|
 |
9c324da |
diff -up openssl-1.0.1e/crypto/pem/pem_info.c.backports openssl-1.0.1e/crypto/pem/pem_info.c
|
|
|
9c324da |
--- openssl-1.0.1e/crypto/pem/pem_info.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/crypto/pem/pem_info.c 2013-08-16 15:31:35.726003892 +0200
|
|
|
9c324da |
@@ -167,6 +167,7 @@ start:
|
|
|
9c324da |
#ifndef OPENSSL_NO_RSA
|
|
|
9c324da |
if (strcmp(name,PEM_STRING_RSA) == 0)
|
|
|
9c324da |
{
|
|
|
9c324da |
+ d2i=(D2I_OF(void))d2i_RSAPrivateKey;
|
|
|
9c324da |
if (xi->x_pkey != NULL)
|
|
|
9c324da |
{
|
|
|
9c324da |
if (!sk_X509_INFO_push(ret,xi)) goto err;
|
|
|
9c324da |
diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
|
|
|
9c324da |
--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports 2013-08-16 15:31:35.697003256 +0200
|
|
|
9c324da |
+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-08-16 15:33:37.770673918 +0200
|
|
|
9c324da |
@@ -582,6 +582,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CT
|
|
|
9c324da |
pm = RSA_NO_PADDING;
|
|
|
9c324da |
else if (!strcmp(value, "oeap"))
|
|
|
9c324da |
pm = RSA_PKCS1_OAEP_PADDING;
|
|
|
9c324da |
+ else if (!strcmp(value, "oaep"))
|
|
|
9c324da |
+ pm = RSA_PKCS1_OAEP_PADDING;
|
|
|
9c324da |
else if (!strcmp(value, "x931"))
|
|
|
9c324da |
pm = RSA_X931_PADDING;
|
|
|
9c324da |
else if (!strcmp(value, "pss"))
|
|
|
9c324da |
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.backports openssl-1.0.1e/crypto/x509/x509_vfy.c
|
|
|
9c324da |
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.backports 2013-08-16 15:31:35.721003782 +0200
|
|
|
9c324da |
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-08-16 15:31:35.726003892 +0200
|
|
|
9c324da |
@@ -696,6 +696,7 @@ static int check_cert(X509_STORE_CTX *ct
|
|
|
9c324da |
X509_CRL *crl = NULL, *dcrl = NULL;
|
|
|
9c324da |
X509 *x;
|
|
|
9c324da |
int ok, cnum;
|
|
|
9c324da |
+ unsigned int last_reasons;
|
|
|
9c324da |
cnum = ctx->error_depth;
|
|
|
9c324da |
x = sk_X509_value(ctx->chain, cnum);
|
|
|
9c324da |
ctx->current_cert = x;
|
|
|
9c324da |
@@ -704,6 +705,7 @@ static int check_cert(X509_STORE_CTX *ct
|
|
|
9c324da |
ctx->current_reasons = 0;
|
|
|
9c324da |
while (ctx->current_reasons != CRLDP_ALL_REASONS)
|
|
|
9c324da |
{
|
|
|
9c324da |
+ last_reasons = ctx->current_reasons;
|
|
|
9c324da |
/* Try to retrieve relevant CRL */
|
|
|
9c324da |
if (ctx->get_crl)
|
|
|
9c324da |
ok = ctx->get_crl(ctx, &crl, x);
|
|
|
9c324da |
@@ -747,6 +749,15 @@ static int check_cert(X509_STORE_CTX *ct
|
|
|
9c324da |
X509_CRL_free(dcrl);
|
|
|
9c324da |
crl = NULL;
|
|
|
9c324da |
dcrl = NULL;
|
|
|
9c324da |
+ /* If reasons not updated we wont get anywhere by
|
|
|
9c324da |
+ * another iteration, so exit loop.
