From a218f8cfdaea5e205124d76fa20374645fe9caf3 Mon Sep 17 00:00:00 2001 From: Paul Howarth <p...@city-fan.org> Date: Sun, 14 Aug 2016 11:22:59 +0100 Subject: Update to 1.78
- New upstream release 1.78 - Fixed broken (since 1.75) OCSP code and tests --- Net-SSLeay-1.77-rt116795.patch | 122 ----------------------------------------- perl-Net-SSLeay.spec | 12 ++-- sources | 2 +- 3 files changed, 7 insertions(+), 129 deletions(-) delete mode 100644 Net-SSLeay-1.77-rt116795.patch diff --git a/Net-SSLeay-1.77-rt116795.patch b/Net-SSLeay-1.77-rt116795.patch deleted file mode 100644 index 27e699c..0000000 --- a/Net-SSLeay-1.77-rt116795.patch +++ /dev/null @@ -1,122 +0,0 @@ -Index: SSLeay.xs -=================================================================== ---- SSLeay.xs (revision 477) -+++ SSLeay.xs (working copy) -@@ -6011,7 +6011,7 @@ - X509 *issuer; - X509 *last = sk_X509_value(chain,sk_X509_num(chain)-1); - if ( (issuer = find_issuer(last,store,chain))) { -- OCSP_basic_add1_cert(bsr, X509_dup(issuer)); -+ OCSP_basic_add1_cert(bsr, issuer); - TRACE(1,"run OCSP_basic_verify with issuer for last chain element"); - RETVAL = OCSP_basic_verify(bsr, NULL, store, flags); - } -@@ -6058,11 +6058,8 @@ - goto end; - } - int first = OCSP_resp_find(bsr, certid, -1); /* Find the first matching */ -- if (first >= 0) -- { -- sir = OCSP_resp_get0(bsr,first); -- break; -- } -+ if (first >= 0) -+ sir = OCSP_resp_get0(bsr,first); - } - - int status, revocationReason; -@@ -6073,7 +6070,8 @@ - status = OCSP_single_get0_status(sir, &revocationReason, &revocationTime, &thisupdate, &nextupdate); - #else - status = sir->certStatus->type; -- revocationTime = sir->certStatus->value.revoked->revocationTime; -+ if (status == V_OCSP_CERTSTATUS_REVOKED) -+ revocationTime = sir->certStatus->value.revoked->revocationTime; - thisupdate = sir->thisUpdate; - nextupdate = sir->nextUpdate; - #endif -Index: t/external/ocsp.t -=================================================================== ---- t/external/ocsp.t (revision 477) -+++ t/external/ocsp.t (working copy) -@@ -14,17 +14,17 @@ - my @tests = ( - { - # this should give us OCSP stapling -- host => 'www.live.com', -+ host => 'www.microsoft.com', - port => 443, -- fingerprint => '10c56ee9e2acaf2e77caeb7072bf6522dd7422b8', -+ fingerprint => '5f0b37e633840ca02468552ea3b1197e5e118f7b', - ocsp_staple => 1, - expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(), - }, - { -- # no OCSP stapling yet -- host => 'www.google.com', -+ # no OCSP stapling -+ host => 'www.spiegel.de', - port => 443, -- fingerprint => '007a5ab302f14446e2ea24d3a829de22ba1bf950', -+ fingerprint => 'ad737048455485d8c817b7d0f7403553a7b9f65b', - expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_GOOD(), - }, - { -@@ -31,12 +31,13 @@ - # this is revoked - host => 'revoked.grc.com', - port => 443, -- fingerprint => '34703c40093461ad3ce087e161c7b7f42abe770c', -+ fingerprint => '310665f4c8e78db761c764e798dca66047341264', - expect_status => Net::SSLeay::V_OCSP_CERTSTATUS_REVOKED(), - }, - ); - --plan tests => 0+@tests; -+my $release_tests = $ENV{RELEASE_TESTING} ? 1:0; -+plan tests => $release_tests + @tests; - - - my $timeout = 10; # used to TCP connect and SSL connect -@@ -50,6 +51,7 @@ - - TEST: - -+my @fp_mismatch; - for my $test (@tests) { - my $cleanup = __cleanup__->new; - SKIP: { -@@ -114,8 +116,11 @@ - my $fp = $leaf_cert - && unpack("H*",Net::SSLeay::X509_digest($leaf_cert,$sha1)); - skip "could not get fingerprint",1 if !$fp; -- skip "bad fingerprint $fp for $test->{host}:$test->{port}",1 -- if $fp ne $test->{fingerprint}; -+ if ($fp ne $test->{fingerprint}) { -+ push @fp_mismatch, [ $fp,$test ]; -+ skip("bad fingerprint for $test->{host}:$test->{port} -". -+ " expected $test->{fingerprint}, got $fp",1) -+ } - diag("fingerprint matches"); - - if ( $test->{ocsp_staple} && ! $stapled_response ) { -@@ -225,6 +230,19 @@ - } - } - -+if ($release_tests) { -+ if (!@fp_mismatch) { -+ pass("all fingerprints matched"); -+ } else { -+ for(@fp_mismatch) { -+ my ($fp,$test) = @$_; -+ diag("fingerprint mismatch for $test->{host}:$test->{port} -". -+ " expected $test->{fingerprint}, got $fp") -+ } -+ fail("some fingerprints did not matched - please adjust test"); -+ } -+} -+ - { - # cleanup stuff when going out of scope - package __cleanup__; diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec index 1a8fe67..417b157 100644 --- a/perl-Net-SSLeay.spec +++ b/perl-Net-SSLeay.spec @@ -2,14 +2,13 @@ %global rpm49 %(rpm --version | perl -p -e 's/^.* (\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null || echo 0) Name: perl-Net-SSLeay -Version: 1.77 -Release: 2%{?dist} +Version: 1.78 +Release: 1%{?dist} Summary: Perl extension for using OpenSSL Group: Development/Libraries License: Artistic 2.0 URL: http://search.cpan.org/dist/Net-SSLeay/ Source0: http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-%{version}.tar.gz -Patch0: Net-SSLeay-1.77-rt116795.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) # =========== Module Build =========================== BuildRequires: coreutils @@ -60,9 +59,6 @@ so you can write servers or clients for more complicated applications. %prep %setup -q -n Net-SSLeay-%{version} -# Fix OCSP (CPAN RT#116795) -%patch0 - # Fix permissions in examples to avoid bogus doc-file dependencies chmod -c 644 examples/* @@ -113,6 +109,10 @@ rm -rf %{buildroot} %{_mandir}/man3/Net::SSLeay::Handle.3* %changelog +* Sun Aug 14 2016 Paul Howarth <p...@city-fan.org> - 1.78-1 +- Update to 1.78 + - Fixed broken (since 1.75) OCSP code and tests + * Thu Aug 11 2016 Paul Howarth <p...@city-fan.org> - 1.77-2 - Fix OCSP (CPAN RT#116795) diff --git a/sources b/sources index c05be08..8a1befc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d64f828a327419055a63a561307bac95 Net-SSLeay-1.77.tar.gz +161f2f5606858b129408ef1508b3b55f Net-SSLeay-1.78.tar.gz -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl-Net-SSLeay.git/commit/?h=f25&id=a218f8cfdaea5e205124d76fa20374645fe9caf3 -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org