working on it ...

Filters

Explore Public Snippets

Sort by

Found 862 snippets matching: openssl

    public by cghersi  2694  0  5  0

    Transform a JKS keystore in a PEM certificate

    This set of commands transform the certificate from a JKS to a PEM format. It requires JDK keytool and openssl.
    keytool -keystore client.ts -exportcert -alias mobile | openssl x509 -inform der -text
    
    #psw of keystore: changeit
    
    keytool -importkeystore -srckeystore client.ts -destkeystore client.p12 -srcstoretype jks -deststoretype pkcs12
    
    #psw of destination keystore: changeit
    
    openssl pkcs12 -in client.p12 -out client.pem
    
    #import psw: changeit

    public by Aysad Kozanoglu  834  0  3  0

    ./configure NGINX source comple with openssl

    ./configure NGINX source comple with openssl: configure
    #!/bin/bash
    ./configure --sbin-path=/usr/local/sbin --with-http_ssl_module --user=www-data --group=www-data --with-openssl=../openssl-0.9.8zf/ --without-http_gzip_module
    make 
    make install
    
    

    public by siroken3  690  0  3  0

    opensslによる証明書の有効期限確認方法

    opensslによる証明書の有効期限確認方法: gistfile1.txt
    openssl x509 -noout -text -in (crtファイル)
    
    

    external by therealmarv  167597  6  4  0

    Check OpenSSL version from Python

    Check OpenSSL version from Python: checkopenssl.md
    Open python
    
        python
    
    and type
    
        >>> import ssl
        >>> ssl.OPENSSL_VERSION
        'OpenSSL 1.0.1g 7 Apr 2014'
    
    And be sure it says at least OpenSSL 1.0.1g so that you are not affected by the OpenSSL [Heartbleed bug](http://heartbleed.com/)
    
    
    

    external by tam7t  481  0  3  0

    Securing Ruby's OpenSSL

    Securing Ruby's OpenSSL: gistfile1.md
    # Are your Ruby HTTPS API calls secure?
    
    ## Let's check:
    
    ```ruby
    2.0.0-p481 :001 > OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
     => {:ssl_version=>"SSLv23", :verify_mode=>1, :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", :options=>-2147482625}
    2.0.0-p481 :002 > rating = JSON.parse(RestClient::Resource.new("https://www.howsmyssl.com/a/check" ).get)['rating']
     => "Bad"
    ```
    
    ## Fix it!
    
    ```ruby
    2.0.0-p481 :003 > OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_COMPRESSION
     => 131072
    2.0.0-p481 :004 > OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers] = "TLSv1.2:!aNULL:!eNULL"
     => "TLSv1.2:!aNULL:!eNULL"
    2.0.0-p481 :005 > OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version] ="TLSv1_2"
     => "TLSv1_2"
    2.0.0-p481 :006 > rating = JSON.parse(RestClient::Resource.new("https://www.howsmyssl.com/a/check" ).get)['rating']
     => "Probably Okay"
    ```
    
    ## Explanation
    
    `OpenSSL::SSL::OP_NO_COMPRESSION` protects against [CRIME](https://www.howsmyssl.com/s/about.html#tls-compression).
    
    `TLSv1.2:!aNULL:!eNULL` defines the set of [cipher suites](https://www.openssl.org/docs/apps/ciphers.html) that your client will use during negotiation. This ensures that [insecure cipher suites](https://www.howsmyssl.com/s/about.html#insecure-cipher-suites) are not included.
    
    `TLSv1_2` does nothing as this is just a preference. The set of ciphers we chose will only work with TLSv1.2 and so this setting does not matter, but it is nice to be explicit.  TLSv1.2 and its ciphers will protect against [POODLE](https://poodle.io), [BEAST](https://www.howsmyssl.com/s/about.html#beast-vulnerability).
    
    ## But does my OpenSSL have vulnerabilities?
    
    Let's find out what version we're on:
    
    ```
    2.0.0-p481 :007 > OpenSSL::OPENSSL_VERSION
     => "OpenSSL 1.0.1g 7 Apr 2014"
    ```
    
    Then check the [openssl vulnerabilities page](https://www.openssl.org/news/vulnerabilities.html) or search the [NIST CVE database](http://web.nvd.nist.gov/view/vuln/search-advanced) for your version of OpenSSL.
    
    **Protip:**  CPE format: `cpe:/:openssl:openssl:1.0.1g`
    
    That's not good. I installed ruby with RVM and openssl with homebrew so I need to update both:
    
    ```
    ~ $ brew update
    ~ $ brew upgrade openssl
    ~ $ brew link openssl --force
    ~ $ rvm reinstall all --with-openssl-dir=/usr/local/opt/openssl/lib
    ```
    
    I had problems with `--autolibs=homebrew` not linking to my homebrew openssl, but the `--with-openssl-dir` option fixed that. 
    
    ## Notes
    
    Forcing TLSv1.2 may break your app. To see the list of supported ciphers you can use a webservice like...
    ```
    JSON.parse(Faraday.get("https://www.howsmyssl.com/a/check").body)['given_cipher_suites']
    ```
    or `OpenSSL::Cipher.ciphers`. I've found the web service to be more informative.
    
    Hope that helps. I'd be very interested if there are better ways to do this or information I'm missing. Hit me up on twitter [@tam7t](https://twitter.com/tam7t) or leave a comment below.
    