|
|
|
9c324da |
+ */
|
|
|
9c324da |
+ if (last_reasons == ctx->current_reasons)
|
|
|
9c324da |
+ {
|
|
|
9c324da |
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
|
|
|
9c324da |
+ ok = ctx->verify_cb(0, ctx);
|
|
|
9c324da |
+ goto err;
|
|
|
9c324da |
+ }
|
|
|
9c324da |
}
|
|
|
9c324da |
err:
|
|
|
9c324da |
X509_CRL_free(crl);
|
|
|
9c324da |
diff -up openssl-1.0.1e/crypto/x509/x_all.c.backports openssl-1.0.1e/crypto/x509/x_all.c
|
|
|
9c324da |
--- openssl-1.0.1e/crypto/x509/x_all.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/crypto/x509/x_all.c 2013-08-16 15:33:25.247399940 +0200
|
|
|
9c324da |
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, c
|
|
|
9c324da |
|
|
|
9c324da |
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
|
|
|
9c324da |
{
|
|
|
9c324da |
+ x->cert_info->enc.modified = 1;
|
|
|
9c324da |
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
|
|
|
9c324da |
x->cert_info->signature,
|
|
|
9c324da |
x->sig_alg, x->signature, x->cert_info, ctx);
|
|
|
9c324da |
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY
|
|
|
9c324da |
|
|
|
9c324da |
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
|
|
|
9c324da |
{
|
|
|
9c324da |
+ x->crl->enc.modified = 1;
|
|
|
9c324da |
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
|
|
|
9c324da |
x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
|
|
|
9c324da |
}
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-08-16 15:31:35.727003914 +0200
|
|
|
9c324da |
@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl
|
|
|
dc696fd |
an application specific error. This will never be returned unless explicitly
|
|
|
dc696fd |
set by an application.
|
|
|
dc696fd |
|
|
|
dc696fd |
+=back
|
|
|
dc696fd |
+
|
|
|
dc696fd |
=head1 NOTES
|
|
|
dc696fd |
|
|
|
dc696fd |
The above functions should be used instead of directly referencing the fields
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports openssl-1.0.1e/doc/ssl/SSL_accept.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-08-16 15:31:35.727003914 +0200
|
|
|
9c324da |
@@ -44,17 +44,17 @@ The following return values can occur:
|
|
|
dc696fd |
|
|
|
dc696fd |
=over 4
|
|
|
dc696fd |
|
|
|
dc696fd |
-=item 1
|
|
|
dc696fd |
-
|
|
|
9c324da |
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
|
9c324da |
-established.
|
|
|
dc696fd |
-
|
|
|
dc696fd |
=item 0
|
|
|
dc696fd |
|
|
|
9c324da |
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
|
9c324da |
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
|
9c324da |
return value B<ret> to find out the reason.
|
|
|
dc696fd |
|
|
|
dc696fd |
+=item 1
|
|
|
dc696fd |
+
|
|
|
9c324da |
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
|
9c324da |
+established.
|
|
|
dc696fd |
+
|
|
|
9c324da |
=item E<lt>0
|
|
|
dc696fd |
|
|
|
9c324da |
The TLS/SSL handshake was not successful because a fatal error occurred either
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports openssl-1.0.1e/doc/ssl/SSL_connect.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-08-16 15:31:35.727003914 +0200
|
|
|
9c324da |
@@ -41,17 +41,17 @@ The following return values can occur:
|
|
|
dc696fd |
|
|
|
dc696fd |
=over 4
|
|
|
dc696fd |
|
|
|
dc696fd |
-=item 1
|
|
|
dc696fd |
-
|
|
|
dc696fd |
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
|
dc696fd |
-established.
|
|
|
dc696fd |
-
|
|
|
dc696fd |
=item 0
|
|
|
dc696fd |
|
|
|
dc696fd |
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
|
dc696fd |
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
|
dc696fd |
return value B<ret> to find out the reason.
