新增readme内容

官方漏洞列表

https://www.openssl.org/news/vulnerabilities.html

openssl-1.0.2u受影响的漏洞列表

--------2022--------
CVE-2022-1292 (OpenSSL advisory) [Moderate severity] 03 May 2022: 
Fixed in OpenSSL 1.0.2ze (git commit) (Affected 1.0.2-1.0.2zd)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/9

CVE-2022-0778 (OpenSSL advisory) [High severity] 15 March 2022: 
Fixed in OpenSSL 1.0.2zd (git commit) (Affected 1.0.2-1.0.2zc)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/7

CVE-2021-4160 (OpenSSL advisory) [Moderate severity] 28 January 2022: 
Fixed in OpenSSL 1.0.2zc-dev (git commit) (Affected 1.0.2-1.0.2zb)
当前未修复原因： 代码存在差异，避免非必要异常（而且漏洞仅影响MIPS平台，正常的x86架构不受影响）

--------2021--------
CVE-2021-3712 (OpenSSL advisory) [Moderate severity] 24 August 2021: 
Fixed in OpenSSL 1.0.2za (git commit) (Affected 1.0.2-1.0.2y)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/6

CVE-2021-23841 (OpenSSL advisory) [Moderate severity] 16 February 2021: 
Fixed in OpenSSL 1.0.2y (git commit) (Affected 1.0.2-1.0.2x)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/5

CVE-2021-23840 (OpenSSL advisory) [Low severity] 16 February 2021: 
Fixed in OpenSSL 1.0.2y (git commit) (Affected 1.0.2-1.0.2x)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/4

CVE-2021-23839 (OpenSSL advisory) [Low severity] 16 February 2021: 
Fixed in OpenSSL 1.0.2y (git commit) (Affected 1.0.2s-1.0.2x)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/3


--------2020--------
CVE-2020-1971 (OpenSSL advisory) [High severity] 08 December 2020:
Fixed in OpenSSL 1.0.2x (git commit) (Affected 1.0.2-1.0.2w)
本仓库已修复： https://github.com/fdl66/openssl-1.0.2u-fix-cve/pull/2

CVE-2020-1968 (OpenSSL advisory) [Low severity] 09 September 2020:
Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v)
当前未修复原因： 官方无漏洞修复代码，且为低危漏洞

常用编译命令

./config shared make -j4

openssl的rpm包如何制作

待续

下面是官方原来的readme内容

OpenSSL 1.0.2u 20 Dec 2019

Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved.

DESCRIPTION

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptograpic library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the OpenSSL license plus the SSLeay license), which means that you are free to get and use it for commercial and non-commercial purposes as long as you fulfill the conditions of both licenses.

OVERVIEW

The OpenSSL toolkit includes:

libssl.a: Provides the client and server-side implementations for SSLv3 and TLS.

libcrypto.a: Provides general cryptographic and X.509 support needed by SSL/TLS but not logically part of it.

openssl: A command line tool that can be used for: Creation of key parameters Creation of X.509 certificates, CSRs and CRLs Calculation of message digests Encryption and decryption SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail And more...

INSTALLATION

See the appropriate file: INSTALL Linux, Unix, etc. INSTALL.DJGPP DOS platform with DJGPP INSTALL.NW Netware INSTALL.OS2 OS/2 INSTALL.VMS VMS INSTALL.W32 Windows (32bit) INSTALL.W64 Windows (64bit) INSTALL.WCE Windows CE

SUPPORT

See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support.

If you have any problems with OpenSSL then please take the following steps first:

- Download the latest version from the repository
  to see if the problem has already been addressed
- Configure with no-asm
- Remove compiler optimisation flags

If you wish to report a bug then please include the following information and create an issue on GitHub:

- On Unix systems:
    Self-test report generated by 'make report'
- On other systems:
    OpenSSL version: output of 'openssl version -a'
    OS Name, Version, Hardware platform
    Compiler Details (name, version)
- Application Details (name, version)
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)

Just because something doesn't work the way you expect does not mean it is necessarily a bug in OpenSSL.

HOW TO CONTRIBUTE TO OpenSSL

See CONTRIBUTING

LEGALITIES

A number of nations restrict the use or export of cryptography. If you are potentially subject to such restrictions you should seek competent professional legal advice before attempting to develop or distribute cryptographic code.