    

    external by viktorium  252  0  3  0

    Ruby OpenSSL RSA sign patch

    Ruby OpenSSL RSA sign patch: ruby-openssl-fix.diff
    diff --git ext/openssl/ossl_pkey.c ext/openssl/ossl_pkey.c
    index f785e66..2384676 100644
    --- ext/openssl/ossl_pkey.c
    +++ ext/openssl/ossl_pkey.c
    @@ -237,6 +237,7 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
         EVP_MD_CTX ctx;
         unsigned int buf_len;
         VALUE str;
    +    int result;
     
         if (rb_funcall(self, id_private_q, 0, NULL) != Qtrue) {
            ossl_raise(rb_eArgError, "Private key is needed.");
    @@ -246,7 +247,9 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
         StringValue(data);
         EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
         str = rb_str_new(0, EVP_PKEY_size(pkey)+16);
    -    if (!EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey))
    +    result = EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey);
    +    EVP_MD_CTX_cleanup(&ctx);
    +    if (!result)
            ossl_raise(ePKeyError, NULL);
         assert((long)buf_len <= RSTRING_LEN(str));
         rb_str_set_len(str, buf_len);
    
    
    

    external by Hayato  23  0  1  0

    Criptografia com OpenSSL [Encryption with OpenSSL]

    Criptografia com OpenSSL [Encryption with OpenSSL]: crypt.openssl.php
    <?php
    class code {
    	function crypt($data, $function)
    	{
    		$key = 'Text1';
    		$iv = 'Text2';
    		$method = 'AES-256-CBC';
    		if($function == TRUE){
    			$crypt = bin2hex($data);
    			$crypt = openssl_encrypt($crypt, $method, $key, FALSE, $iv);
    		}else{
    			$crypt = openssl_decrypt($data, $method, $key, FALSE, $iv);
    			$crypt = hex2bin($crypt);
    		}
    	}
    }
    $code = new code();
    
    $data = 'Text Example';
    
    // Output
    echo 'Encrypted: ';
    echo $data = $code->crypt($data, TRUE);
    echo '<br><br>';
    echo 'Decrypted: '.$code->crypt($data, FALSE);
    
    

    external by janikvonrotz  11  0  1  0

    Generate CSR (Certificate Signing Request) with OpenSSL #OpenSSL #Markdown

    Generate CSR (Certificate Signing Request) with OpenSSL #OpenSSL #Markdown: Generate CSR (Certificate Signing Request) with OpenSSL.md
    Define the following attributes, you have to set them in the wizard when generating the CSR.
    
    * Common Name (the domain name certificate should be issued for)
    * Country
    * State (or province)
    * Locality (or city)
    * Organization
    * Organizational Unit (Department)
    * E-mail address
    
    To generate a CSR run the command below in terminal:
    
        openssl req -new -newkey rsa:2048 -nodes -keyout <domain>.key -out <domain>.csr
        
    The command starts the process of CSR and Private Key generation. The Private Key will be required for certificate installation.
    
    Make sure the store the challenge password and set the commom name according your domain name.
    
    Finally send the `<domain>.csr` to your hosting provider. They will respond with your new ssl certificate.
    
    

    external by Hiroyuki YAMAMORI  552  0  3  0

    Support CA alternate chains for ubuntu trusty openssl package - merged from openssl-1.0.1p

    Support CA alternate chains for ubuntu trusty openssl package - merged from openssl-1.0.1p: ca-alt-chains.patch
    #  See  https://github.com/openssl/openssl  commit log.
    Commits on Jul 8, 2015
    	Fix alternate chains certificate forgery issue (CVE-2015-1793)
    	Fix alt chains bug
    	Reject calls to X509_verify_cert that have not been reinitialised
    Commits on May 21, 2015
    	Add -no_alt_chains option ... 3 commits
    	In certain situations the server provided certificate chain may no ...
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/apps.c	2014-01-06 13:47:42.000000000 +0000
    +++ b/apps/apps.c	2015-08-22 00:51:15.000000000 +0900
    @@ -2361,6 +2361,8 @@
     		flags |= X509_V_FLAG_NOTIFY_POLICY;
     	else if (!strcmp(arg, "-check_ss_sig"))
     		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
    +	else if (!strcmp(arg, "-no_alt_chains"))
    +		flags |= X509_V_FLAG_NO_ALT_CHAINS;
     	else
     		return 0;
     
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/cms.c	2014-01-06 13:47:42.000000000 +0000
    +++ b/apps/cms.c	2015-08-22 00:51:15.000000000 +0900
    @@ -642,6 +642,7 @@
     		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
     		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
     		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
    +		BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
     		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
     		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
     #ifndef OPENSSL_NO_ENGINE
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/ocsp.c	2014-01-06 13:47:42.000000000 +0000
    +++ b/apps/ocsp.c	2015-08-22 20:08:05.000000000 +0900
    @@ -595,6 +595,7 @@
     		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
     		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
     		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
    +		BIO_printf (bio_err, "-no_alt_chains     only ever use the first certificate chain found\n");
     		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
     		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
     		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/s_client.c	2014-10-15 17:01:58.000000000 +0000
    +++ b/apps/s_client.c	2015-08-22 00:51:15.000000000 +0900
    @@ -298,6 +298,7 @@
     	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
     	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
     	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
    +	BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
     	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
     	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
     	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/s_server.c	2015-06-08 15:28:33.000000000 +0000
    +++ b/apps/s_server.c	2015-08-22 21:00:30.000000000 +0900
    @@ -517,6 +517,7 @@
     	BIO_printf(bio_err," -state        - Print the SSL states\n");
     	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
     	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
    +	BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
     	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
     	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
     	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/smime.c	2014-01-06 13:47:42.000000000 +0000
    +++ b/apps/smime.c	2015-08-22 00:51:15.000000000 +0900
    @@ -479,6 +479,7 @@
     		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
     		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
     		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
    +		BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
     		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
     		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
     #ifndef OPENSSL_NO_ENGINE
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/apps/verify.c	2014-01-06 13:47:42.000000000 +0000
    +++ b/apps/verify.c	2015-08-22 00:51:15.000000000 +0900
    @@ -238,7 +238,7 @@
     end:
     	if (ret == 1) {
     		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
    -		BIO_printf(bio_err," [-attime timestamp]");
    +		BIO_printf(bio_err," [-no_alt_chains] [-attime timestamp]");
     #ifndef OPENSSL_NO_ENGINE
     		BIO_printf(bio_err," [-engine e]");
     #endif
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/crypto/x509/x509_vfy.c	2015-06-08 13:56:53.000000000 +0000
    +++ b/crypto/x509/x509_vfy.c	2015-08-22 00:51:15.000000000 +0900
    @@ -153,11 +153,11 @@
     
