Commit Graph

3301 Commits

Author SHA1 Message Date
Bodo Möller
ff055b5c89 honour '-no_tmp_rsa' 2001-02-20 12:59:48 +00:00
Richard Levitte
d8770f3ece Include string.h so mem* functions get properly declared. 2001-02-20 12:51:56 +00:00
Richard Levitte
4981372d03 Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS
get a chance to be defined.
2001-02-20 12:44:46 +00:00
Richard Levitte
3ebac273f5 Include string.h so mem* functions get properly declared. 2001-02-20 12:43:11 +00:00
Richard Levitte
5af18f65f4 Use 0 instead of NULL, at least for function casts, since there are
variants of stdio.h that define NULL in such a way that it's "unsafe"
to use for function pointer casting.
2001-02-20 12:40:42 +00:00
Bodo Möller
a9b34991d9 update 2001-02-20 11:36:02 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
f2bc668429 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:10:38 +00:00
Richard Levitte
8120813066 Use new-style system-id macros. 2001-02-20 07:43:22 +00:00
Richard Levitte
7242cd8f8f I'm sick of the warnings about long long... 2001-02-20 07:22:11 +00:00
Ulf Möller
12c2fe8d53 Use BN_rand_range(). 2001-02-20 00:43:59 +00:00
Ulf Möller
28143c66e1 Fix warning. 2001-02-20 00:43:03 +00:00
Ulf Möller
335c4f0966 BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. 2001-02-20 00:23:07 +00:00
Ulf Möller
5003a61b9f note OPENSSL_issetugid(). 2001-02-19 23:58:56 +00:00
Ulf Möller
7bd51947e5 Temporary fix for build break.
It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.
2001-02-19 23:42:09 +00:00
Richard Levitte
4901b41653 Make sure time() is properly declared. 2001-02-19 22:47:40 +00:00
Richard Levitte
74cd365b03 Use the new-style system-identity macros. 2001-02-19 22:04:02 +00:00
Richard Levitte
2affbab9fc I forgot to document the system identification macros 2001-02-19 16:15:13 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Richard Levitte
649c5a2b09 Remove temporary files when done. 2001-02-19 15:23:37 +00:00
Richard Levitte
07247321c6 make update 2001-02-19 14:00:38 +00:00
Richard Levitte
0c43540433 An obvious but hard-to-see cut'n'paste error corrected. 2001-02-19 13:57:40 +00:00
Dr. Stephen Henson
acba75c59d New -set_serial options to 'req' and 'x509'.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.

Fix typo in uid.c
2001-02-19 13:38:32 +00:00
Richard Levitte
267a1927eb Do not insert things in syms{} and kind{} when parsing the header
files.  Instead, insert proper information in the $def string, which
will be properly munged later on.
2001-02-19 13:33:04 +00:00
Richard Levitte
b0c8638650 Make the choice of "makedepend" program choosable through a switch. 2001-02-19 12:51:14 +00:00
Richard Levitte
b36c170d1b VMS follows suit. 2001-02-19 11:30:22 +00:00
Bodo Möller
934397ec66 Memory leak detection bugfixes for multi-threading. 2001-02-19 10:32:53 +00:00
Bodo Möller
0f8631495d Add uid.{c,o} 2001-02-19 10:31:04 +00:00
Richard Levitte
95ffe86dbc Perl code patch contributed by "Kurt J. Pires" <kjpires@iat.com>
His own words are:

The patch adds no new functionality (other than a simple test package)
to the libraries, but it allows them to be compiled with Perl5.6.0.
It has only been tested under "Red Hat Linux release 7.0 (Guinness)"
with the unpatched verion of OpenSSL 0.9.6 released last September.
2001-02-19 09:29:53 +00:00
Richard Levitte
87b79c3ef3 Make it possible to use gcc to generate the dependency tables. 2001-02-16 13:55:05 +00:00
Ulf Möller
52d160d85d ispell 2001-02-16 02:09:53 +00:00
Ulf Möller
54ff1e6ae5 pod format error 2001-02-16 01:44:24 +00:00
Dr. Stephen Henson
a6b7ffddac New options to 'ca' utility to support CRL entry extensions.
Add revelant new X509V3 extensions.

Add OIDs.

