From a218f8cfdaea5e205124d76fa20374645fe9caf3 Mon Sep 17 00:00:00 2001
From: Paul Howarth <p...@city-fan.org>
Date: Sun, 14 Aug 2016 11:22:59 +0100
Subject: Update to 1.78
- New upstream release 1.78
- Fixed broken (since 1.75) OCSP code and tests
---
Net-SSLeay-1.77-rt116795.patch | 122 -----------------------------------------
perl-Net-SSLeay.spec | 12 ++--
sources | 2 +-
3 files changed, 7 insertions(+), 129 deletions(-)
delete mode 100644 Net-SSLeay-1.77-rt116795.patch
diff --git a/Net-SSLeay-1.77-rt116795.patch b/Net-SSLeay-1.77-rt116795.patch
deleted file mode 100644
index 27e699c..0000000
--- a/Net-SSLeay-1.77-rt116795.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-Index: SSLeay.xs
-===================================================================
---- SSLeay.xs (revision 477)
-+++ SSLeay.xs (working copy)
-@@ -6011,7 +6011,7 @@
- X509 *issuer;
- X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1);
- if ( (issuer = find_issuer(last,store,chain))) {
-- OCSP_basic_add1_cert(bsr, X509_dup(issuer));
-+ OCSP_basic_add1_cert(bsr, issuer);
- TRACE(1,"run OCSP_basic_verify with issuer for last chain
element");
- RETVAL = OCSP_basic_verify(bsr, NULL, store, flags);
- }
-@@ -6058,11 +6058,8 @@
- goto end;
- }
- int first = OCSP_resp_find(bsr, certid, -1); /* Find the
first matching */
-- if (first >= 0)
-- {
-- sir = OCSP_resp_get0(bsr,first);
-- break;
-- }
-+ if (first >= 0)
-+ sir = OCSP_resp_get0(bsr,first);
- }
-
- int status, revocationReason;
-@@ -6073,7 +6070,8 @@
- status = OCSP_single_get0_status(sir, &revocationReason,
&revocationTime, &thisupdate, &nextupdate);
- #else
- status = sir->certStatus->type;
-- revocationTime = sir->certStatus->value.revoked->revocationTime;
-+ if (status == V_OCSP_CERTSTATUS_REVOKED)
-+ revocationTime =
sir->certStatus->value.revoked->revocationTime;
- thisupdate = sir->thisUpdate;
- nextupdate = sir->nextUpdate;
- #endif
-Index: t/external/ocsp.t
-===================================================================
---- t/external/ocsp.t (revision 477)
-+++ t/external/ocsp.t (working copy)
-@@ -14,17 +14,17 @@
- my @tests = (
- {
- # this should give us OCSP stapling
-- host => 'www.live.com',
-+ host => 'www.microsoft.com',
- port => 443,
-- fingerprint => '10c56ee9e2acaf2e77caeb7072bf6522dd7422b8',
-+ fingerprint => '5f0b37e633840ca02468552ea3b1197e5e118f7b',
- ocsp_staple => 1,
- expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(),
- },
- {
-- # no OCSP stapling yet
-- host => 'www.google.com',
-+ # no OCSP stapling
-+ host => 'www.spiegel.de',
- port => 443,
-- fingerprint => '007a5ab302f14446e2ea24d3a829de22ba1bf950',
-+ fingerprint => 'ad737048455485d8c817b7d0f7403553a7b9f65b',
- expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(),
- },
- {
-@@ -31,12 +31,13 @@
- # this is revoked
- host => 'revoked.grc.com',
- port => 443,
-- fingerprint => '34703c40093461ad3ce087e161c7b7f42abe770c',
-+ fingerprint => '310665f4c8e78db761c764e798dca66047341264',
- expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_REVOKED(),
- },
- );
-
--plan tests => 0+@tests;
-+my $release_tests = $ENV{RELEASE_TESTING} ? 1:0;
-+plan tests => $release_tests + @tests;
-
-
- my $timeout = 10; # used to TCP connect and SSL connect
-@@ -50,6 +51,7 @@
-
- TEST:
-
-+my @fp_mismatch;
- for my $test (@tests) {
- my $cleanup = __cleanup__->new;
- SKIP: {
-@@ -114,8 +116,11 @@
- my $fp = $leaf_cert
- && unpack("H*",Net::SSLeay::X509_digest($leaf_cert,$sha1));
- skip "could not get fingerprint",1 if !$fp;
-- skip "bad fingerprint $fp for $test->{host}:$test->{port}",1
-- if $fp ne $test->{fingerprint};
-+ if ($fp ne $test->{fingerprint}) {
-+ push @fp_mismatch, [ $fp,$test ];
-+ skip("bad fingerprint for $test->{host}:$test->{port} -".
-+ " expected $test->{fingerprint}, got $fp",1)
-+ }
- diag("fingerprint matches");
-
- if ( $test->{ocsp_staple} && ! $stapled_response ) {
-@@ -225,6 +230,19 @@
- }
- }
-
-+if ($release_tests) {
-+ if (!@fp_mismatch) {
-+ pass("all fingerprints matched");
-+ } else {
-+ for(@fp_mismatch) {
-+ my ($fp,$test) = @$_;
-+ diag("fingerprint mismatch for $test->{host}:$test->{port} -".
-+ " expected $test->{fingerprint}, got $fp")
-+ }
-+ fail("some fingerprints did not matched - please adjust test");
-+ }
-+}
-+
- {
- # cleanup stuff when going out of scope
- package __cleanup__;
diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec
index 1a8fe67..417b157 100644
--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@@ -2,14 +2,13 @@
%global rpm49 %(rpm --version | perl -p -e 's/^.*
(\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null ||
echo 0)
Name: perl-Net-SSLeay
-Version: 1.77
-Release: 2%{?dist}
+Version: 1.78
+Release: 1%{?dist}
Summary: Perl extension for using OpenSSL
Group: Development/Libraries
License: Artistic 2.0
URL: http://search.cpan.org/dist/Net-SSLeay/
Source0:
http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-%{version}.tar.gz
-Patch0: Net-SSLeay-1.77-rt116795.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
# =========== Module Build ===========================
BuildRequires: coreutils
@@ -60,9 +59,6 @@ so you can write servers or clients for more complicated
applications.
%prep
%setup -q -n Net-SSLeay-%{version}
-# Fix OCSP (CPAN RT#116795)
-%patch0
-
# Fix permissions in examples to avoid bogus doc-file dependencies
chmod -c 644 examples/*
@@ -113,6 +109,10 @@ rm -rf %{buildroot}
%{_mandir}/man3/Net::SSLeay::Handle.3*
%changelog
+* Sun Aug 14 2016 Paul Howarth <p...@city-fan.org> - 1.78-1
+- Update to 1.78
+ - Fixed broken (since 1.75) OCSP code and tests
+
* Thu Aug 11 2016 Paul Howarth <p...@city-fan.org> - 1.77-2
- Fix OCSP (CPAN RT#116795)
diff --git a/sources b/sources
index c05be08..8a1befc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d64f828a327419055a63a561307bac95 Net-SSLeay-1.77.tar.gz
+161f2f5606858b129408ef1508b3b55f Net-SSLeay-1.78.tar.gz
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl-Net-SSLeay.git/commit/?h=f25&id=a218f8cfdaea5e205124d76fa20374645fe9caf3
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
