x);
-@@ -312,6 +313,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+@@ -369,6 +370,9 @@
                ok=internal_verify(ctx);
        if(!ok) goto end;
  
@@ -28,7 +19,7 @@
  #ifndef OPENSSL_NO_RFC3779
        /* RFC 3779 path validation, now that CRL check has been done */
        ok = v3_asid_validate_path(ctx);
-@@ -661,6 +666,30 @@ static int check_crl_time(X509_STORE_CTX
+@@ -816,6 +820,31 @@
        return 1;
        }
  
@@ -56,6 +47,7 @@
 +      return 1;
 +      }
 +
- /* Lookup CRLs from the supplied list. Look for matching isser name
-  * and validity. If we can't find a valid CRL return the last one
-  * with matching name. This gives more meaningful error codes. Otherwise
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                       X509 **pissuer, int *pscore, unsigned int *preasons,
+                       STACK_OF(X509_CRL) *crls)

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

_______________________________________________
devel mailing list
devel@lists.opencsw.org
https://lists.opencsw.org/mailman/listinfo/devel

Reply via email to