Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs.
This commit is contained in:
Dr. Stephen Henson
parent
9eeb779e8f
commit
bc06baca76
3 changed files with 22 additions and 6 deletions
5
CHANGES
5
CHANGES
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
|
||||
|
||||
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
|
||||
common in certificates and some applications which only call
|
||||
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
|
||||
[Steve Henson]
|
||||
|
||||
*) VMS fixes:
|
||||
Reduce copying into .apps and .test in makevms.com
|
||||
Don't try to use blank CA certificate in CA.com
|
||||
|
|
|
|||
|
|
@ -26,25 +26,28 @@ SSL_library_init() must be called before any other action takes place.
|
|||
|
||||
=head1 WARNING
|
||||
|
||||
SSL_library_init() mainly adds ciphers and digests used directly by SSL/TLS.
|
||||
In some cases this is not sufficient and errors about unknown algorithms
|
||||
will occur: for example when an attempt is made to use a certificate using
|
||||
SHA256. This can be resolved by also calling OpenSSL_add_all_algorithms().
|
||||
SSL_library_init() adds ciphers and digests used directly and indirectly by
|
||||
SSL/TLS.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
A typical TLS/SSL application will start with the library initialization,
|
||||
will provide readable error messages and will seed the PRNG.
|
||||
and provide readable error messages.
|
||||
|
||||
SSL_load_error_strings(); /* readable error messages */
|
||||
SSL_library_init(); /* initialize library */
|
||||
actions_to_seed_PRNG();
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_library_init() always returns "1", so it is safe to discard the return
|
||||
value.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
|
||||
Applications which need to use SHA2 in earlier versions of OpenSSL should call
|
||||
OpenSSL_add_all_algorithms() as well.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
|
||||
|
|
|
|||
|
|
@ -102,6 +102,14 @@ int SSL_library_init(void)
|
|||
EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
|
||||
EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA256
|
||||
EVP_add_digest(EVP_sha224());
|
||||
EVP_add_digest(EVP_sha256());
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SHA512
|
||||
EVP_add_digest(EVP_sha384());
|
||||
EVP_add_digest(EVP_sha512());
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
|
||||
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
|
||||
EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
|
||||
|
|
|
|||
Loading…
Reference in a new issue