3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
77 lines
2.5 KiB
Diff
77 lines
2.5 KiB
Diff
Index: crypto/openssl/crypto/asn1/asn1_lib.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v
|
|
retrieving revision 1.1.1.7
|
|
diff -p -c -r1.1.1.7 asn1_lib.c
|
|
*** crypto/openssl/crypto/asn1/asn1_lib.c 10 Aug 2002 01:39:27 -0000 1.1.1.7
|
|
--- crypto/openssl/crypto/asn1/asn1_lib.c 3 Oct 2003 17:52:04 -0000
|
|
*************** int ASN1_get_object(unsigned char **pp,
|
|
*** 104,113 ****
|
|
--- 104,115 ----
|
|
l<<=7L;
|
|
l|= *(p++)&0x7f;
|
|
if (--max == 0) goto err;
|
|
+ if (l > (INT_MAX >> 7L)) goto err;
|
|
}
|
|
l<<=7L;
|
|
l|= *(p++)&0x7f;
|
|
tag=(int)l;
|
|
+ if (--max == 0) goto err;
|
|
}
|
|
else
|
|
{
|
|
Index: crypto/openssl/crypto/x509/x509_vfy.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v
|
|
retrieving revision 1.1.1.4.2.1
|
|
diff -p -c -r1.1.1.4.2.1 x509_vfy.c
|
|
*** crypto/openssl/crypto/x509/x509_vfy.c 20 Feb 2003 17:14:19 -0000 1.1.1.4.2.1
|
|
--- crypto/openssl/crypto/x509/x509_vfy.c 3 Oct 2003 17:52:04 -0000
|
|
*************** static int internal_verify(X509_STORE_CT
|
|
*** 490,496 ****
|
|
ok=(*cb)(0,ctx);
|
|
if (!ok) goto end;
|
|
}
|
|
! if (X509_verify(xs,pkey) <= 0)
|
|
{
|
|
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
|
|
ctx->current_cert=xs;
|
|
--- 490,496 ----
|
|
ok=(*cb)(0,ctx);
|
|
if (!ok) goto end;
|
|
}
|
|
! else if (X509_verify(xs,pkey) <= 0)
|
|
{
|
|
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
|
|
ctx->current_cert=xs;
|
|
Index: crypto/openssl/ssl/s3_srvr.c
|
|
===================================================================
|
|
RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
|
|
retrieving revision 1.1.1.9.2.2
|
|
diff -p -c -r1.1.1.9.2.2 s3_srvr.c
|
|
*** crypto/openssl/ssl/s3_srvr.c 21 Mar 2003 16:13:06 -0000 1.1.1.9.2.2
|
|
--- crypto/openssl/ssl/s3_srvr.c 3 Oct 2003 17:52:04 -0000
|
|
*************** int ssl3_accept(SSL *s)
|
|
*** 420,429 ****
|
|
if (ret == 2)
|
|
s->state = SSL3_ST_SR_CLNT_HELLO_C;
|
|
else {
|
|
! /* could be sent for a DH cert, even if we
|
|
! * have not asked for it :-) */
|
|
! ret=ssl3_get_client_certificate(s);
|
|
! if (ret <= 0) goto end;
|
|
s->init_num=0;
|
|
s->state=SSL3_ST_SR_KEY_EXCH_A;
|
|
}
|
|
--- 420,430 ----
|
|
if (ret == 2)
|
|
s->state = SSL3_ST_SR_CLNT_HELLO_C;
|
|
else {
|
|
! if (s->s3->tmp.cert_request)
|
|
! {
|
|
! ret=ssl3_get_client_certificate(s);
|
|
! if (ret <= 0) goto end;
|
|
! }
|
|
s->init_num=0;
|
|
s->state=SSL3_ST_SR_KEY_EXCH_A;
|
|
}
|