commit openssl for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package openssl for openSUSE:Factory checked in at 2014-06-18 07:47:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl (Old)
and /work/SRC/openSUSE:Factory/.openssl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2014-05-14 10:26:09.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2014-06-18 07:47:43.000000000 +0200
@@ -1,0 +2,40 @@
+Thu Jun 5 14:37:19 UTC 2014 - meissner@suse.com
+
+- updated openssl to 1.0.1h (bnc#880891):
+ - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+ handshake can force the use of weak keying material in OpenSSL
+ SSL/TLS clients and servers.
+ - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+ OpenSSL DTLS client the code can be made to recurse eventually crashing
+ in a DoS attack.
+ - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
+ overrun attack can be triggered by sending invalid DTLS fragments to
+ an OpenSSL DTLS client or server. This is potentially exploitable to
+ run arbitrary code on a vulnerable client or server.
+ - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
+ ECDH ciphersuites are subject to a denial of service attack.
+- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
+- CVE-2014-0198.patch: removed, upstream
+- 0009-Fix-double-frees.patch: removed, upstream
+- 0012-Fix-eckey_priv_encode.patch: removed, upstream
+- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
+- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
+- 0020-Initialize-num-properly.patch: removed, upstream
+- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
+- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
+- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
+- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
+
+- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
+- openssl-1.0.1c-ipv6-apps.patch: refreshed
+- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
+
+-------------------------------------------------------------------
+Wed May 21 12:19:53 UTC 2014 - vpereira@novell.com
+
+- Added new SUSE default cipher suite
+ openssl-1.0.1e-add-suse-default-cipher.patch
+ openssl-1.0.1e-add-suse-default-cipher-header.patch
+ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+
+-------------------------------------------------------------------
Old:
----
0009-Fix-double-frees.patch
0012-Fix-eckey_priv_encode.patch
0017-Double-free-in-i2o_ECPublicKey.patch
0018-fix-coverity-issues-966593-966596.patch
0020-Initialize-num-properly.patch
0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
0023-evp-prevent-underflow-in-base64-decoding.patch
0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch
CVE-2014-0198.patch
openssl-1.0.1g.tar.gz
openssl-1.0.1g.tar.gz.asc
openssl-buffreelistbug-aka-CVE-2010-5298.patch
New:
----
openssl-1.0.1e-add-suse-default-cipher-header.patch
openssl-1.0.1e-add-suse-default-cipher.patch
openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
openssl-1.0.1h.tar.gz
openssl-1.0.1h.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl.spec ++++++
--- /var/tmp/diff_new_pack.Ma4WJG/_old 2014-06-18 07:47:45.000000000 +0200
+++ /var/tmp/diff_new_pack.Ma4WJG/_new 2014-06-18 07:47:45.000000000 +0200
@@ -29,7 +29,7 @@
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
-Version: 1.0.1g
+Version: 1.0.1h
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@@ -65,21 +65,14 @@
Patch17: openssl-1.0.1e-fips-ctor.patch
Patch18: openssl-1.0.1e-new-fips-reqs.patch
Patch19: openssl-gcc-attributes.patch
-Patch20: openssl-buffreelistbug-aka-CVE-2010-5298.patch
Patch21: openssl-libssl-noweakciphers.patch
-Patch22: CVE-2014-0198.patch
-Patch23: 0009-Fix-double-frees.patch
-Patch24: 0012-Fix-eckey_priv_encode.patch
-Patch25: 0017-Double-free-in-i2o_ECPublicKey.patch
Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
-Patch27: 0018-fix-coverity-issues-966593-966596.patch
-Patch28: 0020-Initialize-num-properly.patch
-Patch29: 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
-Patch30: 0023-evp-prevent-underflow-in-base64-decoding.patch
-Patch31: 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
-Patch32: 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch
Patch33: openssl-no-egd.patch
Patch34: openssl-fips-hidden.patch
+Patch35: openssl-1.0.1e-add-suse-default-cipher.patch
+Patch36: openssl-1.0.1e-add-suse-default-cipher-header.patch
+Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -186,21 +179,13 @@
%patch17 -p1
%patch18 -p1
%patch19 -p1
-%patch20 -p1
%patch21 -p1
-%patch22 -p1
-%patch23 -p1
-%patch24 -p1
-%patch25 -p1
%patch26 -p1
-%patch27 -p1
-%patch28 -p1
-%patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
%patch33 -p1
%patch34 -p1
+%patch35 -p1
+%patch36 -p1
+%patch37 -p1
cp -p %{S:10} .
