File openssl-1.0.1n-default-paths.patch of Package openssl

diff -rNU 30 ../openssl-1.0.1n-o/apps/s_client.c ./apps/s_client.c
--- ../openssl-1.0.1n-o/apps/s_client.c	2015-06-11 16:01:49.000000000 +0200
+++ ./apps/s_client.c	2015-06-12 05:44:33.000000000 +0200
@@ -1152,67 +1152,85 @@
     if (bugs)
         SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
     else
         SSL_CTX_set_options(ctx, off);
 
     if (clr)
         SSL_CTX_clear_options(ctx, clr);
 
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
     if (next_proto.data)
         SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
 #endif
 
     if (state)
         SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
     if (cipher != NULL)
         if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
             BIO_printf(bio_err, "error setting cipher list\n");
             ERR_print_errors(bio_err);
             goto end;
         }
 #if 0
         else
             SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
 #endif
 
     SSL_CTX_set_verify(ctx, verify, verify_callback);
     if (!set_cert_key_stuff(ctx, cert, key))
         goto end;
 
+/*
     if ((CAfile || CApath)
         && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
         ERR_print_errors(bio_err);
     }
     if (!SSL_CTX_set_default_verify_paths(ctx)) {
         ERR_print_errors(bio_err);
     }
+*/
+    if (CAfile == NULL && CApath == NULL)
+	{
+        if (!SSL_CTX_set_default_verify_paths(ctx))
+		{
+		ERR_print_errors(bio_err);
+		}
+	}
+    else
+	{
+	if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+		{
+		ERR_print_errors(bio_err);
+		}
+        }
+
+
 #ifndef OPENSSL_NO_TLSEXT
     if (servername != NULL) {
         tlsextcbp.biodebug = bio_err;
         SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
         SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
     }
 # ifndef OPENSSL_NO_SRP
     if (srp_arg.srplogin) {
         if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
             BIO_printf(bio_err, "Unable to set SRP username\n");
             goto end;
         }
         srp_arg.msg = c_msg;
         srp_arg.debug = c_debug;
         SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
         SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
         SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
         if (c_msg || c_debug || srp_arg.amp == 0)
             SSL_CTX_set_srp_verify_param_callback(ctx,
                                                   ssl_srp_verify_param_cb);
     }
 # endif
 #endif
 
     con = SSL_new(ctx);
     if (sess_in) {
         SSL_SESSION *sess;
         BIO *stmp = BIO_new_file(sess_in, "r");
         if (!stmp) {
             BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
diff -rNU 30 ../openssl-1.0.1n-o/apps/s_server.c ./apps/s_server.c
--- ../openssl-1.0.1n-o/apps/s_server.c	2015-06-11 16:01:49.000000000 +0200
+++ ./apps/s_server.c	2015-06-12 05:49:34.000000000 +0200
@@ -1570,114 +1570,140 @@
         SSL_CTX_set_options(ctx, SSL_OP_ALL);
     if (hack)
         SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
     SSL_CTX_set_options(ctx, off);
 
     if (state)
         SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
     if (no_cache)
         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
     else
         SSL_CTX_sess_set_cache_size(ctx, 128);
 
 #ifndef OPENSSL_NO_SRTP
     if (srtp_profiles != NULL)
         SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
 #endif
 
 #if 0
     if (cipher == NULL)
         cipher = getenv("SSL_CIPHER");
 #endif
 
 #if 0
     if (s_cert_file == NULL) {
         BIO_printf(bio_err,
                    "You must specify a certificate file for the server to use\n");
         goto end;
     }
 #endif
 
+#if 0
     if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
         (!SSL_CTX_set_default_verify_paths(ctx))) {
         /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
         ERR_print_errors(bio_err);
         /* goto end; */
     }
+#endif
+    if (CAfile == NULL && CApath == NULL)
+            {
+            if (!SSL_CTX_set_default_verify_paths(ctx))
+                    {
+                    ERR_print_errors(bio_err);
+                    }
+            }
+    else
+            {
+            if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+                    {
+                    ERR_print_errors(bio_err);
+                    }
+             }
+
     if (vpm)
         SSL_CTX_set1_param(ctx, vpm);
 
