NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.
SSL_CTX_xxx defines. What was the reason to move them to the top, even before
the copyright and #ifdef HEADER_SSL_H? Hmmm... when there was and still is a
good reason feel free to reverse this patch, but please document why it is
needed this way.
consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.
Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).
For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.
The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.
Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the
original variable has to be used instead of the already masked variable.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.
Also changed ssleay.exe target to openssl.exe
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
1. merge various obsolete readme texts into doc/ssleay.txt
where we collect the old documents and readme texts.
2. remove the first part of files where I'm already sure that we no longer need
them because of three reasons: either they are just temporary files which
were left by Eric or they are preserved original files where I've verified
that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b"
or they were renamed (as it was definitely the case for the crypto/md/
stuff).
We've still a horrible mess under crypto/bn/asm/. There for a lot of files
I'm sure whether we need them or not. So, when someone knows it better, feel
free to cleanup there.
1. Add *lots* of missing prototypes for static ssl functions.
2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org
3. Add a few missing prototypes in pem.org
Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95.
Fix mkdef.pl so it doesn't truncate longer names.