From 0ed7bc56823d507c7ad17ca651c882a9cafa3fe7 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 01 2017 02:43:46 +0000
Subject: import perl-Net-SSLeay-1.55-6.el7


---

diff --git a/SOURCES/Net-SSLeay-1.55-Added-support-for-tlsv1.1-tlsv1.2-via-Net-SSLeay-ssl.patch b/SOURCES/Net-SSLeay-1.55-Added-support-for-tlsv1.1-tlsv1.2-via-Net-SSLeay-ssl.patch
new file mode 100644
index 0000000..10f571e
--- /dev/null
+++ b/SOURCES/Net-SSLeay-1.55-Added-support-for-tlsv1.1-tlsv1.2-via-Net-SSLeay-ssl.patch
@@ -0,0 +1,64 @@
+From 6e4347e65ffaf89316907dff0d56d25a8cfbc514 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Thu, 6 Oct 2016 11:10:28 +0200
+Subject: [PATCH] Added support for tlsv1.1 tlsv1.2 via
+ $Net::SSLeay::ssl_version
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 1.55:
+
+commit 617881711e375fa3677204ff8ce0647cce563b43
+Author: mikem-guest <mikem-guest@008bcf62-b706-0410-a62e-d321f1c85ab9>
+Date:   Mon May 5 21:37:08 2014 +0000
+
+         Added support for tlsv1.1 tlsv1.2 via $Net::SSLeay::ssl_version. Patch
+         from Andreas Mohr.
+         Improve examples in 'Using other perl modules based on
+         Net::SSLeay'. Patched by Andreas Mohr.
+
+    git-svn-id: svn://svn.debian.org/svn/net-ssleay@402 008bcf62-b706-0410-a62e-d321f1c85ab9
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ lib/Net/SSLeay.pm | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
+index 6441434..054619d 100644
+--- a/lib/Net/SSLeay.pm
++++ b/lib/Net/SSLeay.pm
+@@ -30,6 +30,8 @@ $Net::SSLeay::trace = 0;  # Do not change here, use
+ # 2 = insist on v2 SSL protocol
+ # 3 = insist on v3 SSL
+ # 10 = insist on TLSv1
++# 11 = insist on TLSv1.1
++# 12 = insist on TLSv1.2
+ # 0 or undef = guess (v23)
+ #
+ $Net::SSLeay::ssl_version = 0;  # don't change here, use
+@@ -910,6 +912,20 @@ sub new_x_ctx {
+     }
+     elsif ($ssl_version == 3)  { $ctx = CTX_v3_new(); }
+     elsif ($ssl_version == 10) { $ctx = CTX_tlsv1_new(); }
++    elsif ($ssl_version == 11) {
++	unless (exists &Net::SSLeay::CTX_tlsv1_1_new) {
++	    warn "ssl_version has been set to 11, but this version of OpenSSL has been compiled without TLSv1.1 support";
++	    return undef;
++	}
++        $ctx = CTX_tlsv1_1_new;
++    }
++    elsif ($ssl_version == 12) {
++	unless (exists &Net::SSLeay::CTX_tlsv1_2_new) {
++	    warn "ssl_version has been set to 12, but this version of OpenSSL has been compiled without TLSv1.2 support";
++	    return undef;
++	}
++        $ctx = CTX_tlsv1_2_new;
++    }
+     else                       { $ctx = CTX_new(); }
+     return $ctx;
+ }
+-- 
+2.7.4
+
diff --git a/SOURCES/Net-SSLeay-1.55-Deleted-support-for-SSL_get_tlsa_record_byname.patch b/SOURCES/Net-SSLeay-1.55-Deleted-support-for-SSL_get_tlsa_record_byname.patch
new file mode 100644
index 0000000..b63949a
--- /dev/null
+++ b/SOURCES/Net-SSLeay-1.55-Deleted-support-for-SSL_get_tlsa_record_byname.patch
@@ -0,0 +1,18 @@
+diff -up Net-SSLeay-1.55/SSLeay.xs.orig Net-SSLeay-1.55/SSLeay.xs
+--- Net-SSLeay-1.55/SSLeay.xs.orig	2017-02-15 12:32:41.981371128 +0100
++++ Net-SSLeay-1.55/SSLeay.xs	2017-02-15 12:32:41.985371110 +0100
+@@ -4992,14 +4992,5 @@ SSL_export_keying_material(ssl, outlen,
+ 
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_DANE)
+-
+-void
+-SSL_get_tlsa_record_byname(name, port, type);
+-        char * name
+-        int    port
+-        int    type
+-
+-#endif
+ 
+ #define REM_EOF "/* EOF - SSLeay.xs */"
diff --git a/SOURCES/Net-SSLeay-1.55-Removed-test-failing-against-1.0.1h.patch b/SOURCES/Net-SSLeay-1.55-Removed-test-failing-against-1.0.1h.patch
new file mode 100644
index 0000000..4b38a7b
--- /dev/null
+++ b/SOURCES/Net-SSLeay-1.55-Removed-test-failing-against-1.0.1h.patch
@@ -0,0 +1,24 @@
+--- trunk/t/local/33_x509_create_cert.t	2012/04/05 21:37:24	338
++++ trunk/t/local/33_x509_create_cert.t	2014/06/07 06:03:48	414
+@@ -2,7 +2,7 @@
+ 
+ use strict;
+ use warnings;
+-use Test::More tests => 124;
++use Test::More tests => 123;
+ use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/;
+ use File::Spec;
+ use utf8;
+@@ -104,7 +104,11 @@
+   like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
+   
+   is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");  
+-  is(unpack("H*",Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), "044d7ea7fddced7b9b63799600b9989a63b36819", "X509_NAME_digest");
++