|
|
|
dc696fd |
|
|
|
dc696fd |
+=item 1
|
|
|
dc696fd |
+
|
|
|
dc696fd |
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
|
dc696fd |
+established.
|
|
|
dc696fd |
+
|
|
|
dc696fd |
=item E<lt>0
|
|
|
dc696fd |
|
|
|
9c324da |
The TLS/SSL handshake was not successful, because a fatal error occurred either
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-08-16 15:31:35.727003914 +0200
|
|
|
9c324da |
@@ -66,16 +66,16 @@ values:
|
|
|
dc696fd |
|
|
|
dc696fd |
=over 4
|
|
|
dc696fd |
|
|
|
dc696fd |
-=item 1
|
|
|
dc696fd |
-
|
|
|
9c324da |
-The operation succeeded.
|
|
|
dc696fd |
-
|
|
|
dc696fd |
=item 0
|
|
|
dc696fd |
|
|
|
9c324da |
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
|
|
|
9c324da |
the X509_NAME could not be extracted from B<cacert>. Check the error stack
|
|
|
9c324da |
to find out the reason.
|
|
|
dc696fd |
|
|
|
dc696fd |
+=item 1
|
|
|
dc696fd |
+
|
|
|
9c324da |
+The operation succeeded.
|
|
|
dc696fd |
+
|
|
|
9c324da |
=back
|
|
|
dc696fd |
|
|
|
9c324da |
=head1 EXAMPLES
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-08-16 15:31:35.727003914 +0200
|
|
|
9c324da |
@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_
|
|
|
9c324da |
|
|
|
9c324da |
Return values from the server callback are interpreted as follows:
|
|
|
9c324da |
|
|
|
9c324da |
+=over 4
|
|
|
9c324da |
+
|
|
|
9c324da |
=item > 0
|
|
|
9c324da |
|
|
|
9c324da |
PSK identity was found and the server callback has provided the PSK
|
|
|
9c324da |
@@ -99,4 +101,6 @@ completely.
|
|
|
9c324da |
PSK identity was not found. An "unknown_psk_identity" alert message
|
|
|
9c324da |
will be sent and the connection setup fails.
|
|
|
9c324da |
|
|
|
9c324da |
+=back
|
|
|
9c324da |
+
|
|
|
9c324da |
=cut
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-08-16 15:31:35.727003914 +0200
|
|
|
dc696fd |
@@ -45,17 +45,17 @@ The following return values can occur:
|
|
|
dc696fd |
|
|
|
dc696fd |
=over 4
|
|
|
dc696fd |
|
|
|
dc696fd |
-=item 1
|
|
|
dc696fd |
-
|
|
|
dc696fd |
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
|
dc696fd |
-established.
|
|
|
dc696fd |
-
|
|
|
dc696fd |
=item 0
|
|
|
dc696fd |
|
|
|
dc696fd |
The TLS/SSL handshake was not successful but was shut down controlled and
|
|
|
dc696fd |
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
|
|
dc696fd |
return value B<ret> to find out the reason.
|
|
|
dc696fd |
|
|
|
dc696fd |
+=item 1
|
|
|
dc696fd |
+
|
|
|
dc696fd |
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
|
|
dc696fd |
+established.
|
|
|
dc696fd |
+
|
|
|
dc696fd |
=item E<lt>0
|
|
|
dc696fd |
|
|
|
dc696fd |
The TLS/SSL handshake was not successful because a fatal error occurred either
|
|
|
9c324da |
diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
|
|
|
9c324da |
--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-08-16 15:31:35.728003935 +0200
|
|
|
dc696fd |
@@ -92,11 +92,6 @@ The following return values can occur:
|
|
|
dc696fd |
|
|
|
dc696fd |
=over 4
|
|
|
dc696fd |
|
|
|
dc696fd |
-=item 1
|
|
|
dc696fd |
-
|
|
|
dc696fd |
-The shutdown was successfully completed. The "close notify" alert was sent
|
|
|
dc696fd |
-and the peer's "close notify" alert was received.