cp -p %{S:11} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
++++++ 0001-libcrypto-Hide-library-private-symbols.patch ++++++
++++ 711 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/openssl/0001-libcrypto-Hide-library-private-symbols.patch
++++ and /work/SRC/openSUSE:Factory/.openssl.new/0001-libcrypto-Hide-library-private-symbols.patch
++++++ openssl-1.0.1c-ipv6-apps.patch ++++++
--- /var/tmp/diff_new_pack.Ma4WJG/_old 2014-06-18 07:47:45.000000000 +0200
+++ /var/tmp/diff_new_pack.Ma4WJG/_new 2014-06-18 07:47:45.000000000 +0200
@@ -1,7 +1,7 @@
-Index: openssl-1.0.1g/apps/s_apps.h
+Index: openssl-1.0.1h/apps/s_apps.h
===================================================================
---- openssl-1.0.1g.orig/apps/s_apps.h
-+++ openssl-1.0.1g/apps/s_apps.h
+--- openssl-1.0.1h.orig/apps/s_apps.h
++++ openssl-1.0.1h/apps/s_apps.h
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
@@ -24,10 +24,10 @@
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
-Index: openssl-1.0.1g/apps/s_client.c
+Index: openssl-1.0.1h/apps/s_client.c
===================================================================
---- openssl-1.0.1g.orig/apps/s_client.c
-+++ openssl-1.0.1g/apps/s_client.c
+--- openssl-1.0.1h.orig/apps/s_client.c
++++ openssl-1.0.1h/apps/s_client.c
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
@@ -62,10 +62,10 @@
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
-Index: openssl-1.0.1g/apps/s_server.c
+Index: openssl-1.0.1h/apps/s_server.c
===================================================================
---- openssl-1.0.1g.orig/apps/s_server.c
-+++ openssl-1.0.1g/apps/s_server.c
+--- openssl-1.0.1h.orig/apps/s_server.c
++++ openssl-1.0.1h/apps/s_server.c
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
@@ -97,10 +97,10 @@
print_stats(bio_s_out,ctx);
ret=0;
end:
-Index: openssl-1.0.1g/apps/s_socket.c
+Index: openssl-1.0.1h/apps/s_socket.c
===================================================================
---- openssl-1.0.1g.orig/apps/s_socket.c
-+++ openssl-1.0.1g/apps/s_socket.c
+--- openssl-1.0.1h.orig/apps/s_socket.c
++++ openssl-1.0.1h/apps/s_socket.c
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
@@ -182,7 +182,7 @@
{
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-- if (i < 0) { perror("keepalive"); return(0); }
+- if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
+ int i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
+ (char *)&i,sizeof(i));
@@ -359,7 +359,7 @@
int len;
/* struct linger ling; */
-@@ -431,135 +473,58 @@ redoit:
+@@ -431,138 +473,59 @@ redoit:
*/
if (host == NULL) goto end;
@@ -388,6 +388,7 @@
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
{
perror("OPENSSL_malloc");
+ closesocket(ret);
return(0);
}
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
@@ -396,11 +397,13 @@
- if (h2 == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
+- closesocket(ret);
- return(0);
- }
- if (h2->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+- closesocket(ret);
- return(0);
- }
+ strcpy(*host, buffer);
++++++ openssl-1.0.1e-add-suse-default-cipher-header.patch ++++++
Index: openssl-1.0.1g/ssl/ssl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl.h
+++ openssl-1.0.1g/ssl/ssl.h
@@ -332,9 +332,11 @@ extern "C" {
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
+
#define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
+
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
* throwing out anonymous and unencrypted ciphersuites!
++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++
Index: openssl-1.0.1g/ssl/ssl_ciph.c
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl_ciph.c
+++ openssl-1.0.1g/ssl/ssl_ciph.c
@@ -1470,7 +1470,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
ok = 1;
rule_p = rule_str;
- if (strncmp(rule_str,"DEFAULT",7) == 0)
+
+ if (strncmp(rule_str,"DEFAULT_SUSE",12) == 0)
+ {
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
+ &head, &tail, ca_list);
+ rule_p += 12;
+ if (*rule_p == ':')
+ rule_p++;
+ }
+
+ else if (strncmp(rule_str,"DEFAULT",7) == 0)
{
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
&head, &tail, ca_list);
Index: openssl-1.0.1g/ssl/ssl.h
===================================================================
--- openssl-1.0.1g.orig/ssl/ssl.h
+++ openssl-1.0.1g/ssl/ssl.h
@@ -331,7 +331,10 @@ extern "C" {
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!LOW"
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
+#define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
+ "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
* throwing out anonymous and unencrypted ciphersuites!
