Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2014-06-18 07:47:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2014-05-14 10:26:09.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2014-06-18 07:47:43.000000000 +0200 @@ -1,0 +2,40 @@ +Thu Jun 5 14:37:19 UTC 2014 - [email protected] + +- updated openssl to 1.0.1h (bnc#880891): + - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted + handshake can force the use of weak keying material in OpenSSL + SSL/TLS clients and servers. + - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an + OpenSSL DTLS client the code can be made to recurse eventually crashing + in a DoS attack. + - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer + overrun attack can be triggered by sending invalid DTLS fragments to + an OpenSSL DTLS client or server. This is potentially exploitable to + run arbitrary code on a vulnerable client or server. + - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous + ECDH ciphersuites are subject to a denial of service attack. +- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream +- CVE-2014-0198.patch: removed, upstream +- 0009-Fix-double-frees.patch: removed, upstream +- 0012-Fix-eckey_priv_encode.patch: removed, upstream +- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream +- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream +- 0020-Initialize-num-properly.patch: removed, upstream +- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream +- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream +- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream +- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream + +- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase +- openssl-1.0.1c-ipv6-apps.patch: refreshed +- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed + +------------------------------------------------------------------- +Wed May 21 12:19:53 UTC 2014 - [email protected] + +- Added new SUSE default cipher suite + openssl-1.0.1e-add-suse-default-cipher.patch + openssl-1.0.1e-add-suse-default-cipher-header.patch + openssl-1.0.1e-add-test-suse-default-cipher-suite.patch + +------------------------------------------------------------------- Old: ---- 0009-Fix-double-frees.patch 0012-Fix-eckey_priv_encode.patch 0017-Double-free-in-i2o_ECPublicKey.patch 0018-fix-coverity-issues-966593-966596.patch 0020-Initialize-num-properly.patch 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch 0023-evp-prevent-underflow-in-base64-decoding.patch 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch CVE-2014-0198.patch openssl-1.0.1g.tar.gz openssl-1.0.1g.tar.gz.asc openssl-buffreelistbug-aka-CVE-2010-5298.patch New: ---- openssl-1.0.1e-add-suse-default-cipher-header.patch openssl-1.0.1e-add-suse-default-cipher.patch openssl-1.0.1e-add-test-suse-default-cipher-suite.patch openssl-1.0.1h.tar.gz openssl-1.0.1h.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.Ma4WJG/_old 2014-06-18 07:47:45.000000000 +0200 +++ /var/tmp/diff_new_pack.Ma4WJG/_new 2014-06-18 07:47:45.000000000 +0200 @@ -29,7 +29,7 @@ %ifarch ppc64 Obsoletes: openssl-64bit %endif -Version: 1.0.1g +Version: 1.0.1h Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -65,21 +65,14 @@ Patch17: openssl-1.0.1e-fips-ctor.patch Patch18: openssl-1.0.1e-new-fips-reqs.patch Patch19: openssl-gcc-attributes.patch -Patch20: openssl-buffreelistbug-aka-CVE-2010-5298.patch Patch21: openssl-libssl-noweakciphers.patch -Patch22: CVE-2014-0198.patch -Patch23: 0009-Fix-double-frees.patch -Patch24: 0012-Fix-eckey_priv_encode.patch -Patch25: 0017-Double-free-in-i2o_ECPublicKey.patch Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch -Patch27: 0018-fix-coverity-issues-966593-966596.patch -Patch28: 0020-Initialize-num-properly.patch -Patch29: 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch -Patch30: 0023-evp-prevent-underflow-in-base64-decoding.patch -Patch31: 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch -Patch32: 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch Patch33: openssl-no-egd.patch Patch34: openssl-fips-hidden.patch +Patch35: openssl-1.0.1e-add-suse-default-cipher.patch +Patch36: openssl-1.0.1e-add-suse-default-cipher-header.patch +Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -186,21 +179,13 @@ %patch17 -p1 %patch18 -p1 %patch19 -p1 -%patch20 -p1 %patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 %patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 %patch33 -p1 %patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure" ++++++ 0001-libcrypto-Hide-library-private-symbols.patch ++++++ ++++ 711 