|
|
|
dc696fd |
-
|
|
|
dc696fd |
=item 0
|
|
|
dc696fd |
|
|
|
dc696fd |
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
|
|
|
9c324da |
@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be per
|
|
|
dc696fd |
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
|
|
|
dc696fd |
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
|
|
|
dc696fd |
|
|
|
dc696fd |
+=item 1
|
|
|
dc696fd |
+
|
|
|
dc696fd |
+The shutdown was successfully completed. The "close notify" alert was sent
|
|
|
dc696fd |
+and the peer's "close notify" alert was received.
|
|
|
dc696fd |
+
|
|
|
dc696fd |
=item -1
|
|
|
dc696fd |
|
|
|
dc696fd |
The shutdown was not successful because a fatal error occurred either
|
|
|
9c324da |
diff -up openssl-1.0.1e/ssl/d1_lib.c.backports openssl-1.0.1e/ssl/d1_lib.c
|
|
|
9c324da |
--- openssl-1.0.1e/ssl/d1_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/ssl/d1_lib.c 2013-08-16 15:33:33.306576363 +0200
|
|
|
9c324da |
@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
|
|
|
9c324da |
pqueue_free(s->d1->buffered_app_data.q);
|
|
|
9c324da |
|
|
|
9c324da |
OPENSSL_free(s->d1);
|
|
|
9c324da |
+ s->d1 = NULL;
|
|
|
9c324da |
}
|
|
|
9c324da |
|
|
|
9c324da |
void dtls1_clear(SSL *s)
|
|
|
9c324da |
diff -up openssl-1.0.1e/ssl/d1_pkt.c.backports openssl-1.0.1e/ssl/d1_pkt.c
|
|
|
9c324da |
--- openssl-1.0.1e/ssl/d1_pkt.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/ssl/d1_pkt.c 2013-08-16 15:31:35.728003935 +0200
|
|
|
9c324da |
@@ -847,6 +847,12 @@ start:
|
|
|
9c324da |
}
|
|
|
9c324da |
}
|
|
|
9c324da |
|
|
|
9c324da |
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
|
|
|
9c324da |
+ {
|
|
|
9c324da |
+ rr->length = 0;
|
|
|
9c324da |
+ goto start;
|
|
|
9c324da |
+ }
|
|
|
9c324da |
+
|
|
|
9c324da |
/* we now have a packet which can be read and processed */
|
|
|
9c324da |
|
|
|
9c324da |
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
|
|
|
9c324da |
@@ -1051,6 +1057,7 @@ start:
|
|
|
9c324da |
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
|
|
|
9c324da |
!s->s3->renegotiate)
|
|
|
9c324da |
{
|
|
|
9c324da |
+ s->d1->handshake_read_seq++;
|
|
|
9c324da |
s->new_session = 1;
|
|
|
9c324da |
ssl3_renegotiate(s);
|
|
|
9c324da |
if (ssl3_renegotiate_check(s))
|
|
|
9c324da |
diff -up openssl-1.0.1e/ssl/d1_srvr.c.backports openssl-1.0.1e/ssl/d1_srvr.c
|
|
|
9c324da |
--- openssl-1.0.1e/ssl/d1_srvr.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/ssl/d1_srvr.c 2013-08-16 15:31:35.728003935 +0200
|
|
|
9c324da |
@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
|
|
|
9c324da |
case SSL3_ST_SW_HELLO_REQ_B:
|
|
|
9c324da |
|
|
|
9c324da |
s->shutdown=0;
|
|
|
9c324da |
+ dtls1_clear_record_buffer(s);
|
|
|
9c324da |
dtls1_start_timer(s);
|
|
|
9c324da |
ret=dtls1_send_hello_request(s);
|
|
|
9c324da |
if (ret <= 0) goto end;
|
|
|
9c324da |
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
|
|
|
9c324da |
+ s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
|
|
|
9c324da |
s->state=SSL3_ST_SW_FLUSH;
|
|
|
9c324da |
s->init_num=0;
|
|
|
9c324da |
|
|
|
9c324da |
diff -up openssl-1.0.1e/ssl/s3_cbc.c.backports openssl-1.0.1e/ssl/s3_cbc.c
|
|
|
9c324da |
--- openssl-1.0.1e/ssl/s3_cbc.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/ssl/s3_cbc.c 2013-08-16 15:31:35.729003956 +0200
|
|
|
9c324da |
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
|
|
|
9c324da |
unsigned padding_length, good, to_check, i;
|
|
|
9c324da |
const unsigned overhead = 1 /* padding length byte */ + mac_size;
|
|
|
9c324da |
/* Check if version requires explicit IV */
|
|
|
9c324da |
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
|
|
|
9c324da |
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
|
|
|
9c324da |
{
|
|
|
9c324da |
/* These lengths are all public so we can test them in
|
|
|
9c324da |
* non-constant time.