Fix ASN1 memory leak code to pop info if external allocation used.
2001-02-16 01:35:44 +00:00
Lutz Jänicke
f30d34f3a8 Move entry to match chronologic orderering. 2001-02-15 14:18:53 +00:00
Lutz Jänicke
84a2173797 Don't forget to mention minor change. 2001-02-15 10:35:56 +00:00
Lutz Jänicke
52b621db88 Add "-rand" option to s_client and s_server. 2001-02-15 10:22:07 +00:00
Ulf Möller
a6ed5dd674 That was misleading. The problem won't happen with 0.9.6a anyway. 2001-02-14 16:55:22 +00:00
Richard Levitte
1417f2dccb Include the newly reported problem with bc on FreeBSD 4.2. 2001-02-14 07:45:59 +00:00
Dr. Stephen Henson
f2e5ca84d4 Option to disable standard block padding with EVP API.
Add -nopad option to enc command.

Update docs.
2001-02-14 02:11:52 +00:00
Ulf Möller
36fafffae2 New function OPENSSL_issetugid(). Needs more work. 2001-02-14 01:35:44 +00:00
Dr. Stephen Henson
cdc7b8cc60 Initial OCSP SSL support. 2001-02-14 01:12:41 +00:00
Ulf Möller
720235eeec IRIX bugfix 2001-02-14 00:14:09 +00:00
Lutz Jänicke
8e495e4ac7 Finish first round of session cache documentation. 2001-02-13 14:00:09 +00:00
Richard Levitte
2afbd6fa08 Update of linux-ppc. Contributed by MATSUURA Takanori
<t-matsuu@protein.osaka-u.ac.jp>
2001-02-13 13:08:12 +00:00
Lutz Jänicke
f282ca7413 New manual page: SSL_CTX_set_mode. 2001-02-13 11:43:11 +00:00
Dr. Stephen Henson
67c1801924 New function OCSP_parse_url() and -url option for ocsp utility.
Doesn't handle SSL URLs yet.
2001-02-13 00:37:44 +00:00
Dr. Stephen Henson
46a58ab946 Modify OCSP nonce behaviour. 2001-02-12 23:28:45 +00:00
Dr. Stephen Henson
94fcd01349 Work around for libsafe "error". 2001-02-12 03:22:49 +00:00
Geoff Thorpe
9a04387362 Re-order a couple of static functions and "#if 0" out unused ones - this
gets rid of gcc warnings.
2001-02-12 02:30:19 +00:00
Geoff Thorpe
282d8b1c38 This change was a quick experiment that I'd wanted to try that works quite
well (and is a good demonstration of how encapsulating the SSL in a
memory-based state machine can make it easier to apply to different
situations).

The change implements a new command-line switch "-flipped <0|1>" which, if
set to 1, reverses the usual interpretation of a client and server for SSL
tunneling. Normally, an ssl client (ie. "-server 0") accepts "cleartext"
connections and conducts SSL/TLS over a proxied connection acting as an SSL
client. Likewise, an ssl server (ie. "-server 1") accepts connections and
conducts SSL/TLS (as an SSL server) over them and passes "cleartext" over
the proxied connection. With "-flipped 1", an SSL client (specified with
"-server 0") in fact accepts SSL connections and proxies clear, whereas an
SSL server ("-server 1") accepts clear and proxies SSL. NB: most of this
diff is command-line handling, the actual meat of the change is simply the
line or two that plugs "clean" and "dirty" file descriptors into the item
that holds the state-machine - reverse them and you get the desired
behaviour.

This allows a network server to be an SSL client, and a network client to
be an SSL server. Apart from curiosity value, there's a couple of possibly
interesting applications - SSL/TLS is inherently vulnerable to trivial DoS
attacks, because the SSL server usually has to perform a private key
operation first, even if the client is authenticated. With this scenario,
the network client is the SSL server and performs the first private key
operation, whereas the network server serves as the SSL client. Another
possible application is when client-only authentication is required (ie.
the underlying protocol handles (or doesn't care about) authenticating the
server). Eg. an SSL/TLS version of 'ssh' could be concocted where the
client's signed certificate is used to validate login to a server system -
whether or not the client needs to validate who the server is can be
configured at the client end rather than at the server end (ie. a complete
inversion of what happens in normal SSL/TLS).

NB: This is just an experiment/play-thing, using "-flipped 1" probably
creates something that is interoperable with exactly nothing. :-)
2001-02-12 02:28:29 +00:00