]>
Commit | Line | Data |
---|---|---|
37d333a7 MT |
1 | From 08f8933fa34d242383a1e12d4701acb1855686bf Mon Sep 17 00:00:00 2001 |
2 | From: Nick Alcock <nix@esperi.org.uk> | |
3 | Date: Fri, 15 Feb 2013 17:44:11 +0000 | |
4 | Subject: [PATCH] Fix POD errors to stop make install_docs dying with pod2man | |
5 | 2.5.0+ | |
6 | ||
7 | podlators 2.5.0 has switched to dying on POD syntax errors. This means | |
8 | that a bunch of long-standing erroneous POD in the openssl documentation | |
9 | now leads to fatal errors from pod2man, halting installation. | |
10 | ||
11 | Unfortunately POD constraints mean that you have to sort numeric lists | |
12 | in ascending order if they start with 1: you cannot do 1, 0, 2 even if | |
13 | you want 1 to appear first. I've reshuffled such (alas, I wish there | |
14 | were a better way but I don't know of one). | |
15 | (cherry picked from commit 5cc270774258149235f69e1789b3370f57b0e27b) | |
16 | --- | |
17 | doc/crypto/X509_STORE_CTX_get_error.pod | 2 ++ | |
18 | doc/ssl/SSL_CTX_set_client_CA_list.pod | 8 ++++---- | |
19 | doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 4 ++++ | |
20 | doc/ssl/SSL_accept.pod | 10 +++++----- | |
21 | doc/ssl/SSL_connect.pod | 10 +++++----- | |
22 | doc/ssl/SSL_do_handshake.pod | 10 +++++----- | |
23 | doc/ssl/SSL_shutdown.pod | 10 +++++----- | |
24 | 7 files changed, 30 insertions(+), 24 deletions(-) | |
25 | ||
26 | diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod | |
27 | index a883f6c..60e8332 100644 | |
28 | --- a/doc/crypto/X509_STORE_CTX_get_error.pod | |
29 | +++ b/doc/crypto/X509_STORE_CTX_get_error.pod | |
30 | @@ -278,6 +278,8 @@ happen if extended CRL checking is enabled. | |
31 | an application specific error. This will never be returned unless explicitly | |
32 | set by an application. | |
33 | ||
34 | +=back | |
35 | + | |
36 | =head1 NOTES | |
37 | ||
38 | The above functions should be used instead of directly referencing the fields | |
39 | diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod | |
40 | index 632b556..5e66133 100644 | |
41 | --- a/doc/ssl/SSL_CTX_set_client_CA_list.pod | |
42 | +++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod | |
43 | @@ -66,16 +66,16 @@ values: | |
44 | ||
45 | =over 4 | |
46 | ||
47 | -=item 1 | |
48 | - | |
49 | -The operation succeeded. | |
50 | - | |
51 | =item 0 | |
52 | ||
53 | A failure while manipulating the STACK_OF(X509_NAME) object occurred or | |
54 | the X509_NAME could not be extracted from B<cacert>. Check the error stack | |
55 | to find out the reason. | |
56 | ||
57 | +=item 1 | |
58 | + | |
59 | +The operation succeeded. | |
60 | + | |
61 | =back | |
62 | ||
63 | =head1 EXAMPLES | |
64 | diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | |
65 | index b80e25b..7e60df5 100644 | |
66 | --- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | |
67 | +++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | |
68 | @@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return | |
69 | ||
70 | Return values from the server callback are interpreted as follows: | |
71 | ||
72 | +=over 4 | |
73 | + | |
74 | =item > 0 | |
75 | ||
76 | PSK identity was found and the server callback has provided the PSK | |
77 | @@ -99,4 +101,6 @@ completely. | |
78 | PSK identity was not found. An "unknown_psk_identity" alert message | |
79 | will be sent and the connection setup fails. | |
80 | ||
81 | +=back | |
82 | + | |
83 | =cut | |
84 | diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod | |
85 | index cc724c0..b1c34d1 100644 | |
86 | --- a/doc/ssl/SSL_accept.pod | |
87 | +++ b/doc/ssl/SSL_accept.pod | |
88 | @@ -44,17 +44,17 @@ The following return values can occur: | |
89 | ||
90 | =over 4 | |
91 | ||
92 | -=item 1 | |
93 | - | |
94 | -The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been | |
95 | -established. | |
96 | - | |
97 | =item 0 | |
98 | ||
99 | The TLS/SSL handshake was not successful but was shut down controlled and | |
100 | by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the | |
101 | return value B<ret> to find out the reason. | |
102 | ||
103 | +=item 1 | |
104 | + | |
105 | +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been | |
106 | +established. | |
107 | + | |
108 | =item E<lt>0 | |
109 | ||
110 | The TLS/SSL handshake was not successful because a fatal error occurred either | |
111 | diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod | |
112 | index cc56ebb..946ca89 100644 | |
113 | --- a/doc/ssl/SSL_connect.pod | |
114 | +++ b/doc/ssl/SSL_connect.pod | |
115 | @@ -41,17 +41,17 @@ The following return values can occur: | |
116 | ||
117 | =over 4 | |
118 | ||
119 | -=item 1 | |
120 | - | |
121 | -The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been | |
122 | -established. | |
123 | - | |
124 | =item 0 | |
125 | ||
126 | The TLS/SSL handshake was not successful but was shut down controlled and | |
127 | by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the | |
