path: root/src/openssl-1-fixes.patch

This file is part of MXE.
See index.html for further information.

From fa1d94198fa75abfdb2e3fdbe071d37677347375 Mon Sep 17 00:00:00 2001
From: Mark Brand <mabrand@mabrand.nl>
Date: Wed, 8 Jan 2014 02:19:10 +0100
Subject: [PATCH 1/2] winsock2

-This patch has been taken from:
-http://rt.openssl.org/Ticket/Display.html?id=2285&user=guest&pass=guest

diff --git a/e_os.h b/e_os.h
index 79c1392..efe345f 100644
--- a/e_os.h
+++ b/e_os.h
@@ -492,7 +492,7 @@ static unsigned int _strlen31(const char *str)
 #      endif
 #      if !defined(IPPROTO_IP)
          /* winsock[2].h was included already? */
-#        include <winsock.h>
+#        include <winsock2.h>
 #      endif
 #      ifdef getservbyname
 #        undef getservbyname
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index e65d501..7762089 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -68,7 +68,7 @@
 #endif
 #ifdef OPENSSL_SYS_WIN32
 /* Needed for struct timeval */
-#include <winsock.h>
+#include <winsock2.h>
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 4f80be8..af5f1be 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -193,7 +193,7 @@
 				  */
 
 #ifdef OPENSSL_SYS_WINDOWS
-#include <winsock.h>
+#include <winsock2.h>
 #else
 #include OPENSSL_UNISTD
 #endif
-- 
1.8.4


From ea68b7956d716fe09d7b47764e32127f5c1d0f10 Mon Sep 17 00:00:00 2001
From: Tom Molesworth <tom@entitymodel.com>
Date: Wed, 8 Jan 2014 02:20:21 +0100
Subject: [PATCH 2/2] Patch OpenSSL POD docs for perl-5.16+

Stricter validation in recent Perl versions means the install
stage fails without these applied.

Should be harmless for earlier versions of perl.

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index a09588a..a8301c7 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -450,28 +450,28 @@ remains DER.
 
 =over 4
 
-=item 0
+=item * 0
 
 the operation was completely successfully.
 
-=item 1 
+=item * 1 
 
 an error occurred parsing the command options.
 
-=item 2
+=item * 2
 
 one of the input files could not be read.
 
-=item 3
+=item * 3
 
 an error occurred creating the CMS file or when reading the MIME
 message.
 
-=item 4
+=item * 4
 
 an error occurred decrypting or verifying the message.
 
-=item 5
+=item * 5
 
 the message was verified correctly but an error occurred writing out
 the signers certificates.
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index e4e89af..617343f 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -308,28 +308,28 @@ remains DER.
 
 =over 4
 
-=item 0
+=item * 0
 
 the operation was completely successfully.
 
-=item 1 
+=item * 1 
 
 an error occurred parsing the command options.
 
-=item 2
+=item * 2
 
 one of the input files could not be read.
 
-=item 3
+=item * 3
 
 an error occurred creating the PKCS#7 file or when reading the MIME
 message.
 
-=item 4
+=item * 4
 
 an error occurred decrypting or verifying the message.
 
-=item 5
+=item * 5
 
 the message was verified correctly but an error occurred writing out
 the signers certificates.
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index 1c068c8..801ef88 100644
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -74,17 +74,14 @@ First up I will state the things I believe I need for a good RNG.
 
 =over 4
 
-=item 1
-
+=item * 1
 A good hashing algorithm to mix things up and to convert the RNG 'state'
 to random numbers.
 
-=item 2
-
+=item * 2
 An initial source of random 'state'.
 
-=item 3
-
+=item * 3
 The state should be very large.  If the RNG is being used to generate
 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
 If your RNG state only has 128 bits, you are obviously limiting the
@@ -93,14 +90,12 @@ carried away on this last point but it does indicate that it may not be
 a bad idea to keep quite a lot of RNG state.  It should be easier to
 break a cipher than guess the RNG seed data.
 
-=item 4
-
+=item * 4
 Any RNG seed data should influence all subsequent random numbers
 generated.  This implies that any random seed data entered will have
 an influence on all subsequent random numbers generated.
 
-=item 5
-
+=item * 5
 When using data to seed the RNG state, the data used should not be
 extractable from the RNG state.  I believe this should be a
 requirement because one possible source of 'secret' semi random
@@ -108,13 +103,11 @@ data would be a private key or a password.  This data must
 not be disclosed by either subsequent random numbers or a
 'core' dump left by a program crash.
 
-=item 6
-
+=item * 6
 Given the same initial 'state', 2 systems should deviate in their RNG state
 (and hence the random numbers generated) over time if at all possible.
 