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl/0001-libcrypto-Hide-library-private-symbols.patch ++++ and /work/SRC/openSUSE:Factory/.openssl.new/0001-libcrypto-Hide-library-private-symbols.patch ++++++ openssl-1.0.1c-ipv6-apps.patch ++++++ --- /var/tmp/diff_new_pack.Ma4WJG/_old 2014-06-18 07:47:45.000000000 +0200 +++ /var/tmp/diff_new_pack.Ma4WJG/_new 2014-06-18 07:47:45.000000000 +0200 @@ -1,7 +1,7 @@ -Index: openssl-1.0.1g/apps/s_apps.h +Index: openssl-1.0.1h/apps/s_apps.h =================================================================== ---- openssl-1.0.1g.orig/apps/s_apps.h -+++ openssl-1.0.1g/apps/s_apps.h +--- openssl-1.0.1h.orig/apps/s_apps.h ++++ openssl-1.0.1h/apps/s_apps.h @@ -148,7 +148,7 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" @@ -24,10 +24,10 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -Index: openssl-1.0.1g/apps/s_client.c +Index: openssl-1.0.1h/apps/s_client.c =================================================================== ---- openssl-1.0.1g.orig/apps/s_client.c -+++ openssl-1.0.1g/apps/s_client.c +--- openssl-1.0.1h.orig/apps/s_client.c ++++ openssl-1.0.1h/apps/s_client.c @@ -567,7 +567,7 @@ int MAIN(int argc, char **argv) int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; @@ -62,10 +62,10 @@ { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); SHUTDOWN(s); -Index: openssl-1.0.1g/apps/s_server.c +Index: openssl-1.0.1h/apps/s_server.c =================================================================== ---- openssl-1.0.1g.orig/apps/s_server.c -+++ openssl-1.0.1g/apps/s_server.c +--- openssl-1.0.1h.orig/apps/s_server.c ++++ openssl-1.0.1h/apps/s_server.c @@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[]) { X509_VERIFY_PARAM *vpm = NULL; @@ -97,10 +97,10 @@ print_stats(bio_s_out,ctx); ret=0; end: -Index: openssl-1.0.1g/apps/s_socket.c +Index: openssl-1.0.1h/apps/s_socket.c =================================================================== ---- openssl-1.0.1g.orig/apps/s_socket.c -+++ openssl-1.0.1g/apps/s_socket.c +--- openssl-1.0.1h.orig/apps/s_socket.c ++++ openssl-1.0.1h/apps/s_socket.c @@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha static void ssl_sock_cleanup(void); #endif @@ -182,7 +182,7 @@ { - i=0; - i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); -- if (i < 0) { perror("keepalive"); return(0); } +- if (i < 0) { closesocket(s); perror("keepalive"); return(0); } + int i=0; + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE, + (char *)&i,sizeof(i)); @@ -359,7 +359,7 @@ int len; /* struct linger ling; */ -@@ -431,135 +473,58 @@ redoit: +@@ -431,138 +473,59 @@ redoit: */ if (host == NULL) goto end; @@ -388,6 +388,7 @@ + if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) { perror("OPENSSL_malloc"); + closesocket(ret); return(0); } - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); @@ -396,11 +397,13 @@ - if (h2 == NULL) - { - BIO_printf(bio_err,"gethostbyname failure\n"); +- closesocket(ret); - return(0); - } - if (h2->h_addrtype != AF_INET) - { - BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); +- closesocket(ret); - return(0); - } + strcpy(*host, buffer); ++++++ openssl-1.0.1e-add-suse-default-cipher-header.patch ++++++ Index: openssl-1.0.1g/ssl/ssl.h =================================================================== --- openssl-1.0.1g.orig/ssl/ssl.h +++ openssl-1.0.1g/ssl/ssl.h @@ -332,9 +332,11 @@ extern "C" { * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" + #define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA" + /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is * throwing out anonymous and unencrypted ciphersuites! ++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++ Index: openssl-1.0.1g/ssl/ssl_ciph.c =================================================================== --- openssl-1.0.1g.orig/ssl/ssl_ciph.c +++ openssl-1.0.1g/ssl/ssl_ciph.c @@ -1470,7 +1470,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ */ ok = 1; rule_p = rule_str; - if (strncmp(rule_str,"DEFAULT",7) == 0) + + if (strncmp(rule_str,"DEFAULT_SUSE",12) == 0) + { + ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST, + &head, &tail, ca_list); + rule_p += 12; + if (*rule_p == ':') + rule_p++; + } + + else if (strncmp(rule_str,"DEFAULT",7) == 0) { ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail, ca_list); Index: openssl-1.0.1g/ssl/ssl.h =================================================================== --- openssl-1.0.1g.orig/ssl/ssl.h +++ openssl-1.0.1g/ssl/ssl.h @@ -331,7 +331,10 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!LOW" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES" +#define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\ + "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\ + "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA" /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is * throwing out anonymous and unencrypted ciphersuites! ++++++ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ++++++ Index: openssl-1.0.1f/test/testssl =================================================================== --- openssl-1.0.1f.orig/test/testssl +++ openssl-1.0.1f/test/testssl @@ -136,6 +136,25 @@ for protocol in TLSv1.2 SSLv3; do done done +echo "Testing default ciphersuites" + +for cipher_suite in DEFAULT_SUSE DEFAULT; do + ../util/shlib_wrap.sh ../apps/openssl ciphers $cipher_suite + if [ $? -ne 0 ]; then + echo "Failed default ciphersuite $cipher_suite" + exit 1 + fi +done + +echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite" +../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES-[^CBC3]" + +if [ $? -ne 1 ];then + echo "weak ciphers are present on DEFAULT_SUSE cipher suite" + exit 1 +fi + + ############################################################################# if ../util/shlib_wrap.sh ../apps/openssl no-dh; then ++++++ openssl-fix-pod-syntax.diff ++++++ --- /var/tmp/diff_new_pack.Ma4WJG/_old 2014-06-18 07:47:45.000000000 +0200 +++ /var/tmp/diff_new_pack.Ma4WJG/_new 2014-06-18 07:47:45.000000000 +0200 @@ -59,88 +59,10 @@ doc/ssl/SSL_write.pod | 2 +- 23 files changed, 59 insertions(+), 55 deletions(-) -Index: openssl-1.0.1g/doc/apps/cms.pod +Index: openssl-1.0.1h/doc/apps/ts.pod =================================================================== ---- openssl-1.0.1g.orig/doc/apps/cms.pod -+++ openssl-1.0.1g/doc/apps/cms.pod -@@ -450,28 +450,28 @@ remains DER. - - =over 4 - --=item 0 -+=item Z<>0 - - the operation was completely successfully. - --=item 1 -+=item Z<>1 - - an error occurred parsing the command options. - --=item 2 -+=item Z<>2 - - one of the input files could not be read. - --=item 3 -+=item Z<>3 - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item Z<>4 - - an error occurred decrypting or verifying the message. - --=item 5 -+=item Z<>5 - - the message was verified correctly but an error occurred writing out - the signers certificates. -Index: openssl-1.0.1g/doc/apps/smime.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/apps/smime.pod -+++ openssl-1.0.1g/doc/apps/smime.pod -@@ -308,28 +308,28 @@ remains DER. - - =over 4 - --=item 0 -+=item Z<>0 - - the operation was completely successfully. - --=item 1 -+=item Z<>1 - - an error occurred parsing the command options. - --=item 2 -+=item Z<>2 - - one of the input files could not be read. - --=item 3 -+=item Z<>3 - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item Z<>4 - - an error occurred decrypting or verifying the message. - --=item 5 -+=item Z<>5 - - the message was verified correctly but an error occurred writing out - the signers certificates. -Index: openssl-1.0.1g/doc/apps/ts.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/apps/ts.pod -+++ openssl-1.0.1g/doc/apps/ts.pod +--- openssl-1.0.1h.orig/doc/apps/ts.pod ++++ openssl-1.0.1h/doc/apps/ts.pod @@ -58,19 +58,19 @@ time. Here is a brief description of the =over 4 @@ -164,10 +86,10 @@ The TSA client receives the time stamp token and verifies the signature on it. It also checks if the token contains the same hash -Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod +Index: openssl-1.0.1h/doc/crypto/OPENSSL_ia32cap.pod =================================================================== ---- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod -+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod +--- openssl-1.0.1h.orig/doc/crypto/OPENSSL_ia32cap.pod ++++ openssl-1.0.1h/doc/crypto/OPENSSL_ia32cap.pod @@ -20,6 +20,8 @@ toolkit initialization, but can be manip crypto library behaviour. For the moment of this writing six bits are significant, namely: @@ -186,10 +108,10 @@ For example, clearing bit #26 at run-time disables high-performance SSE2 code present in the crypto library. You might have to do this if target OpenSSL application is executed on SSE2 capable CPU, but under -Index: openssl-1.0.1g/doc/crypto/rand.pod +Index: openssl-1.0.1h/doc/crypto/rand.pod =================================================================== ---- openssl-1.0.1g.orig/doc/crypto/rand.pod -+++ openssl-1.0.1g/doc/crypto/rand.pod +--- openssl-1.0.1h.orig/doc/crypto/rand.pod ++++ openssl-1.0.1h/doc/crypto/rand.pod @@ -74,16 +74,16 @@ First up I will state the things I belie =over 4 @@ -241,318 +163,3 @@ Given the random number output stream, it should not be