1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch
new file mode 100644
index 0000000000..5d399315de
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch
@@ -0,0 +1,30 @@
+From fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sat, 7 Jun 2014 15:21:13 +0100
+Subject: [PATCH 3/3] Make tls_session_secret_cb work with CVE-2014-0224 fix.
+Upstream-Status: Backport
+If application uses tls_session_secret_cb for session resumption
+set the CCS_OK flag.
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ ssl/s3_clnt.c |    1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index 34efff8..cd43873 100644
+--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
+@@ -1037,6 +1037,7 @@ int ssl3_get_server_hello(SSL *s)
+                        {
+                        s->session->cipher = pref_cipher ?
+                                pref_cipher : ssl_get_cipher_by_char(s, p+j);
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                        }
+                }
+ #endif /* OPENSSL_NO_TLSEXT */
+-- 
+1.7.10.4

diff --git a/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch new file mode 100644 index 0000000000..5d399315de --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch
@@ -0,0 +1,30 @@
	1	From fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6 Mon Sep 17 00:00:00 2001
	2	From: "Dr. Stephen Henson" <steve@openssl.org>
	3	Date: Sat, 7 Jun 2014 15:21:13 +0100
	4	Subject: [PATCH 3/3] Make tls_session_secret_cb work with CVE-2014-0224 fix.
	5
	6	Upstream-Status: Backport
	7
	8	If application uses tls_session_secret_cb for session resumption
	9	set the CCS_OK flag.
	10
	11	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	12	---
	13	ssl/s3_clnt.c \| 1 +
	14	1 file changed, 1 insertion(+)
	15
	16	diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
	17	index 34efff8..cd43873 100644
	18	--- a/ssl/s3_clnt.c
	19	+++ b/ssl/s3_clnt.c
	20	@@ -1037,6 +1037,7 @@ int ssl3_get_server_hello(SSL *s)
	21	{
	22	s->session->cipher = pref_cipher ?
	23	pref_cipher : ssl_get_cipher_by_char(s, p+j);
	24	+ s->s3->flags \|= SSL3_FLAGS_CCS_OK;
	25	}
	26	}
	27	#endif /* OPENSSL_NO_TLSEXT */
	28	--
	29	1.7.10.4
	30