From 91fad0b6c330c35129b069fab8bdf5c4ba479ddf Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Mon, 15 Jul 2019 23:54:24 -0400
Subject: add openssl-freefilesync

---
 .../openssl-1.1.1-no-brainpool.patch               | 116 +++++++++++++++++++++
 1 file changed, 116 insertions(+)
 create mode 100644 openssl-freefilesync/openssl-1.1.1-no-brainpool.patch

(limited to 'openssl-freefilesync/openssl-1.1.1-no-brainpool.patch')

diff --git a/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch b/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch
new file mode 100644
index 0000000..2ab6fc9
--- /dev/null
+++ b/openssl-freefilesync/openssl-1.1.1-no-brainpool.patch
@@ -0,0 +1,116 @@
+diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in
+--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool	2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in	2019-05-07 11:52:35.885597934 +0200
+@@ -141,22 +141,23 @@ our @tests = (
+     {
+         name => "ECDSA with brainpool",
+         server =>  {
+-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+-            "Groups" => "brainpoolP256r1",
++#            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
++#            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
++#            "Groups" => "brainpoolP256r1",
++            "CipherString" => "aNULL",
+         },
+         client => {
+             #We don't restrict this to TLSv1.2, although use of brainpool
+             #should force this anyway so that this should succeed
+             "CipherString" => "aECDSA",
+             "RequestCAFile" => test_pem("root-cert.pem"),
+-            "Groups" => "brainpoolP256r1",
++#            "Groups" => "brainpoolP256r1",
+         },
+         test   => {
+-            "ExpectedServerCertType" =>, "brainpoolP256r1",
+-            "ExpectedServerSignType" =>, "EC",
++#            "ExpectedServerCertType" =>, "brainpoolP256r1",
++#            "ExpectedServerSignType" =>, "EC",
+             # Note: certificate_authorities not sent for TLS < 1.3
+-            "ExpectedServerCANames" =>, "empty",
++#            "ExpectedServerCANames" =>, "empty",
+             "ExpectedResult" => "Success"
+         },
+     },
+@@ -787,18 +788,19 @@ my @tests_tls_1_3 = (
+     {
+         name => "TLS 1.3 ECDSA with brainpool",
+         server =>  {
+-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+-            "Groups" => "brainpoolP256r1",
++#            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
++#            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
++#            "Groups" => "brainpoolP256r1",
++             "CipherString" => "aNULL",
+         },
+         client => {
+             "RequestCAFile" => test_pem("root-cert.pem"),
+-            "Groups" => "brainpoolP256r1",
++#            "Groups" => "brainpoolP256r1",
+             "MinProtocol" => "TLSv1.3",
+             "MaxProtocol" => "TLSv1.3"
+         },
+         test   => {
+-            "ExpectedResult" => "ServerFail"
++            "ExpectedResult" => "Success"
+         },
+     },
+ );
+diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf
+--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool	2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf	2019-05-07 12:15:12.762907496 +0200
+@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server
+ client = 5-ECDSA with brainpool-client
+ 
+ [5-ECDSA with brainpool-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+-CipherString = DEFAULT
+-Groups = brainpoolP256r1
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = aNULL
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+ 
+ [5-ECDSA with brainpool-client]
+ CipherString = aECDSA
+-Groups = brainpoolP256r1
+ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ VerifyMode = Peer
+ 
+ [test-5]
+ ExpectedResult = Success
+-ExpectedServerCANames = empty
+-ExpectedServerCertType = brainpoolP256r1
+-ExpectedServerSignType = EC
+ 
+ 
+ # ===========================================================
+@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool
+ client = 47-TLS 1.3 ECDSA with brainpool-client
+ 
+ [47-TLS 1.3 ECDSA with brainpool-server]
+-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+-CipherString = DEFAULT
+-Groups = brainpoolP256r1
+-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
++CipherString = aNULL
++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+ 
+ [47-TLS 1.3 ECDSA with brainpool-client]
+ CipherString = DEFAULT
+-Groups = brainpoolP256r1
+ MaxProtocol = TLSv1.3
+ MinProtocol = TLSv1.3
+ RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
+ VerifyMode = Peer
+ 
+ [test-47]
+-ExpectedResult = ServerFail
++ExpectedResult = Success
+ 
+ 
+ # ===========================================================
-- 
cgit