summaryrefslogtreecommitdiff
path: root/core/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'core/openssl')
-rw-r--r--core/openssl/PKGBUILD15
-rw-r--r--core/openssl/disable-tls12-client.patch36
2 files changed, 46 insertions, 5 deletions
diff --git a/core/openssl/PKGBUILD b/core/openssl/PKGBUILD
index 0f0238e2d..4835d5941 100644
--- a/core/openssl/PKGBUILD
+++ b/core/openssl/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 153962 2012-03-21 06:20:46Z pierre $
+# $Id: PKGBUILD 154941 2012-03-31 12:48:22Z pierre $
# Maintainer: Pierre Schmitz <pierre@archlinux.de>
pkgname=openssl
@@ -6,7 +6,7 @@ _ver=1.0.1
# use a pacman compatible version scheme
# pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
pkgver=$_ver
-pkgrel=1
+pkgrel=2
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
arch=('i686' 'x86_64' 'mips64el')
url='https://www.openssl.org'
@@ -19,12 +19,14 @@ source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
'fix-manpages.patch'
'no-rpath.patch'
'gnu-linux-mips64el-gcc.patch'
- 'ca-dir.patch')
+ 'ca-dir.patch'
+ 'disable-tls12-client.patch')
md5sums=('134f168bc2a8333f19f81d684841710b'
'5bbc0655bda2af95bc8eb568963ce8ba'
'dc78d3d06baffc16217519242ce92478'
'd7115f0cc44df346d7b68c681819f94b'
- '3bf51be3a1bbd262be46dc619f92aa90')
+ '3bf51be3a1bbd262be46dc619f92aa90'
+ '26432b9d7af63c63828b6405c9185400')
build() {
cd $srcdir/$pkgname-$_ver
@@ -36,6 +38,8 @@ build() {
patch -p0 -i $srcdir/no-rpath.patch
# set ca dir to /etc/ssl by default
patch -p0 -i $srcdir/ca-dir.patch
+ # workaround for PR#2771
+ patch -p1 -i $srcdir/disable-tls12-client.patch
# patch -p0 -i $srcdir/gnu-linux-mips64el-gcc.patch
@@ -56,7 +60,8 @@ build() {
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
shared zlib enable-md2 ${optflags} \
"${openssltarget}" \
- -Wa,--noexecstack "${CFLAGS}" "${LDFLAGS}"
+ -Wa,--noexecstack "${CFLAGS}" "${LDFLAGS}" \
+ -DOPENSSL_NO_TLS1_2_CLIENT
make depend
make
diff --git a/core/openssl/disable-tls12-client.patch b/core/openssl/disable-tls12-client.patch
new file mode 100644
index 000000000..edb87e77f
--- /dev/null
+++ b/core/openssl/disable-tls12-client.patch
@@ -0,0 +1,36 @@
+Index: openssl/ssl/t1_lib.c
+RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
+rcsdiff -q -kk '-r1.64.2.14.2.31' '-r1.64.2.14.2.32' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null
+--- t1_lib.c 2012/02/27 16:38:10 1.64.2.14.2.31
++++ t1_lib.c 2012/03/21 21:32:57 1.64.2.14.2.32
+@@ -544,7 +544,7 @@
+ }
+ skip_ext:
+
+- if (TLS1_get_version(s) >= TLS1_2_VERSION)
++ if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+ {
+ if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
+ return NULL;
+Index: openssl/ssl/s23_clnt.c
+RCS File: /v/openssl/cvs/openssl/ssl/s23_clnt.c,v
+rcsdiff -q -kk '-r1.43.2.4.2.5' '-r1.43.2.4.2.6' -u '/v/openssl/cvs/openssl/ssl/s23_clnt.c,v' 2>/dev/null
+--- s23_clnt.c 2011/05/19 18:22:15 1.43.2.4.2.5
++++ s23_clnt.c 2012/03/29 19:08:54 1.43.2.4.2.6
+@@ -287,12 +287,14 @@
+
+ if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+ ssl2_compat = 0;
+-
++#ifndef OPENSSL_NO_TLS1_2_CLIENT
+ if (!(s->options & SSL_OP_NO_TLSv1_2))
+ {
+ version = TLS1_2_VERSION;
+ }
+- else if (!(s->options & SSL_OP_NO_TLSv1_1))
++ else
++#endif
++ if (!(s->options & SSL_OP_NO_TLSv1_1))
+ {
+ version = TLS1_1_VERSION;
+ }