From 72a4178ca1ea7fb1fc6376b47ea7ea74661be4d3 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 25 Mar 2017 14:32:37 -0700
Subject: [PATCH 1/2] Advisory: openssl <0.9.0 may be vulnerable to MitM due to
 weak defaults

---
 crates/openssl/RUSTSEC-0000-0000.toml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 crates/openssl/RUSTSEC-0000-0000.toml

diff --git a/crates/openssl/RUSTSEC-0000-0000.toml b/crates/openssl/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..75a097c
--- /dev/null
+++ b/crates/openssl/RUSTSEC-0000-0000.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openssl"
+patched_versions = [">= 0.9.0"]
+date = "2016-11-05"
+url = "https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0"
+title = "SSL/TLS MitM vulnerability due to insecure defaults"
+description = """
+All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults
+including off-by-default certificate verification and no API to perform hostname
+verification.
+
+Unless configured correctly by a developer, these defaults could allow an attacker
+to perform man-in-the-middle attacks.
+
+The problem was addressed in newer versions by enabling certificate verification
+by default and exposing APIs to perform hostname verification. Use the
+`SslConnector` and `SslAcceptor` types to take advantage of these new features
+(as opposed to the lower-level `SslContext` type).
+"""

From 09e3a9eb76b8021ef0f4878ac2acd7c8cdd26d24 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 24 Jul 2018 10:48:20 -0700
Subject: [PATCH 2/2] Assign RUSTSEC-2016-0001 to openssl

Original PR:

https://github.com/RustSec/advisory-db/pull/19
---
 .../openssl/{RUSTSEC-0000-0000.toml => RUSTSEC-2016-0001.toml}  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename crates/openssl/{RUSTSEC-0000-0000.toml => RUSTSEC-2016-0001.toml} (97%)

diff --git a/crates/openssl/RUSTSEC-0000-0000.toml b/crates/openssl/RUSTSEC-2016-0001.toml
similarity index 97%
rename from crates/openssl/RUSTSEC-0000-0000.toml
rename to crates/openssl/RUSTSEC-2016-0001.toml
index 75a097c..ec509da 100644
--- a/crates/openssl/RUSTSEC-0000-0000.toml
+++ b/crates/openssl/RUSTSEC-2016-0001.toml
@@ -1,5 +1,5 @@
 [advisory]
-id = "RUSTSEC-0000-0000"
+id = "RUSTSEC-2016-0001"
 package = "openssl"
 patched_versions = [">= 0.9.0"]
 date = "2016-11-05"