diff options
author | Vlad Glagolev | 2021-10-05 21:43:56 +0000 |
---|---|---|
committer | Vlad Glagolev | 2021-10-05 21:44:23 +0000 |
commit | c5b03496e0670d56b3a4ea4c4e215e41c3049c6e (patch) | |
tree | 16db6bd72a2e3d55fef8b98dde5206bd724c62d6 /crypto | |
parent | 98cba220e5d2a940f82dce278cc1e26430fa7cfc (diff) |
libressl: replace patch symlink with a real file copy
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/libressl/HISTORY | 4 | ||||
-rw-r--r--[l---------] | crypto/libressl/patches-3.3/fix-compatibility-with-pre-rfc-5280-certificates.patch | 30 |
2 files changed, 33 insertions, 1 deletions
diff --git a/crypto/libressl/HISTORY b/crypto/libressl/HISTORY index 97241260e7..6ffd4c0a6a 100644 --- a/crypto/libressl/HISTORY +++ b/crypto/libressl/HISTORY @@ -1,3 +1,7 @@ +2021-10-05 Vlad Glagolev <stealth@sourcemage.org> + * patches-3.3/fix-compatibility-with-pre-rfc-5280-certificates.patch: + becomes a real file as rsync-friendly + 2021-10-03 Pavel Vinogradov <public@sourcemage.org> * DETAILS: versions 3.3.5 and 3.2.7 diff --git a/crypto/libressl/patches-3.3/fix-compatibility-with-pre-rfc-5280-certificates.patch b/crypto/libressl/patches-3.3/fix-compatibility-with-pre-rfc-5280-certificates.patch index 890bdd2daa..d4bbe02edb 120000..100644 --- a/crypto/libressl/patches-3.3/fix-compatibility-with-pre-rfc-5280-certificates.patch +++ b/crypto/libressl/patches-3.3/fix-compatibility-with-pre-rfc-5280-certificates.patch @@ -1 +1,29 @@ -../patches-3.2/fix-compatibility-with-pre-rfc-5280-certificates.patch
\ No newline at end of file +From 405a4a7f3e60310095d7ef244e69d9acccc12322 Mon Sep 17 00:00:00 2001 +From: Ismael Luceno <ismael@iodev.co.uk> +Date: Sun, 1 Nov 2020 01:59:11 +0100 +Subject: [PATCH for 3.2] Fix compatibility with pre-RFC-5280 certificates + +Allow GENERALIZEDTIME for dates before 2050, it isn't a security issue, and +enables interoperability with older software. + +Based on a patch by Johan de Vries <devries@wivion.nl>. +--- + crypto/x509/x509_verify.c | 3 +++ + 1 files changed, 3 insertions(+) + +diff --git a/crypto/x509/x509_verify.c b/crypto/x509/x509_verify.c +index 0c32cd04b741..3dda41ea825f 100644 +--- a/crypto/x509/x509_verify.c ++++ b/crypto/x509/x509_verify.c +@@ -522,6 +522,9 @@ x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm, int notafter) + if (type == -1) + return 0; + ++ /* Allow GENERALIZEDTIME for dates before 2050, it isn't a security ++ * issue, and enables interoperability with older software. */ ++ if (type != V_ASN1_GENERALIZEDTIME) + /* RFC 5280 section 4.1.2.5 */ + if (tm->tm_year < 150 && type != V_ASN1_UTCTIME) + return 0; +-- +2.28.0 |