possible to determine the RNG state or the next random number. -Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod -+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod -@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re - - =over 4 - --=item 0 -+=item Z<>0 - - The operation succeeded. - --=item 1 -+=item Z<>1 - - The operation failed. Check the error queue to find out the reason. - -Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod -+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod -@@ -52,13 +52,13 @@ The following values are returned by all - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod -@@ -100,13 +100,13 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed because B<CAfile> and B<CApath> are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,13 +66,13 @@ values: - - =over 4 - --=item 0 -+=item Z<>0 - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B<cacert>. Check the error stack - to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod -@@ -64,13 +64,13 @@ return the following values: - - =over 4 - --=item 0 -+=item Z<>0 - - The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded - the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error - is logged to the error stack. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod -@@ -42,11 +42,11 @@ and SSL_set_ssl_method(): - - =over 4 - --=item 0 -+=item Z<>0 - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -96,7 +96,7 @@ data to B<psk> and return the length of - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item Z<>0 - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. -Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod -+++ openssl-1.0.1g/doc/ssl/SSL_accept.pod -@@ -44,13 +44,13 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B<ret> to find out the reason. - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod -+++ openssl-1.0.1g/doc/ssl/SSL_clear.pod -@@ -56,12 +56,12 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item Z<>1 - - The SSL_clear() operation was successful. - -Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod -+++ openssl-1.0.1g/doc/ssl/SSL_connect.pod -@@ -41,13 +41,13 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B<ret> to find out the reason. - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod -+++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod -@@ -45,13 +45,13 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B<ret> to find out the reason. - --=item 1 -+=item Z<>1 - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. -Index: openssl-1.0.1g/doc/ssl/SSL_read.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod -+++ openssl-1.0.1g/doc/ssl/SSL_read.pod -@@ -86,7 +86,7 @@ The following return values can occur: - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item Z<>0 - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case -Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod -+++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod -@@ -27,11 +27,11 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - A new session was negotiated. - --=item 1 -+=item Z<>1 - - A session was reused. - -Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod -+++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod -@@ -35,11 +35,11 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod -+++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod -@@ -37,11 +37,11 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item Z<>1 - - The operation succeeded. - -Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod -+++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod -@@ -92,19 +92,19 @@ The following return values can occur: - - =over 4 - --=item 0 -+=item Z<>0 - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. - The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an - erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - --=item 1 -+=item Z<>1 - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - --=item -1 -+=item Z<>-1 - - The shutdown was not successful because a fatal error occurred either - at the protocol level or a connection failure occurred. It can also occur if -Index: openssl-1.0.1g/doc/ssl/SSL_write.pod -=================================================================== ---- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod -+++ openssl-1.0.1g/doc/ssl/SSL_write.pod -@@ -79,7 +79,7 @@ The following return values can occur: - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item Z<>0 - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B<ret> to find out, -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
