openssl/patches/openssl-1.0.1-beta2-ssl-op-all.patch

   1 diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h
   2 --- openssl-1.0.1-beta2/ssl/ssl.h.op-all        2012-02-02 12:49:00.828035916 +0100
   3 +++ openssl-1.0.1-beta2/ssl/ssl.h       2012-02-02 12:52:27.297818182 +0100
   4 @@ -540,7 +540,7 @@ struct ssl_session_st
   5  #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
   6  /* Allow initial connection to servers that don't support RI */
   7  #define SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004L
   8 -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
   9 +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
  10  #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
  11  #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L
  12  #define SSL_OP_MSIE_SSLV2_RSA_PADDING                  0x00000040L /* no effect since 0.9.7h and 0.9.8b */
  13 @@ -558,7 +558,7 @@ struct ssl_session_st
  14
  15  /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
  16   *             This used to be 0x000FFFFFL before 0.9.7. */
  17 -#define SSL_OP_ALL                                     0x80000BFFL
  18 +#define SSL_OP_ALL                                     0x80000BF7L /* we still have to include SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
  19
  20  /* DTLS options */
  21  #define SSL_OP_NO_QUERY_MTU                 0x00001000L