-=item 7
-
+=item * 7
 Given the random number output stream, it should not be possible to determine
 the RNG state or the next random number.
 
diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
index 42fa66b..d531299 100644
--- a/doc/ssl/SSL_COMP_add_compression_method.pod
+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
 
 =over 4
 
-=item 0
+=item * 0
 
 The operation succeeded.
 
-=item 1
+=item * 1
 
 The operation failed. Check the error queue to find out the reason.
 
diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
index 82676b2..ca89dcc 100644
--- a/doc/ssl/SSL_CTX_add_session.pod
+++ b/doc/ssl/SSL_CTX_add_session.pod
@@ -52,15 +52,15 @@ The following values are returned by all functions:
 
 =over 4
 
-=item 0
+=item * 0
 
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
+The operation failed. In case of the add operation, it was tried to add
+the same (identical) session twice. In case of the remove operation, the
+session was not found in the cache.
 
-=item 1
+=item * 1
  
- The operation succeeded.
+The operation succeeded.
 
 =back
 
diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
index 84a799f..66031d4 100644
--- a/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item * 0
 
 The operation failed because B<CAfile> and B<CApath> are NULL or the
 processing at one of the locations specified failed. Check the error
 stack to find out the reason.
 
-=item 1
+=item * 1
 
 The operation succeeded.
 
diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
index 5e66133..2874fb8 100644
--- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
 
 =over 4
 
-=item 0
+=item * 0
 
 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
 the X509_NAME could not be extracted from B<cacert>. Check the error stack
 to find out the reason.
 
-=item 1
+=item * 1
 
 The operation succeeded.
 
diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
index 58fc685..b3306aa 100644
--- a/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,14 +64,12 @@ return the following values:
 
 =over 4
 
-=item 0
-
+=item * 0
 The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
 the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
 is logged to the error stack.
 
-=item 1
-
+=item * 1
 The operation succeeded.
 
 =back
diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
index 254f2b4..21df5a2 100644
--- a/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,12 +42,10 @@ and SSL_set_ssl_method():
 
 =over 4
 
-=item 0
-
+=item * 0
 The new choice failed, check the error stack to find out the reason.
 
-=item 1
-
+=item * 1
 The operation succeeded.
 
 =back
diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
index 7e60df5..77e2139 100644
--- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -83,7 +83,7 @@ Return values from the server callback are interpreted as follows:
 
 =over 4
 
-=item > 0
+=item * > 0
 
 PSK identity was found and the server callback has provided the PSK
 successfully in parameter B<psk>. Return value is the length of
@@ -96,7 +96,7 @@ data to B<psk> and return the length of the random data, so the
 connection will fail with decryption_error before it will be finished
 completely.
 
-=item 0
+=item * 0
 
 PSK identity was not found. An "unknown_psk_identity" alert message
 will be sent and the connection setup fails.
diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
index b1c34d1..b8a2c17 100644
--- a/doc/ssl/SSL_accept.pod
+++ b/doc/ssl/SSL_accept.pod
@@ -44,18 +44,18 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item * 0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item 1
+=item * 1
 
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
 
-=item E<lt>0
+=item * E<lt>0
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
index d4df1bf..c6416cf 100644
--- a/doc/ssl/SSL_clear.pod
+++ b/doc/ssl/SSL_clear.pod
@@ -56,13 +56,11 @@ The following return values can occur:
 
 =over 4
 
-=item 0
-
+=item * 0
 The SSL_clear() operation could not be performed. Check the error stack to
 find out the reason.
 
-=item 1
-
+=item * 1
 The SSL_clear() operation was successful.
 
 =back
diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
index 946ca89..792821e 100644
--- a/doc/ssl/SSL_connect.pod
+++ b/doc/ssl/SSL_connect.pod
@@ -41,18 +41,18 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item * 0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item 1
+=item * 1
 
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
 
-=item E<lt>0
+=item * E<lt>0
 
 The TLS/SSL handshake was not successful, because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
index 7f8cf24..c46d18d 100644
--- a/doc/ssl/SSL_do_handshake.pod
+++ b/doc/ssl/SSL_do_handshake.pod
@@ -45,18 +45,18 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item * 0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item 1
+=item * 1
 
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
 
-=item E<lt>0
+=item * E<lt>0
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
index 165c6a5..073e99c 100644
--- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
+++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
@@ -36,11 +36,11 @@ before the SSL index is created.
 
 =over 4
 
-=item E<gt>=0
+=item * E<gt>=0
 
 The index value to access the pointer.
 
-=item E<lt>0
+=item * E<lt>0
 
 An error occurred, check the error stack for a detailed error message.
 
diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod
index 89260b5..1207658 100644
--- a/doc/ssl/SSL_get_fd.pod
+++ b/doc/ssl/SSL_get_fd.pod
@@ -26,12 +26,12 @@ The following return values can occur:
 
 =over 4
 
-=item -1
+=item * -1
 
 The operation failed, because the underlying BIO is not of the correct type
 (suitable for file descriptors).
 