     int X509_verify_cert(X509_STORE_CTX *ctx)
     	{
    -	X509 *x,*xtmp,*chain_ss=NULL;
    +	X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
     	int bad_chain = 0;
     	X509_VERIFY_PARAM *param = ctx->param;
     	int depth,i,ok=0;
    -	int num;
    +	int num, j, retry;
     	int (*cb)(int xok,X509_STORE_CTX *xctx);
     	STACK_OF(X509) *sktmp=NULL;
     	if (ctx->cert == NULL)
    @@ -165,22 +165,27 @@
     		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
     		return -1;
     		}
    +	if (ctx->chain != NULL)
    +		{
    +		/* This X509_STORE_CTX has already been used to verify a cert. We
    +		 * cannot do another one.
    +		 */
    +		X509err(X509_F_X509_VERIFY_CERT,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    +		return -1;
    +		}
     
     	cb=ctx->verify_cb;
     
     	/* first we make sure the chain we are going to build is
     	 * present and that the first entry is in place */
    -	if (ctx->chain == NULL)
    +	if (((ctx->chain = sk_X509_new_null()) == NULL) ||
    +		(!sk_X509_push(ctx->chain, ctx->cert)))
     		{
    -		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
    -			(!sk_X509_push(ctx->chain,ctx->cert)))
    -			{
    -			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
    -			goto end;
    -			}
    -		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
    -		ctx->last_untrusted=1;
    +		X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
    +		goto end;
     		}
    +	CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
    +	ctx->last_untrusted = 1;
     
     	/* We use a temporary STACK so we can chop and hack at it */
     	if (ctx->untrusted != NULL
    @@ -231,82 +236,125 @@
     		break;
     		}
     
    +	/* Remember how many untrusted certs we have */
    +	j = num;
    +
     	/* at this point, chain should contain a list of untrusted
     	 * certificates.  We now need to add at least one trusted one,
     	 * if possible, otherwise we complain. */
     
    -	/* Examine last certificate in chain and see if it
    - 	 * is self signed.
    - 	 */
    -
    -	i=sk_X509_num(ctx->chain);
    -	x=sk_X509_value(ctx->chain,i-1);
    -	if (ctx->check_issued(ctx, x, x))
    +	do
     		{
    -		/* we have a self signed certificate */
    -		if (sk_X509_num(ctx->chain) == 1)
    +		/* Examine last certificate in chain and see if it is self signed.
    +		 */
    +		i = sk_X509_num(ctx->chain);
    +		x = sk_X509_value(ctx->chain, i - 1);
    +		if (ctx->check_issued(ctx, x, x))
     			{
    -			/* We have a single self signed certificate: see if
    -			 * we can find it in the store. We must have an exact
    -			 * match to avoid possible impersonation.
    -			 */
    -			ok = ctx->get_issuer(&xtmp, ctx, x);
    -			if ((ok <= 0) || X509_cmp(x, xtmp)) 
    +			/* we have a self signed certificate */
    +			if (sk_X509_num(ctx->chain) == 1)
     				{
    -				ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
    -				ctx->current_cert=x;
    -				ctx->error_depth=i-1;
    -				if (ok == 1) X509_free(xtmp);
    -				bad_chain = 1;
    -				ok=cb(0,ctx);
    -				if (!ok) goto end;
    +				/* We have a single self signed certificate: see if
    +				 * we canfind it in the store. We must have an exact
    +				 * match to avoid possible impersonation.
    +				 */
    +				ok = ctx->get_issuer(&xtmp, ctx, x);
    +				if ((ok <= 0) || X509_cmp(x, xtmp))
    +					{
    +					ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
    +					ctx->current_cert = x;
    +					ctx->error_depth = i - 1;
    +					if (ok == 1)
    +						X509_free(xtmp);
    +					bad_chain = 1;
    +					ok = cb(0, ctx);
    +					if (!ok)
    +						goto end;
    +					}
    +				else
    +					{
    +					/* We have a match: replace certificate with store
    +					 * version so we get any trust settings.
    +					 */
    +					X509_free(x);
    +					x = xtmp;
    +					(void)sk_X509_set(ctx->chain, i - 1, x);
    +					ctx->last_untrusted = 0;
    +					}
     				}
    -			else 
    +			else
     				{
    -				/* We have a match: replace certificate with store version
    -				 * so we get any trust settings.
    -				 */
    -				X509_free(x);
    -				x = xtmp;
    -				(void)sk_X509_set(ctx->chain, i - 1, x);
    -				ctx->last_untrusted=0;
    +				/* extract and save self signed certificate for later use */
    +				chain_ss = sk_X509_pop(ctx->chain);
    +				ctx->last_untrusted--;
    +				num--;
    +				j--;
    +				x = sk_X509_value(ctx->chain, num - 1);
     				}
     			}
    -		else
    +
    +		/* We now lookup certs from the certificate store */
    +		for (;;)
     			{
    -			/* extract and save self signed certificate for later use */
    -			chain_ss=sk_X509_pop(ctx->chain);
    -			ctx->last_untrusted--;
    -			num--;
    -			x=sk_X509_value(ctx->chain,num-1);
    -			}
    -		}
    +			/* If we have enough, we break */
    +			if (depth < num) break;
     
    -	/* We now lookup certs from the certificate store */
    -	for (;;)
    -		{
    -		/* If we have enough, we break */
    -		if (depth < num) break;
    +			/* If we are self signed, we break */
    +			if (ctx->check_issued(ctx, x, x)) break;
     
    -		/* If we are self signed, we break */
    -		if (ctx->check_issued(ctx,x,x)) break;
    +			ok = ctx->get_issuer(&xtmp, ctx, x);
     