++++++ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ++++++
Index: openssl-1.0.1f/test/testssl
===================================================================
--- openssl-1.0.1f.orig/test/testssl
+++ openssl-1.0.1f/test/testssl
@@ -136,6 +136,25 @@ for protocol in TLSv1.2 SSLv3; do
done
done
+echo "Testing default ciphersuites"
+
+for cipher_suite in DEFAULT_SUSE DEFAULT; do
+ ../util/shlib_wrap.sh ../apps/openssl ciphers $cipher_suite
+ if [ $? -ne 0 ]; then
+ echo "Failed default ciphersuite $cipher_suite"
+ exit 1
+ fi
+done
+
+echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite"
+../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES-[^CBC3]"
+
+if [ $? -ne 1 ];then
+ echo "weak ciphers are present on DEFAULT_SUSE cipher suite"
+ exit 1
+fi
+
+
#############################################################################
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
++++++ openssl-fix-pod-syntax.diff ++++++
--- /var/tmp/diff_new_pack.Ma4WJG/_old 2014-06-18 07:47:45.000000000 +0200
+++ /var/tmp/diff_new_pack.Ma4WJG/_new 2014-06-18 07:47:45.000000000 +0200
@@ -59,88 +59,10 @@
doc/ssl/SSL_write.pod | 2 +-
23 files changed, 59 insertions(+), 55 deletions(-)
-Index: openssl-1.0.1g/doc/apps/cms.pod
+Index: openssl-1.0.1h/doc/apps/ts.pod
===================================================================
---- openssl-1.0.1g.orig/doc/apps/cms.pod
-+++ openssl-1.0.1g/doc/apps/cms.pod
-@@ -450,28 +450,28 @@ remains DER.
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- the operation was completely successfully.
-
--=item 1
-+=item Z<>1
-
- an error occurred parsing the command options.
-
--=item 2
-+=item Z<>2
-
- one of the input files could not be read.
-
--=item 3
-+=item Z<>3
-
- an error occurred creating the CMS file or when reading the MIME
- message.
-
--=item 4
-+=item Z<>4
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item Z<>5
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1g/doc/apps/smime.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/apps/smime.pod
-+++ openssl-1.0.1g/doc/apps/smime.pod
-@@ -308,28 +308,28 @@ remains DER.
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- the operation was completely successfully.
-
--=item 1
-+=item Z<>1
-
- an error occurred parsing the command options.
-
--=item 2
-+=item Z<>2
-
- one of the input files could not be read.
-
--=item 3
-+=item Z<>3
-
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
-
--=item 4
-+=item Z<>4
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item Z<>5
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1g/doc/apps/ts.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/apps/ts.pod
-+++ openssl-1.0.1g/doc/apps/ts.pod
+--- openssl-1.0.1h.orig/doc/apps/ts.pod
++++ openssl-1.0.1h/doc/apps/ts.pod
@@ -58,19 +58,19 @@ time. Here is a brief description of the
=over 4
@@ -164,10 +86,10 @@
The TSA client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
-Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
+Index: openssl-1.0.1h/doc/crypto/OPENSSL_ia32cap.pod
===================================================================
---- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod
-+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
+--- openssl-1.0.1h.orig/doc/crypto/OPENSSL_ia32cap.pod
++++ openssl-1.0.1h/doc/crypto/OPENSSL_ia32cap.pod
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
crypto library behaviour. For the moment of this writing six bits are
significant, namely:
@@ -186,10 +108,10 @@
For example, clearing bit #26 at run-time disables high-performance
SSE2 code present in the crypto library. You might have to do this if
target OpenSSL application is executed on SSE2 capable CPU, but under
-Index: openssl-1.0.1g/doc/crypto/rand.pod
+Index: openssl-1.0.1h/doc/crypto/rand.pod
===================================================================
---- openssl-1.0.1g.orig/doc/crypto/rand.pod
-+++ openssl-1.0.1g/doc/crypto/rand.pod
+--- openssl-1.0.1h.orig/doc/crypto/rand.pod
++++ openssl-1.0.1h/doc/crypto/rand.pod
@@ -74,16 +74,16 @@ First up I will state the things I belie
=over 4
@@ -241,318 +163,3 @@
Given the random number output stream, it should not be possible to determine
the RNG state or the next random number.
-Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod
-+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
-@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation succeeded.
-
--=item 1
-+=item Z<>1
-
- The operation failed. Check the error queue to find out the reason.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
-@@ -52,13 +52,13 @@ The following values are returned by all
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
-@@ -100,13 +100,13 @@ The following return values can occur:
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
-@@ -66,13 +66,13 @@ values:
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
-
--=item 1
-+=item Z<>1
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
-@@ -64,13 +64,13 @@ return the following values:
-
- =over 4
-
--=item 0
-+=item Z<>0
-
- The length B
participants (1)
-
root@hilbert.suse.de