|
|
|
9c324da |
diff -up openssl-1.0.1e/ssl/ssl_lib.c.backports openssl-1.0.1e/ssl/ssl_lib.c
|
|
|
9c324da |
--- openssl-1.0.1e/ssl/ssl_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
|
|
|
9c324da |
+++ openssl-1.0.1e/ssl/ssl_lib.c 2013-08-16 15:31:35.729003956 +0200
|
|
|
9c324da |
@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
|
|
9c324da |
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
|
|
|
9c324da |
|
|
|
9c324da |
ret->extra_certs=NULL;
|
|
|
9c324da |
- ret->comp_methods=SSL_COMP_get_compression_methods();
|
|
|
9c324da |
+ /* No compression for DTLS */
|
|
|
9c324da |
+ if (meth->version != DTLS1_VERSION)
|
|
|
9c324da |
+ ret->comp_methods=SSL_COMP_get_compression_methods();
|
|
|
9c324da |
|
|
|
9c324da |
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
|
|
|
9c324da |
|
|
|
9c324da |
@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
|
|
|
dc696fd |
/* Fix this function so that it takes an optional type parameter */
|
|
|
dc696fd |
X509 *SSL_get_certificate(const SSL *s)
|
|
|
dc696fd |
{
|
|
|
dc696fd |
- if (s->server)
|
|
|
dc696fd |
- return(ssl_get_server_send_cert(s));
|
|
|
dc696fd |
- else if (s->cert != NULL)
|
|
|
dc696fd |
+ if (s->cert != NULL)
|
|
|
dc696fd |
return(s->cert->key->x509);
|
|
|
dc696fd |
else
|
|
|
dc696fd |
return(NULL);
|
|
|
5714047 |
diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
|
|
|
5714047 |
index 3b6c469..e8a7518 100644
|
|
|
5714047 |
--- a/crypto/x86cpuid.pl
|
|
|
5714047 |
+++ b/crypto/x86cpuid.pl
|
|
|
5714047 |
@@ -69,6 +69,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
|
|
5714047 |
&inc ("esi"); # number of cores
|
|
|
5714047 |
|
|
|
5714047 |
&mov ("eax",1);
|
|
|
5714047 |
+ &xor ("ecx","ecx");
|
|
|
5714047 |
&cpuid ();
|
|
|
5714047 |
&bt ("edx",28);
|
|
|
5714047 |
&jnc (&label("generic"));
|
|
|
5714047 |
@@ -102,6 +103,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
|
|
5714047 |
|
|
|
5714047 |
&set_label("nocacheinfo");
|
|
|
5714047 |
&mov ("eax",1);
|
|
|
5714047 |
+ &xor ("ecx","ecx");
|
|
|
5714047 |
&cpuid ();
|
|
|
5714047 |
&and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
|
|
|
5714047 |
&cmp ("ebp",0);
|