    -		ok = ctx->get_issuer(&xtmp, ctx, x);
    +			if (ok < 0) return ok;
    +			if (ok == 0) break;
     
    -		if (ok < 0) return ok;
    -		if (ok == 0) break;
    +			x = xtmp;
    +			if (!sk_X509_push(ctx->chain, x))
    +				{
    +				X509_free(xtmp);
    +				X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
    +				return 0;
    +				}
    +			num++;
    +			}
     
    -		x = xtmp;
    -		if (!sk_X509_push(ctx->chain,x))
    +		/* If we haven't got a least one certificate from our store then check
    +		 * if there is an alternative chain that could be used.  We only do this
    +		 * if the user hasn't switched off alternate chain checking
    +		 */
    +		retry = 0;
    +		if (num == ctx->last_untrusted &&
    +			!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS))
     			{
    -			X509_free(xtmp);
    -			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
    -			return 0;
    +			while (j-- > 1)
    +				{
    +				xtmp2 = sk_X509_value(ctx->chain, j - 1);
    +				ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
    +				if (ok < 0) goto end;
    +
    +				/* Check if we found an alternate chain */
    +				if (ok > 0)
    +					{
    +					/* Free up the found cert we'll add it again later
    +					 */
    +					X509_free(xtmp);
    +
    +					/* Dump all the certs above this point - we've
    +					 * found an alternate chain
    +					 */
    +					while (num > j)
    +						{
    +						xtmp = sk_X509_pop(ctx->chain);
    +						X509_free(xtmp);
    +						num--;
    +						}
    +					ctx->last_untrusted = sk_X509_num(ctx->chain);
    +					retry = 1;
    +					break;
    +					}
    +				}
     			}
    -		num++;
     		}
    -
    -	/* we now have our chain, lets check it... */
    +	while (retry);
     
     	/* Is last certificate looked up self signed? */
     	if (!ctx->check_issued(ctx,x,x))
    diff -ur openssl-1.0.1f-1ubuntu2.15 openssl-1.0.1f-1ubuntu2.15+alt
    --- a/crypto/x509/x509_vfy.h	2014-01-06 13:47:42.000000000 +0000
    +++ b/crypto/x509/x509_vfy.h	2015-08-22 00:51:15.000000000 +0900
    @@ -389,6 +389,12 @@
     #define X509_V_FLAG_USE_DELTAS			0x2000
     /* Check selfsigned CA signature */
     #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
    +/*
    + * If the initial chain is not trusted, do not attempt to build an alternative
    + * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
    + * this flag will force the behaviour to match that of previous versions.
    + */
    +#define X509_V_FLAG_NO_ALT_CHAINS		0x100000
     
     
     #define X509_VP_FLAG_DEFAULT			0x1
    --- openssl-1.0.1m/doc/apps/cms.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/cms.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -35,6 +35,7 @@
     [B<-print>]
     [B<-CAfile file>]
     [B<-CApath dir>]
    +[B<-no_alt_chains>]
     [B<-md digest>]
     [B<-[cipher]>]
     [B<-nointern>]
    @@ -406,7 +407,7 @@
     then many S/MIME mail clients check the signers certificate's email
     address matches that specified in the From: address.
     
    -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
    +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
     
     Set various certificate chain valiadition option. See the
     L<B<verify>|verify(1)> manual page for details.
    @@ -614,4 +615,6 @@
     added in OpenSSL 1.0.0
     
     
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/apps/ocsp.pod	2015-03-19 22:19:00.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/ocsp.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -29,6 +29,7 @@
     [B<-path>]
     [B<-CApath dir>]
     [B<-CAfile file>]
    +[B<-no_alt_chains>]]
     [B<-VAfile file>]
     [B<-validity_period n>]
     [B<-status_age n>]
    @@ -143,6 +144,10 @@
     file or pathname containing trusted CA certificates. These are used to verify
     the signature on the OCSP response.
     
    +=item B<-no_alt_chains>
    +
    +See L<B<verify>|verify(1)> manual page for details.
    +
     =item B<-verify_other file>
     
     file containing additional certificates to search when attempting to locate
    @@ -379,3 +384,9 @@
     
      openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
          -reqin req.der -respout resp.der
    +
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
    +=cut
    --- openssl-1.0.1m/doc/apps/s_client.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/s_client.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -19,6 +19,7 @@
     [B<-pass arg>]
     [B<-CApath directory>]
     [B<-CAfile filename>]
    +[B<-no_alt_chains>]
     [B<-reconnect>]
     [B<-pause>]
     [B<-showcerts>]
    @@ -116,7 +117,7 @@
     A file containing trusted certificates to use during server authentication
     and to use when attempting to build the client certificate chain.
     
    -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
    +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
     
     Set various certificate chain valiadition option. See the
     L<B<verify>|verify(1)> manual page for details.
    @@ -347,4 +348,8 @@
     
     L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
     
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/apps/s_server.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/s_server.pod	2015-08-22 20:21:28.000000000 +0900
    @@ -33,6 +33,7 @@  update line 38 to fix fuzz with patch
     [B<-state>]
     [B<-CApath directory>]
     [B<-CAfile filename>]
    +[B<-no_alt_chains>]
     [B<-nocert>]
     [B<-cipher cipherlist>]
     [B<-quiet>]
    @@ -178,6 +179,10 @@
     is also used in the list of acceptable client CAs passed to the client when
     a certificate is requested.
     
    +=item B<-no_alt_chains>
    +
    +See the L<B<verify>|verify(1)> manual page for details.
    +
     =item B<-state>
     
     prints out the SSL session states.
    @@ -398,4 +403,8 @@
     
     L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
     
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/apps/smime.pod	2015-01-20 21:33:36.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/smime.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -15,6 +15,7 @@
     [B<-pk7out>]
     [B<-[cipher]>]
     [B<-in file>]
    +[B<-no_alt_chains>]
     [B<-certfile file>]
     [B<-signer file>]
     [B<-recip  file>]
    @@ -259,7 +260,7 @@
     then many S/MIME mail clients check the signers certificate's email
     address matches that specified in the From: address.
     
