Commit graph

23669 commits

Author SHA1 Message Date
Ben Laurie
eb90a483ad Add functions to add certs to stacks, used for CA file/path stuff in servers. 1999-02-28 17:41:55 +00:00
Ben Laurie
49bc262459 More truth in declarations. 1999-02-28 14:39:18 +00:00
Ben Laurie
b4f10a7e92 doxygen configuration file. 1999-02-28 12:42:50 +00:00
Ben Laurie
4f43d0e71f Experiment with doxygen documentation. 1999-02-28 12:41:50 +00:00
Ben Laurie
1efa9c33c0 Update dependencies. 1999-02-27 18:41:04 +00:00
Ralf S. Engelschall
74d7abc2ab Get rid of remaining C++-style comments which strict C compilers hate.
(Pointed out by Carlos Amengual).
1999-02-27 12:17:40 +00:00
Ralf S. Engelschall
c707fb2741 Ops, the logic of the second argument has to be coupled with the != test to
work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes
again fine.
1999-02-26 22:31:54 +00:00
Ralf S. Engelschall
aa2b6baf4f Use consistent and existing addresses 1999-02-26 21:44:17 +00:00
Dr. Stephen Henson
7283ecea22 BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For
now change it to BN_RECURSION_MONT so it isn't compiled in.
1999-02-26 01:37:34 +00:00
Ben Laurie
754048577b Perhaps if I do a tiny bit of docco, others may follow? 1999-02-25 17:39:04 +00:00
Ralf S. Engelschall
090db4f475 Remember one more wish from the users 1999-02-25 14:44:55 +00:00
Ralf S. Engelschall
15d21c2df4 Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
ea14a91f64 Move s_server -dcert and -dkey options out of the undocumented feature area
because they are useful for the DSA situation and should be recognized by the
users. Thanks to Steve for the original hint.
1999-02-25 11:26:26 +00:00
Ralf S. Engelschall
4b8f2ce648 Typo 1999-02-25 11:06:52 +00:00
Ralf S. Engelschall
90a52cecaf Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Ralf S. Engelschall
def9f43151 Fix 'port' variable from int' to unsigned int' in crypto/bio/b_sock.c
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:54:27 +00:00
Ralf S. Engelschall
8aef252bf4 Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
from `int' to `unsigned int' because it's a length and initialized by
EVP_DigestFinal() which expects an `unsigned int *'.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 10:47:24 +00:00
Ben Laurie
4f9b306ca7 Fix clearly untested "clever" hack. 1999-02-25 09:43:26 +00:00
Ralf S. Engelschall
74cc3698bd More CVS ignore stuff... 1999-02-25 09:06:30 +00:00
Ralf S. Engelschall
a4ed5532a8 Don't hard-code path to Perl interpreter on shebang line of Configure
script. Instead use the usual Shell->Perl transition trick.
1999-02-25 08:48:52 +00:00
Ralf S. Engelschall
1b3b0a54d1 Remember good pointers to Montgomery multiplication algorithm
descriptions as pointed out by Dave Carman <carman@erols.com>
1999-02-25 08:00:57 +00:00
Ralf S. Engelschall
7be304acdb Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
1999-02-24 17:17:31 +00:00
Dr. Stephen Henson
6b313a7365 Remove debugging fprintf from req.c and fix the code so it properly skips over
the first leading XXX. in the DN.
1999-02-24 00:14:21 +00:00
Ben Laurie
1745a3fb9f Code for reliable BIO. 1999-02-23 21:45:23 +00:00
Ben Laurie
55ab3bf7f9 Add reliable BIO. 1999-02-23 21:44:34 +00:00
Ben Laurie
15799403ad Fix more warnings. 1999-02-23 12:53:49 +00:00
Ralf S. Engelschall
3a1daca9ef Get rid of a nasty debugging message which was forgotten here... 1999-02-23 08:53:04 +00:00
Ralf S. Engelschall
f2f351ce9c Fix usage message on gendsa:
1. The dsaparam argument is mandatory and not optional
2. Add a little text what this actually is: a filename
1999-02-23 08:52:20 +00:00
Ralf S. Engelschall
04fa4cb721 Make gcc -Wall happy ("might be used uninitialized...") 1999-02-23 07:47:30 +00:00
Dr. Stephen Henson
a43aa73e3b Redo the way 'req' and 'ca' add objects: add support for oid_section. 1999-02-23 00:07:46 +00:00
Ben Laurie
0849d13811 Add syslogging BIO. 1999-02-22 21:21:08 +00:00
Dr. Stephen Henson
e527ba09a6 Various changes to make this stuff compile under Win32 and VC++ with and
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe
1999-02-22 01:26:40 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Ben Laurie
a040ea8251 Undo a couple of kludges. 1999-02-21 20:07:41 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Ben Laurie
abf87f79f7 Fix warning. 1999-02-21 20:01:39 +00:00
Dr. Stephen Henson
deff75b634 Add preliminary user level config documentation for extension stuff. Programming
info will come later...

Feel free to reformat and tidy this up...
1999-02-21 17:41:08 +00:00
Dr. Stephen Henson
0c8a1281d0 Make RSA_NO_PADDING really use no padding.
Submitted by: Ulf Moeller <ulf@fitug.de>
1999-02-21 17:39:07 +00:00
Ralf S. Engelschall
189b6a6062 Remember some open issues and available patches 1999-02-21 12:33:58 +00:00
Dr. Stephen Henson
aa066b9e6e Add more functionality to issuer alt name and subject alt name. New options
to include email addresses from DN and copy details from issuer certificate.
Include examples in openssl.cnf, update Win32 ordinals.
1999-02-21 01:46:45 +00:00
Ralf S. Engelschall
a67a9694f7 Ok, propose a release date of March 15th with a code freeze a few days before
so we have enough time for final testing and tarball rolling.
1999-02-20 16:50:53 +00:00
Ben Laurie
57c86f79bb Fix a warning. 1999-02-20 16:36:28 +00:00
Ben Laurie
4004dbb7f6 Generate errors when public/private key check is done. 1999-02-20 11:50:07 +00:00
Dr. Stephen Henson
c74f1eb9bd Preliminary support for reason code CRL extension. 1999-02-20 01:15:41 +00:00
Dr. Stephen Henson
ee5425d97d Patch so the new crl stuff actually compiles this time :-) Also update the
Win32 ordinals.
1999-02-19 02:26:21 +00:00
Dr. Stephen Henson
0ca5f8b15c Overhaul 'crl' application, add a proper X509_CRL_print function and start
to support CRL extensions.
1999-02-19 01:29:29 +00:00
Ben Laurie
6b056c414d Fix case of new functions in error files. 1999-02-18 18:26:42 +00:00
Dr. Stephen Henson
0be9747b39 Oops! Remeber to include the other patches this time... 1999-02-17 23:22:57 +00:00
Dr. Stephen Henson
3d8accc3ae Fuller authority key id support, partial support for private key usage extension
and really fix the ASN.1 IMPLICIT bug this time :-)
1999-02-17 23:21:01 +00:00
Ben Laurie
a49498969e Add OAEP. 1999-02-17 21:11:08 +00:00