-=item E<gt>=0
+=item * E<gt>=0
 
 The file descriptor linked to B<ssl>.
 
diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
index 7038cd2..de52b49 100644
--- a/doc/ssl/SSL_read.pod
+++ b/doc/ssl/SSL_read.pod
@@ -81,13 +81,12 @@ The following return values can occur:
 
 =over 4
 
-=item E<gt>0
+=item * E<gt>0
 
 The read operation was successful; the return value is the number of
 bytes actually read from the TLS/SSL connection.
 
-=item 0
-
+=item * 0
 The read operation was not successful. The reason may either be a clean
 shutdown due to a "close notify" alert sent by the peer (in which case
 the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
@@ -103,7 +102,7 @@ only be detected, whether the underlying connection was closed. It cannot
 be checked, whether the closure was initiated by the peer or by something
 else.
 
-=item E<lt>0
+=item * E<lt>0
 
 The read operation was not successful, because either an error occurred
 or action must be taken by the calling process. Call SSL_get_error() with the
diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
index da7d062..e55c958 100644
--- a/doc/ssl/SSL_session_reused.pod
+++ b/doc/ssl/SSL_session_reused.pod
@@ -27,12 +27,10 @@ The following return values can occur:
 
 =over 4
 
-=item 0
-
+=item * 0
 A new session was negotiated.
 
-=item 1
-
+=item * 1
 A session was reused.
 
 =back
diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
index 7029112..42bfa1a 100644
--- a/doc/ssl/SSL_set_fd.pod
+++ b/doc/ssl/SSL_set_fd.pod
@@ -35,12 +35,10 @@ The following return values can occur:
 
 =over 4
 
-=item 0
-
+=item * 0
 The operation failed. Check the error stack to find out why.
 
-=item 1
-
+=item * 1
 The operation succeeded.
 
 =back
diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
index 5f54714..1aeee12 100644
--- a/doc/ssl/SSL_set_session.pod
+++ b/doc/ssl/SSL_set_session.pod
@@ -37,12 +37,10 @@ The following return values can occur:
 
 =over 4
 
-=item 0
-
+=item * 0
 The operation failed; check the error stack to find out the reason.
 
-=item 1
-
+=item * 1
 The operation succeeded.
 
 =back
diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
index 011a022..6f3e03e 100644
--- a/doc/ssl/SSL_set_shutdown.pod
+++ b/doc/ssl/SSL_set_shutdown.pod
@@ -24,16 +24,16 @@ The shutdown state of an ssl connection is a bitmask of:
 
 =over 4
 
-=item 0
+=item * 0
 
 No shutdown setting, yet.
 
-=item SSL_SENT_SHUTDOWN
+=item * SSL_SENT_SHUTDOWN
 
 A "close notify" shutdown alert was sent to the peer, the connection is being
 considered closed and the session is closed and correct.
 
-=item SSL_RECEIVED_SHUTDOWN
+=item * SSL_RECEIVED_SHUTDOWN
 
 A shutdown alert was received form the peer, either a normal "close notify"
 or a fatal error.
diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
index 42a89b7..2853e65 100644
--- a/doc/ssl/SSL_shutdown.pod
+++ b/doc/ssl/SSL_shutdown.pod
@@ -92,19 +92,19 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item * 0
 
 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
 if a bidirectional shutdown shall be performed.
 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
 
-=item 1
+=item * 1
 
 The shutdown was successfully completed. The "close notify" alert was sent
 and the peer's "close notify" alert was received.
 
-=item -1
+=item * -1
 
 The shutdown was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. It can also occur if
diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
index e013c12..b2934b8 100644
--- a/doc/ssl/SSL_write.pod
+++ b/doc/ssl/SSL_write.pod
@@ -74,13 +74,12 @@ The following return values can occur:
 
 =over 4
 
-=item E<gt>0
+=item * E<gt>0
 
 The write operation was successful, the return value is the number of
 bytes actually written to the TLS/SSL connection.
 
-=item 0
-
+=item * 0
 The write operation was not successful. Probably the underlying connection
 was closed. Call SSL_get_error() with the return value B<ret> to find out,
 whether an error occurred or the connection was shut down cleanly
@@ -90,7 +89,7 @@ SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
 only be detected, whether the underlying connection was closed. It cannot
 be checked, why the closure happened.
 
-=item E<lt>0
+=item * E<lt>0
 
 The write operation was not successful, because either an error occurred
 or action must be taken by the calling process. Call SSL_get_error() with the
-- 
1.8.4