    -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
    +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
     
     Set various options of certificate chain verification. See
     L<B<verify>|verify(1)> manual page for details.
    @@ -441,5 +442,6 @@
     The use of multiple B<-signer> options and the B<-resign> command were first
     added in OpenSSL 1.0.0
     
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
     
     =cut
    --- openssl-1.0.1m/doc/apps/verify.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/verify.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -22,6 +22,7 @@
     [B<-extended_crl>]
     [B<-use_deltas>]
     [B<-policy_print>]
    +[B<-no_alt_chains>]
     [B<-untrusted file>]
     [B<-help>]
     [B<-issuer_checks>]
    @@ -108,6 +109,14 @@
     
     Set policy variable inhibit-policy-mapping (see RFC5280).
     
    +=item B<-no_alt_chains>
    +
    +When building a certificate chain, if the first certificate chain found is not
    +trusted, then OpenSSL will continue to check to see if an alternative chain can
    +be found that is trusted. With this option that behaviour is suppressed so that
    +only the first chain found is ever used. Using this option will force the
    +behaviour to match that of previous OpenSSL versions.
    +
     =item B<-policy_print>
     
     Print out diagnostics related to policy processing.
    @@ -409,4 +418,8 @@
     
     L<x509(1)|x509(1)>
     
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/crypto/X509_STORE_CTX_new.pod	2015-01-20 21:33:36.000000000 +0900
    +++ openssl-1.0.1p/doc/crypto/X509_STORE_CTX_new.pod	2015-07-09 20:53:21.000000000 +0900
    @@ -39,10 +39,15 @@
     is no longer valid.
     
     X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
    -The trusted certificate store is set to B<store>, the end entity certificate
    -to be verified is set to B<x509> and a set of additional certificates (which
    -will be untrusted but may be used to build the chain) in B<chain>. Any or
    -all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
    +It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
    +good for one call to X509_verify_cert(); if you want to verify a second
    +certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
    +and then X509_STORE_CTX_init() again before the second call to
    +X509_verify_cert(). The trusted certificate store is set to B<store>, the end
    +entity certificate to be verified is set to B<x509> and a set of additional
    +certificates (which will be untrusted but may be used to build the chain) in
    +B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
    +B<NULL>.
     
     X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
     to B<sk>. This is an alternative way of specifying trusted certificates 
    --- openssl-1.0.1m/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -133,6 +133,12 @@
     to the verification callback and it B<must> be prepared to handle such cases
     without assuming they are hard errors.
     
    +The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
    +chains. By default, when building a certificate chain, if the first certificate
    +chain found is not trusted, then OpenSSL will continue to check to see if an
    +alternative chain can be found that is trusted. With this flag set the behaviour
    +will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b.
    +
     =head1 NOTES
     
     The above functions should be used to manipulate verification parameters
    @@ -166,6 +172,6 @@
     
     =head1 HISTORY
     
    -TBA
    +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.0.1n and 1.0.2b
     
     =cut
    --- openssl-1.0.1m/doc/crypto/X509_verify_cert.pod	2015-01-20 21:33:36.000000000 +0900
    +++ openssl-1.0.1p/doc/crypto/X509_verify_cert.pod	2015-07-09 20:53:21.000000000 +0900
    @@ -32,7 +32,8 @@
     SSL/TLS code.
     
     The negative return value from X509_verify_cert() can only occur if no
    -certificate is set in B<ctx> (due to a programming error) or if a retry
    +certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
    +twice without reinitialising B<ctx> in between; or if a retry
     operation is requested during internal lookups (which never happens with
     standard lookup methods). It is however recommended that application check
     for <= 0 return value on error.
    
    
    

    external by Hiroyuki YAMAMORI  482  0  3  0

    Support CA alternate chains for debian jessie openssl package - merged from openssl-1.0.1p

    Support CA alternate chains for debian jessie openssl package - merged from openssl-1.0.1p: ca-alt-chains.patch
    #  See  https://github.com/openssl/openssl  commit log.
    Commits on Jul 8, 2015
    	Fix alternate chains certificate forgery issue (CVE-2015-1793)
    	Fix alt chains bug
    	Reject calls to X509_verify_cert that have not been reinitialised
    Commits on May 21, 2015
    	Add -no_alt_chains option ... 3 commits
    	In certain situations the server provided certificate chain may no ...
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/apps.c	2015-01-08 14:00:36.000000000 +0000
    +++ b/apps/apps.c	2015-08-19 22:18:33.000000000 +0900
    @@ -2365,6 +2365,8 @@
     		flags |= X509_V_FLAG_NOTIFY_POLICY;
     	else if (!strcmp(arg, "-check_ss_sig"))
     		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
    +	else if (!strcmp(arg, "-no_alt_chains"))
    +		flags |= X509_V_FLAG_NO_ALT_CHAINS;
     	else
     		return 0;
     