 #ifndef OPENSSL_NO_TLSEXT
     if (s_cert2) {
         ctx2 = SSL_CTX_new(meth);
         if (ctx2 == NULL) {
             ERR_print_errors(bio_err);
             goto end;
         }
     }
 
     if (ctx2) {
         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
 
         if (session_id_prefix) {
             if (strlen(session_id_prefix) >= 32)
                 BIO_printf(bio_err,
                            "warning: id_prefix is too long, only one new session will be possible\n");
             else if (strlen(session_id_prefix) >= 16)
                 BIO_printf(bio_err,
                            "warning: id_prefix is too long if you use SSLv2\n");
             if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
                 BIO_printf(bio_err, "error setting 'id_prefix'\n");
                 ERR_print_errors(bio_err);
                 goto end;
             }
             BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
         }
         SSL_CTX_set_quiet_shutdown(ctx2, 1);
         if (bugs)
             SSL_CTX_set_options(ctx2, SSL_OP_ALL);
         if (hack)
             SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
         SSL_CTX_set_options(ctx2, off);
 
         if (state)
             SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
 
         if (no_cache)
             SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
         else
             SSL_CTX_sess_set_cache_size(ctx2, 128);
 
+#if 0
         if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
             (!SSL_CTX_set_default_verify_paths(ctx2))) {
-            ERR_print_errors(bio_err);
-        }
+#endif
+        if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+              {
+              ERR_print_errors(bio_err);
+              }
+        if (!SSL_CTX_set_default_verify_paths(ctx2))
+              {
+              ERR_print_errors(bio_err);
+              }
+
         if (vpm)
             SSL_CTX_set1_param(ctx2, vpm);
     }
 # ifndef OPENSSL_NO_NEXTPROTONEG
     if (next_proto.data)
         SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
                                               &next_proto);
 # endif
 #endif
 
 #ifndef OPENSSL_NO_DH
     if (!no_dhe) {
         DH *dh = NULL;
 
         if (dhfile)
             dh = load_dh_param(dhfile);
         else if (s_cert_file)
             dh = load_dh_param(s_cert_file);
 
         if (dh != NULL) {
             BIO_printf(bio_s_out, "Setting temp DH parameters\n");
         } else {
             BIO_printf(bio_s_out, "Using default temp DH parameters\n");
             dh = get_dh2048();
             if (dh == NULL) {
                 ERR_print_errors(bio_err);
                 goto end;
             }
         }
         (void)BIO_flush(bio_s_out);
diff -rNU 30 ../openssl-1.0.1n-o/apps/s_time.c ./apps/s_time.c
--- ../openssl-1.0.1n-o/apps/s_time.c	2015-06-11 15:01:06.000000000 +0200
+++ ./apps/s_time.c	2015-06-12 05:44:33.000000000 +0200
@@ -354,68 +354,84 @@
     int ret = 1, i;
     MS_STATIC char buf[1024 * 8];
     int ver;
 
     apps_startup();
     s_time_init();
 
     if (bio_err == NULL)
         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
     s_time_meth = SSLv23_client_method();
 
     /* parse the command line arguments */
     if (parseArgs(argc, argv) < 0)
         goto end;
 
     OpenSSL_add_ssl_algorithms();
     if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
         return (1);
 
     SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
 
     if (st_bugs)
         SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
     SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
     if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
         goto end;
 
     SSL_load_error_strings();
 
+#if 0
     if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
         (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
         /*
          * BIO_printf(bio_err,"error setting default verify locations\n");
          */
         ERR_print_errors(bio_err);
         /* goto end; */
-    }
+#endif
+    if (CAfile == NULL && CApath == NULL)
+	    {
+            if (!SSL_CTX_set_default_verify_paths(tm_ctx))
+                    {
+                    ERR_print_errors(bio_err);
+                    }
+            }
+    else
+            {
+            if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+                    {
+                    ERR_print_errors(bio_err);
+                    }
+
+            }
 
     if (tm_cipher == NULL)
         tm_cipher = getenv("SSL_CIPHER");
 
     if (tm_cipher == NULL) {
         fprintf(stderr, "No CIPHER specified\n");
     }
 
     if (!(perform & 1))
         goto next;
     printf("Collecting connection statistics for %d seconds\n", maxTime);
 
     /* Loop and time how long it takes to make connections */
 
     bytes_read = 0;
     finishtime = (long)time(NULL) + maxTime;
     tm_Time_F(START);
     for (;;) {
         if (finishtime < (long)time(NULL))
             break;
 #ifdef WIN32_STUFF
 
         if (flushWinMsgs(0) == -1)
             goto end;
 
         if (waitingToDie || exitNow) /* we're dead */
             goto end;
 #endif
 
         if ((scon = doConnection(NULL)) == NULL)
openSUSE Build Service is sponsored by