++  # 2014-06-06: Sigh, some versions of openssl have this patch, which afffects the results of this test:
++  # https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3009244da47b989c4cc59ba02cf81a4e9d8f8431
++  # with this patch, the result is "ce83889f1beab8e70aa142e07e94b0ebbd9d59e0"
++#  is(unpack("H*",Net::SSLeay::X509_NAME_digest($name, $sha1_digest)), "044d7ea7fddced7b9b63799600b9989a63b36819", "X509_NAME_digest");
+   
+   ok(my $ext_idx = Net::SSLeay::X509_get_ext_by_NID($x509, &Net::SSLeay::NID_ext_key_usage), "X509_get_ext_by_NID");
+   ok(my $ext = Net::SSLeay::X509_get_ext($x509, $ext_idx), "X509_get_ext");
diff --git a/SOURCES/Net-SSLeay-1.55-Removed-tests-failing-against-1.0.1n.patch b/SOURCES/Net-SSLeay-1.55-Removed-tests-failing-against-1.0.1n.patch
new file mode 100644
index 0000000..1575a47
--- /dev/null
+++ b/SOURCES/Net-SSLeay-1.55-Removed-tests-failing-against-1.0.1n.patch
@@ -0,0 +1,29 @@
+--- trunk/t/local/33_x509_create_cert.t	2014/06/07 06:03:48	414
++++ trunk/t/local/33_x509_create_cert.t	2015/06/25 23:03:34	448
+@@ -2,7 +2,7 @@
+ 
+ use strict;
+ use warnings;
+-use Test::More tests => 123;
++use Test::More tests => 121;
+ use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/;
+ use File::Spec;
+ use utf8;
+@@ -99,10 +99,13 @@
+   }
+   ok(my $alg1 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-CBC"), "EVP_get_cipherbyname");
+   like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
+-  
+-  ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
+-  like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
+-  
++
++# DES-EDE3-OFB has no ASN1 support, detected by changes to do_pk8pkey as of openssl 1.0.1n
++# https://git.openssl.org/?p=openssl.git;a=commit;h=4d9dc0c269be87b92da188df1fbd8bfee4700eb3
++# this test now fails
++#  ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
++#  like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
++
+   is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");  
+ 
+   # 2014-06-06: Sigh, some versions of openssl have this patch, which afffects the results of this test:
diff --git a/SPECS/perl-Net-SSLeay.spec b/SPECS/perl-Net-SSLeay.spec
index 2962e48..e574c44 100644
--- a/SPECS/perl-Net-SSLeay.spec
+++ b/SPECS/perl-Net-SSLeay.spec
@@ -1,6 +1,6 @@
 Name:		perl-Net-SSLeay
 Version:	1.55
-Release:	4%{?dist}
+Release:	6%{?dist}
 Summary:	Perl extension for using OpenSSL
 Group:		Development/Libraries
 License:	OpenSSL
@@ -8,6 +8,18 @@ URL:		http://search.cpan.org/dist/Net-SSLeay/
 Source0:	http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-%{version}.tar.gz
 # Add ECDHE support, in upstream 1.56, bug #1316379
 Patch0:         Net-SSLeay-1.55-Add-support-for-the-basic-operations-necessary-to-su.patch
+# Recognize Net::SSLeay::ssl_version values for TLSv1.1 and TLSv1.2,
+# bug #1335028, fixed in 1.59
+Patch1:         Net-SSLeay-1.55-Added-support-for-tlsv1.1-tlsv1.2-via-Net-SSLeay-ssl.patch
+# Deleted support for SSL_get_tlsa_record_byname, it is not included in
+# OpenSSL git master, bug# 1422435, fixed in 1.56
+Patch2:         Net-SSLeay-1.55-Deleted-support-for-SSL_get_tlsa_record_byname.patch
+# Removed a test which fails due to changes in openssl 1.0.1h and later,
+# fixed in 1.64
+Patch3:         Net-SSLeay-1.55-Removed-test-failing-against-1.0.1h.patch
+# Removed tests which fails due to changes in openssl 1.0.1n and later,
+# fixed in 1.70
+Patch4:         Net-SSLeay-1.55-Removed-tests-failing-against-1.0.1n.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildRequires:	openssl, openssl-devel
 # =========== Module Build ===========================
@@ -54,6 +66,10 @@ so you can write servers or clients for more complicated applications.
 %prep
 %setup -q -n Net-SSLeay-%{version}
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 # Fix permissions in examples to avoid bogus doc-file dependencies
 chmod -c 644 examples/*
@@ -95,6 +111,13 @@ rm -rf %{buildroot}
 %{_mandir}/man3/Net::SSLeay::Handle.3pm*
 
 %changelog
+* Wed Feb 15 2017 Jitka Plesnikova <jplesnik@redhat.com> - 1.55-6
+- Deleted support for SSL_get_tlsa_record_byname (bug #1422435)
+- Removed tests which fails due to changes openssl 1.0.1h and later
+
+* Thu Oct 06 2016 Petr Pisar <ppisar@redhat.com> - 1.55-5
+- Allow to specify 1.1 and 1.2 TLS protocol versions (bug #1335028)
+
 * Thu Mar 10 2016 Jitka Plesnikova <jplesnik@redhat.com> - 1.55-4
 - Add ECDHE support (bug #1316379)