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/cms.c	2015-01-08 14:00:36.000000000 +0000
    +++ b/apps/cms.c	2015-08-19 22:26:39.000000000 +0900
    @@ -642,6 +642,7 @@
     		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
     		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
     		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
    +		BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
     		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
     		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
     #ifndef OPENSSL_NO_ENGINE
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/ocsp.c	2015-01-08 14:00:56.000000000 +0000
    +++ b/apps/ocsp.c	2015-08-19 22:28:30.000000000 +0900
    @@ -605,6 +605,7 @@
     		BIO_printf (bio_err, "-path                path to use in OCSP request\n");
     		BIO_printf (bio_err, "-CApath dir          trusted certificates directory\n");
     		BIO_printf (bio_err, "-CAfile file         trusted certificates file\n");
    +		BIO_printf (bio_err, "-no_alt_chains       only ever use the first certificate chain found\n");
     		BIO_printf (bio_err, "-VAfile file         validator certificates file\n");
     		BIO_printf (bio_err, "-validity_period n   maximum validity discrepancy in seconds\n");
     		BIO_printf (bio_err, "-status_age n        maximum status age in seconds\n");
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/s_client.c	2015-01-08 14:00:56.000000000 +0000
    +++ b/apps/s_client.c	2015-08-19 22:31:46.000000000 +0900
    @@ -299,6 +299,7 @@
     	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
     	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
     	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
    +	BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
     	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
     	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
     	BIO_printf(bio_err," -prexit       - print session information even on connection failure\n");
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/s_server.c	2015-01-08 14:00:56.000000000 +0000
    +++ b/apps/s_server.c	2015-08-19 22:33:06.000000000 +0900
    @@ -498,6 +498,7 @@
     	BIO_printf(bio_err," -state        - Print the SSL states\n");
     	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
     	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
    +	BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
     	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
     	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
     	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/smime.c	2015-01-08 14:00:36.000000000 +0000
    +++ b/apps/smime.c	2015-08-19 22:34:59.000000000 +0900
    @@ -479,6 +479,7 @@
     		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
     		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
     		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
    +		BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
     		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
     		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
     #ifndef OPENSSL_NO_ENGINE
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/apps/verify.c	2015-01-08 14:00:36.000000000 +0000
    +++ b/apps/verify.c	2015-08-19 14:36:59.000000000 +0900
    @@ -238,7 +238,7 @@
     end:
     	if (ret == 1) {
     		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
    -		BIO_printf(bio_err," [-attime timestamp]");
    +		BIO_printf(bio_err," [-no_alt_chains] [-attime timestamp]");
     #ifndef OPENSSL_NO_ENGINE
     		BIO_printf(bio_err," [-engine e]");
     #endif
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/crypto/x509/x509_vfy.c	2015-06-11 21:08:15.000000000 +0000
    +++ b/crypto/x509/x509_vfy.c	2015-08-21 23:24:40.000000000 +0900
    @@ -153,11 +153,11 @@
     
     int X509_verify_cert(X509_STORE_CTX *ctx)
     	{
    -	X509 *x,*xtmp,*chain_ss=NULL;
    +	X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
     	int bad_chain = 0;
     	X509_VERIFY_PARAM *param = ctx->param;
     	int depth,i,ok=0;
    -	int num;
    +	int num, j, retry;
     	int (*cb)(int xok,X509_STORE_CTX *xctx);
     	STACK_OF(X509) *sktmp=NULL;
     	if (ctx->cert == NULL)
    @@ -165,22 +165,27 @@
     		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
     		return -1;
     		}
    +	if (ctx->chain != NULL)
    +		{
    +		/* This X509_STORE_CTX has already been used to verify a cert. We
    +		 * cannot do another one.
    +		 */
    +		X509err(X509_F_X509_VERIFY_CERT,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
    +		return -1;
    +		}
     
     	cb=ctx->verify_cb;
     
     	/* first we make sure the chain we are going to build is
     	 * present and that the first entry is in place */
    -	if (ctx->chain == NULL)
    +	if (((ctx->chain = sk_X509_new_null()) == NULL) ||
    +		(!sk_X509_push(ctx->chain, ctx->cert)))
     		{
    -		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
    -			(!sk_X509_push(ctx->chain,ctx->cert)))
    -			{
    -			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
    -			goto end;
    -			}
    -		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
    -		ctx->last_untrusted=1;
    +		X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
    +		goto end;
     		}
    +	CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
    +	ctx->last_untrusted = 1;
     
     	/* We use a temporary STACK so we can chop and hack at it */
     	if (ctx->untrusted != NULL
    @@ -231,82 +236,125 @@
     		break;
     		}
     
    +	/* Remember how many untrusted certs we have */
    +	j = num;
    +
     	/* at this point, chain should contain a list of untrusted
     	 * certificates.  We now need to add at least one trusted one,
     	 * if possible, otherwise we complain. */
     
    -	/* Examine last certificate in chain and see if it
    - 	 * is self signed.
    - 	 */
    -
    -	i=sk_X509_num(ctx->chain);
    -	x=sk_X509_value(ctx->chain,i-1);
    -	if (ctx->check_issued(ctx, x, x))
    +	do
     		{
    -		/* we have a self signed certificate */
    -		if (sk_X509_num(ctx->chain) == 1)
    +		/* Examine last certificate in chain and see if it is self signed.
    +		 */
    +		i = sk_X509_num(ctx->chain);
    +		x = sk_X509_value(ctx->chain, i - 1);
    +		if (ctx->check_issued(ctx, x, x))
     			{
    -			/* We have a single self signed certificate: see if
    -			 * we can find it in the store. We must have an exact
    -			 * match to avoid possible impersonation.
    -			 */
    -			ok = ctx->get_issuer(&xtmp, ctx, x);
    -			if ((ok <= 0) || X509_cmp(x, xtmp)) 
    +			/* we have a self signed certificate */
    +			if (sk_X509_num(ctx->chain) == 1)
     				{
    -				ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
    -				ctx->current_cert=x;
    -				ctx->error_depth=i-1;
    -				if (ok == 1) X509_free(xtmp);
    -				bad_chain = 1;
    -				ok=cb(0,ctx);
    -				if (!ok) goto end;
    +				/* We have a single self signed certificate: see if
    +				 * we canfind it in the store. We must have an exact
    +				 * match to avoid possible impersonation.
    +				 */
    +				ok = ctx->get_issuer(&xtmp, ctx, x);
    +				if ((ok <= 0) || X509_cmp(x, xtmp))
    +					{
    +					ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
    +					ctx->current_cert = x;
    +					ctx->error_depth = i - 1;
    +					if (ok == 1)
    +						X509_free(xtmp);
    +					bad_chain = 1;
    +					ok = cb(0, ctx);
    +					if (!ok)
    +						goto end;
    +					}
    +				else
    +					{
    +					/* We have a match: replace certificate with store
    +					 * version so we get any trust settings.
    +					 */
    +					X509_free(x);
    +					x = xtmp;
    +					(void)sk_X509_set(ctx->chain, i - 1, x);
    +					ctx->last_untrusted = 0;
    +					}
     				}
    -			else 
    +			else
     				{
    -				/* We have a match: replace certificate with store version
    -				 * so we get any trust settings.
    -				 */
    -				X509_free(x);
    -				x = xtmp;
    -				(void)sk_X509_set(ctx->chain, i - 1, x);
    -				ctx->last_untrusted=0;
    +				/* extract and save self signed certificate for later use */
    +				chain_ss = sk_X509_pop(ctx->chain);
    +				ctx->last_untrusted--;
    +				num--;
    +				j--;
    +				x = sk_X509_value(ctx->chain, num - 1);
     				}
     			}
    -		else
    +
    +		/* We now lookup certs from the certificate store */
    +		for (;;)
     			{
    -			/* extract and save self signed certificate for later use */
    -			chain_ss=sk_X509_pop(ctx->chain);
    -			ctx->last_untrusted--;
    -			num--;
    -			x=sk_X509_value(ctx->chain,num-1);
    -			}
    -		}
    +			/* If we have enough, we break */
    +			if (depth < num) break;
     