128 | return value B<ret> to find out the reason. | |
129 | ||
130 | +=item 1 | |
131 | + | |
132 | +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been | |
133 | +established. | |
134 | + | |
135 | =item E<lt>0 | |
136 | ||
137 | The TLS/SSL handshake was not successful, because a fatal error occurred either | |
138 | diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod | |
139 | index 2435764..7f8cf24 100644 | |
140 | --- a/doc/ssl/SSL_do_handshake.pod | |
141 | +++ b/doc/ssl/SSL_do_handshake.pod | |
142 | @@ -45,17 +45,17 @@ The following return values can occur: | |
143 | ||
144 | =over 4 | |
145 | ||
146 | -=item 1 | |
147 | - | |
148 | -The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been | |
149 | -established. | |
150 | - | |
151 | =item 0 | |
152 | ||
153 | The TLS/SSL handshake was not successful but was shut down controlled and | |
154 | by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the | |
155 | return value B<ret> to find out the reason. | |
156 | ||
157 | +=item 1 | |
158 | + | |
159 | +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been | |
160 | +established. | |
161 | + | |
162 | =item E<lt>0 | |
163 | ||
164 | The TLS/SSL handshake was not successful because a fatal error occurred either | |
165 | diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod | |
166 | index 89911ac..42a89b7 100644 | |
167 | --- a/doc/ssl/SSL_shutdown.pod | |
168 | +++ b/doc/ssl/SSL_shutdown.pod | |
169 | @@ -92,11 +92,6 @@ The following return values can occur: | |
170 | ||
171 | =over 4 | |
172 | ||
173 | -=item 1 | |
174 | - | |
175 | -The shutdown was successfully completed. The "close notify" alert was sent | |
176 | -and the peer's "close notify" alert was received. | |
177 | - | |
178 | =item 0 | |
179 | ||
180 | The shutdown is not yet finished. Call SSL_shutdown() for a second time, | |
181 | @@ -104,6 +99,11 @@ if a bidirectional shutdown shall be performed. | |
182 | The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an | |
183 | erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. | |
184 | ||
185 | +=item 1 | |
186 | + | |
187 | +The shutdown was successfully completed. The "close notify" alert was sent | |
188 | +and the peer's "close notify" alert was received. | |
189 | + | |
190 | =item -1 | |
191 | ||
192 | The shutdown was not successful because a fatal error occurred either | |
193 | -- | |
194 | 1.7.9.5 | |
195 | ||
196 | From 147dbb2fe3bead7a10e2f280261b661ce7af7adc Mon Sep 17 00:00:00 2001 | |
197 | From: "Dr. Stephen Henson" <steve@openssl.org> | |
198 | Date: Mon, 11 Feb 2013 18:24:03 +0000 | |
199 | Subject: [PATCH] Fix for SSL_get_certificate | |
200 | ||
201 | Now we set the current certificate to the one used by a server | |
202 | there is no need to call ssl_get_server_send_cert which will | |
203 | fail if we haven't sent a certificate yet. | |
204 | --- | |
205 | ssl/ssl_lib.c | 4 +--- | |
206 | 1 file changed, 1 insertion(+), 3 deletions(-) | |
207 | ||
208 | diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c | |
209 | index 14d143d..ff5a85a 100644 | |
210 | --- a/ssl/ssl_lib.c | |
211 | +++ b/ssl/ssl_lib.c | |
212 | @@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s) | |
213 | /* Fix this function so that it takes an optional type parameter */ | |
214 | X509 *SSL_get_certificate(const SSL *s) | |
215 | { | |
216 | - if (s->server) | |
217 | - return(ssl_get_server_send_cert(s)); | |
218 | - else if (s->cert != NULL) | |
219 | + if (s->cert != NULL) | |
220 | return(s->cert->key->x509); | |
221 | else | |
222 | return(NULL); | |
223 | -- | |
224 | 1.7.9.5 | |
225 | ||
226 | From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001 | |
227 | From: David Woodhouse <dwmw2@infradead.org> | |
228 | Date: Tue, 12 Feb 2013 14:55:32 +0000 | |
229 | Subject: [PATCH] Check DTLS_BAD_VER for version number. | |
230 | ||
231 | The version check for DTLS1_VERSION was redundant as | |
232 | DTLS1_VERSION > TLS1_1_VERSION, however we do need to | |
233 | check for DTLS1_BAD_VER for compatibility. | |
234 | ||
235 | PR:2984 | |
236 | (cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) | |
237 | --- | |
238 | ssl/s3_cbc.c | 2 +- | |
239 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
240 | ||
241 | diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c | |
242 | index 02edf3f..443a31e 100644 | |
243 | --- a/ssl/s3_cbc.c | |
244 | +++ b/ssl/s3_cbc.c | |
245 | @@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, | |
246 | unsigned padding_length, good, to_check, i; | |
247 | const unsigned overhead = 1 /* padding length byte */ + mac_size; | |
248 | /* Check if version requires explicit IV */ | |
249 | - if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) | |
250 | + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) | |
251 | { | |
252 | /* These lengths are all public so we can test them in | |
253 | * non-constant time. | |
254 | -- | |
255 | 1.7.9.5 | |
256 |