From f0fb64db28ace7075db176b71c43c5612863cb71 Mon Sep 17 00:00:00 2001
From: Tomáš Mráz <tmraz@fedoraproject.org>
Date: Nov 23 2006 20:38:24 +0000
Subject: - make X509_NAME_cmp transitive otherwise certificate lookup is broken

    (#216050)
- Resolves: rhbz#216050

---

diff --git a/openssl-0.9.8b-x509-name-cmp.patch b/openssl-0.9.8b-x509-name-cmp.patch
new file mode 100644
index 0000000..b10f6e0
--- /dev/null
+++ b/openssl-0.9.8b-x509-name-cmp.patch
@@ -0,0 +1,21 @@
+Make X509_NAME_cmp transitive.
+--- openssl-0.9.8b/crypto/x509/x509_cmp.c.name-cmp	2004-12-01 02:45:30.000000000 +0100
++++ openssl-0.9.8b/crypto/x509/x509_cmp.c	2006-11-23 21:21:40.000000000 +0100
+@@ -287,7 +287,16 @@
+ 			nbbit = ASN1_tag2bit(nb->value->type);
+ 			if (!(nabit & STR_TYPE_CMP) ||
+ 				!(nbbit & STR_TYPE_CMP))
+-				return j;
++				{
++				if (!(nabit & STR_TYPE_CMP) &&
++					(nbbit & STR_TYPE_CMP))
++					return -1;
++				else if ((nabit & STR_TYPE_CMP) &&
++					!(nbbit & STR_TYPE_CMP))
++					return 1;
++				else
++					return j;
++				}
+ 			j = asn1_string_memcmp(na->value, nb->value);
+ 			}
+ 		else if (na->value->type == V_ASN1_PRINTABLESTRING)
diff --git a/openssl.spec b/openssl.spec
index a8f9284..1eb1e5f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: The OpenSSL toolkit
 Name: openssl
 Version: 0.9.8b
-Release: 9%{?dist}
+Release: 10%{?dist}
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -61,6 +61,7 @@ Patch58: openssl-0.9.8b-cve-2006-2940.patch
 Patch59: openssl-0.9.8b-cve-2006-3738.patch
 Patch60: openssl-0.9.8b-cve-2006-4343.patch
 Patch61: openssl-0.9.8b-aliasing-bug.patch
+Patch62: openssl-0.9.8b-x509-name-cmp.patch
 
 License: BSDish
 Group: System Environment/Libraries
@@ -131,6 +132,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch59 -p0 -b .shared-ciphers
 %patch60 -p0 -b .client-dos
 %patch61 -p1 -b .aliasing-bug
+%patch62 -p1 -b .name-cmp
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -365,6 +367,10 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
 %postun -p /sbin/ldconfig
 
 %changelog
+* Thu Nov 23 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-10
+- make X509_NAME_cmp transitive otherwise certificate lookup
+  is broken (#216050)
+
 * Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-9
 - aliasing bug in engine loading, patch by IBM (#213216)