    -	/* We now lookup certs from the certificate store */
    -	for (;;)
    -		{
    -		/* If we have enough, we break */
    -		if (depth < num) break;
    +			/* If we are self signed, we break */
    +			if (ctx->check_issued(ctx, x, x)) break;
     
    -		/* If we are self signed, we break */
    -		if (ctx->check_issued(ctx,x,x)) break;
    +			ok = ctx->get_issuer(&xtmp, ctx, x);
     
    -		ok = ctx->get_issuer(&xtmp, ctx, x);
    +			if (ok < 0) return ok;
    +			if (ok == 0) break;
     
    -		if (ok < 0) return ok;
    -		if (ok == 0) break;
    +			x = xtmp;
    +			if (!sk_X509_push(ctx->chain, x))
    +				{
    +				X509_free(xtmp);
    +				X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
    +				return 0;
    +				}
    +			num++;
    +			}
     
    -		x = xtmp;
    -		if (!sk_X509_push(ctx->chain,x))
    +		/* If we haven't got a least one certificate from our store then check
    +		 * if there is an alternative chain that could be used.  We only do this
    +		 * if the user hasn't switched off alternate chain checking
    +		 */
    +		retry = 0;
    +		if (num == ctx->last_untrusted &&
    +			!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS))
     			{
    -			X509_free(xtmp);
    -			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
    -			return 0;
    +			while (j-- > 1)
    +				{
    +				xtmp2 = sk_X509_value(ctx->chain, j - 1);
    +				ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
    +				if (ok < 0) goto end;
    +
    +				/* Check if we found an alternate chain */
    +				if (ok > 0)
    +					{
    +					/* Free up the found cert we'll add it again later
    +					 */
    +					X509_free(xtmp);
    +
    +					/* Dump all the certs above this point - we've
    +					 * found an alternate chain
    +					 */
    +					while (num > j)
    +						{
    +						xtmp = sk_X509_pop(ctx->chain);
    +						X509_free(xtmp);
    +						num--;
    +						}
    +					ctx->last_untrusted = sk_X509_num(ctx->chain);
    +					retry = 1;
    +					break;
    +					}
    +				}
     			}
    -		num++;
     		}
    -
    -	/* we now have our chain, lets check it... */
    +	while (retry);
     
     	/* Is last certificate looked up self signed? */
     	if (!ctx->check_issued(ctx,x,x))
    diff -ur openssl-1.0.1k-3+deb8u1 openssl-1.0.1k-3+deb8u1+alt
    --- a/crypto/x509/x509_vfy.h	2015-01-08 14:00:36.000000000 +0000
    +++ b/crypto/x509/x509_vfy.h	2015-08-19 22:42:45.000000000 +0900
    @@ -389,6 +389,12 @@
     #define X509_V_FLAG_USE_DELTAS			0x2000
     /* Check selfsigned CA signature */
     #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
    +/*
    + * If the initial chain is not trusted, do not attempt to build an alternative
    + * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
    + * this flag will force the behaviour to match that of previous versions.
    + */
    +#define X509_V_FLAG_NO_ALT_CHAINS		0x100000
     
     
     #define X509_VP_FLAG_DEFAULT			0x1
    --- openssl-1.0.1m/doc/apps/cms.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/cms.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -35,6 +35,7 @@
     [B<-print>]
     [B<-CAfile file>]
     [B<-CApath dir>]
    +[B<-no_alt_chains>]
     [B<-md digest>]
     [B<-[cipher]>]
     [B<-nointern>]
    @@ -406,7 +407,7 @@
     then many S/MIME mail clients check the signers certificate's email
     address matches that specified in the From: address.
     
    -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
    +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
     
     Set various certificate chain valiadition option. See the
     L<B<verify>|verify(1)> manual page for details.
    @@ -614,4 +615,6 @@
     added in OpenSSL 1.0.0
     
     
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/apps/ocsp.pod	2015-03-19 22:19:00.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/ocsp.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -29,6 +29,7 @@
     [B<-path>]
     [B<-CApath dir>]
     [B<-CAfile file>]
    +[B<-no_alt_chains>]]
     [B<-VAfile file>]
     [B<-validity_period n>]
     [B<-status_age n>]
    @@ -143,6 +144,10 @@
     file or pathname containing trusted CA certificates. These are used to verify
     the signature on the OCSP response.
     
    +=item B<-no_alt_chains>
    +
    +See L<B<verify>|verify(1)> manual page for details.
    +
     =item B<-verify_other file>
     
     file containing additional certificates to search when attempting to locate
    @@ -379,3 +384,9 @@
     
      openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
          -reqin req.der -respout resp.der
    +
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
    +=cut
    --- openssl-1.0.1m/doc/apps/s_client.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/s_client.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -19,6 +19,7 @@
     [B<-pass arg>]
     [B<-CApath directory>]
     [B<-CAfile filename>]
    +[B<-no_alt_chains>]
     [B<-reconnect>]
     [B<-pause>]
     [B<-showcerts>]
    @@ -116,7 +117,7 @@
     A file containing trusted certificates to use during server authentication
     and to use when attempting to build the client certificate chain.
     
    -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
    +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
     
     Set various certificate chain valiadition option. See the
     L<B<verify>|verify(1)> manual page for details.
    @@ -347,4 +348,8 @@
     
     L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
     
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/apps/s_server.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/s_server.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -33,6 +33,7 @@
     [B<-state>]
     [B<-CApath directory>]
     [B<-CAfile filename>]
    +[B<-no_alt_chains>]
     [B<-nocert>]
     [B<-cipher cipherlist>]
     [B<-serverpref>]
    @@ -178,6 +179,10 @@
     is also used in the list of acceptable client CAs passed to the client when
     a certificate is requested.
     
    +=item B<-no_alt_chains>
    +
    +See the L<B<verify>|verify(1)> manual page for details.
    +
     =item B<-state>
     
     prints out the SSL session states.
    @@ -398,4 +403,8 @@
     
     L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
     
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/apps/smime.pod	2015-01-20 21:33:36.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/smime.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -15,6 +15,7 @@
     [B<-pk7out>]
     [B<-[cipher]>]
     [B<-in file>]
    +[B<-no_alt_chains>]
     [B<-certfile file>]
     [B<-signer file>]
     [B<-recip  file>]
    @@ -259,7 +260,7 @@
     then many S/MIME mail clients check the signers certificate's email
     address matches that specified in the From: address.
     
    -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
    +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
     
     Set various options of certificate chain verification. See
     L<B<verify>|verify(1)> manual page for details.
    @@ -441,5 +442,6 @@
     The use of multiple B<-signer> options and the B<-resign> command were first
     added in OpenSSL 1.0.0
     
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
     
     =cut
    --- openssl-1.0.1m/doc/apps/verify.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/apps/verify.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -22,6 +22,7 @@
     [B<-extended_crl>]
     [B<-use_deltas>]
     [B<-policy_print>]
    +[B<-no_alt_chains>]
     [B<-untrusted file>]
     [B<-help>]
     [B<-issuer_checks>]
    @@ -108,6 +109,14 @@
     
     Set policy variable inhibit-policy-mapping (see RFC5280).
     
    +=item B<-no_alt_chains>
    +
    +When building a certificate chain, if the first certificate chain found is not
    +trusted, then OpenSSL will continue to check to see if an alternative chain can
    +be found that is trusted. With this option that behaviour is suppressed so that
    +only the first chain found is ever used. Using this option will force the
    +behaviour to match that of previous OpenSSL versions.
    +
     =item B<-policy_print>
     
     Print out diagnostics related to policy processing.
    @@ -409,4 +418,8 @@
     
     L<x509(1)|x509(1)>
     
    +=head1 HISTORY
    +
    +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
    +
     =cut
    --- openssl-1.0.1m/doc/crypto/X509_STORE_CTX_new.pod	2015-01-20 21:33:36.000000000 +0900
    +++ openssl-1.0.1p/doc/crypto/X509_STORE_CTX_new.pod	2015-07-09 20:53:21.000000000 +0900
    @@ -39,10 +39,15 @@
     is no longer valid.
     
     X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
    -The trusted certificate store is set to B<store>, the end entity certificate
    -to be verified is set to B<x509> and a set of additional certificates (which
    -will be untrusted but may be used to build the chain) in B<chain>. Any or
    -all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
    +It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
    +good for one call to X509_verify_cert(); if you want to verify a second
    +certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
    +and then X509_STORE_CTX_init() again before the second call to
    +X509_verify_cert(). The trusted certificate store is set to B<store>, the end
    +entity certificate to be verified is set to B<x509> and a set of additional
    +certificates (which will be untrusted but may be used to build the chain) in
    +B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
    +B<NULL>.
     
     X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
     to B<sk>. This is an alternative way of specifying trusted certificates 
    --- openssl-1.0.1m/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2015-03-19 22:37:10.000000000 +0900
    +++ openssl-1.0.1p/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2015-07-09 21:21:24.000000000 +0900
    @@ -133,6 +133,12 @@
     to the verification callback and it B<must> be prepared to handle such cases
     without assuming they are hard errors.
     
    +The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
    +chains. By default, when building a certificate chain, if the first certificate
    +chain found is not trusted, then OpenSSL will continue to check to see if an
    +alternative chain can be found that is trusted. With this flag set the behaviour
    +will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b.
    +
     =head1 NOTES
     
     The above functions should be used to manipulate verification parameters
    @@ -166,6 +172,6 @@
     
     =head1 HISTORY
     
    -TBA
    +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.0.1n and 1.0.2b
     
     =cut
    --- openssl-1.0.1m/doc/crypto/X509_verify_cert.pod	2015-01-20 21:33:36.000000000 +0900
    +++ openssl-1.0.1p/doc/crypto/X509_verify_cert.pod	2015-07-09 20:53:21.000000000 +0900
    @@ -32,7 +32,8 @@
     SSL/TLS code.
     
     The negative return value from X509_verify_cert() can only occur if no
    -certificate is set in B<ctx> (due to a programming error) or if a retry
    +certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
    +twice without reinitialising B<ctx> in between; or if a retry
     operation is requested during internal lookups (which never happens with
     standard lookup methods). It is however recommended that application check
     for <= 0 return value on error.
    
    
    
    • Public Snippets
    • Channels Snippets