Commit graph

70 commits

Author SHA1 Message Date
Dr. Stephen Henson
821bee4333 New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 3881d8106d)

Conflicts:
	util/mkdef.pl
2014-11-19 22:57:51 +00:00
Matt Caswell
d9d09a8d0f Fix SRTP compile issues for windows
Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:51:50 -04:00
Dr. Stephen Henson
36e8c39899 Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961c4)

Conflicts:

	ssl/Makefile
	util/mkdef.pl
2014-07-24 19:43:25 +01:00
Dr. Stephen Henson
285d9189c7 PR: 2652
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

OpenVMS fixes.
2012-01-05 14:30:08 +00:00
Dr. Stephen Henson
2d4c9ab518 delete unimplemented function from header file, update ordinals 2011-12-23 14:10:35 +00:00
Dr. Stephen Henson
50771f7ce3 update ordinals 2011-12-22 16:10:04 +00:00
Dr. Stephen Henson
7e0fd45ce3 update ordinals 2011-11-21 22:56:33 +00:00
Dr. Stephen Henson
d7fc9ffc51 Update ordinals. 2011-05-11 23:03:06 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable)
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
2011-03-23 00:06:04 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
3081e2ca73 update ordinals 2010-08-26 14:25:53 +00:00
Dr. Stephen Henson
a2da5c7daa Make update. 2009-07-08 09:13:24 +00:00
Dr. Stephen Henson
0416482605 Make update. 2009-04-13 11:40:00 +00:00
Dr. Stephen Henson
463f448595 Win32 build fixes. 2009-03-31 22:04:25 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
9ab89286a2 Sync ordinals with stable branch. 2008-06-05 11:10:49 +00:00
Dr. Stephen Henson
09a6e19431 Update ordinals. 2008-06-04 11:52:36 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
525de5d335 OPENSSL_NO_TLS1 WIN32 build support. Fix so normal build works again. 2007-08-12 23:59:05 +00:00
Dr. Stephen Henson
0d7dba92c8 WIN32 VC++ build fixes. 2007-07-18 17:40:49 +00:00
Dr. Stephen Henson
a6e700e665 Import ordinals from 0.9.8 and update. 2006-11-30 13:47:22 +00:00
Dr. Stephen Henson
c20276e4ae Fix (most) WIN32 warnings and errors. 2006-04-17 12:08:22 +00:00
Nils Larsch
561d93aa00 make update 2006-03-10 23:08:31 +00:00
Ulf Möller
3b408d83fe make update 2006-02-12 23:21:56 +00:00
Bodo Möller
ee2262b8d7 rebuild (starting with state from 0.9.7-stable branch) to avoid clutter 2005-05-09 00:22:02 +00:00
Bodo Möller
0d5ea7613e make update 2005-04-26 18:09:21 +00:00
Richard Levitte
5545607c4f make update
(incidently, this also tells VMS that there exists a new symbol in the
SSL library)
2004-07-12 11:25:48 +00:00
Richard Levitte
f2bfbcef76 make update 2004-05-25 09:41:00 +00:00
Richard Levitte
0020502a07 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
the symbol name).
2004-03-25 21:32:30 +00:00
Geoff Thorpe
66b82f5aad make update 2003-10-28 22:10:47 +00:00
Richard Levitte
4d1c443123 make update 2003-10-06 12:22:42 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00
Dr. Stephen Henson
ce06265a37 make update 2003-03-20 14:21:36 +00:00
Bodo Möller
0e9035ac98 SSL_add_dir_cert_subjects_to_stack now exists for WIN32 2003-02-05 16:40:29 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Richard Levitte
025c7737b2 make update 2001-10-24 15:32:14 +00:00
Bodo Möller
6b0e9facf4 New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
2001-09-20 22:54:09 +00:00
Bodo Möller
b6d0054a52 Get rid of junk (deleted/renamed function) by rebuilding
based on 0.9.6 tree.
2001-09-14 09:31:07 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Richard Levitte
b01ab14338 make update
Note that since some private kssl functions were exported, the
simplest way to rebuild the number table was to toss everything that
was new since OpenSSL 0.9.6b.  This is safe, since those functions
have not yet been exported in an OpenSSL release.  Beware, people who
trust intermediary snapshots!
2001-07-11 21:15:03 +00:00
Richard Levitte
567671e291 make update 2001-07-10 21:00:37 +00:00
Richard Levitte
c454dbcd32 Sort platforms lexicographically as well. Also, support more than two
variants of a symbol.
2001-03-02 12:14:54 +00:00
Richard Levitte
62dc5aad06 Introduce the possibility to access global variables through
functions on platform were that's the best way to handle exporting
global variables in shared libraries.  To enable this functionality,
one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
"OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
is normally done by Configure or something similar).

To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
in the source file (foo.c) like this:

	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
	OPENSSL_IMPLEMENT_GLOBAL(double,bar);

To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:

	OPENSSL_DECLARE_GLOBAL(int,foo);
	#define foo OPENSSL_GLOBAL_REF(foo)
	OPENSSL_DECLARE_GLOBAL(double,bar);
	#define bar OPENSSL_GLOBAL_REF(bar)

The #defines are very important, and therefore so is including the
header file everywere where the defined globals are used.

The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
of ASN.1 items, but that structure is a bt different.

The largest change is in util/mkdef.pl which has been enhanced with
better and easier to understand logic to choose which symbols should
go into the Windows .def files as well as a number of fixes and code
cleanup (among others, algorithm keywords are now sorted
lexicographically to avoid constant rewrites).
2001-03-02 10:38:19 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Geoff Thorpe
dc644fe229 This change allows a callback to be used to override the generation of
SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
arbitrary value chosen by the server. It can be useful to have some control
over this "arbitrary value" so as to choose it in ways that can aid in
things like external session caching and balancing (eg. clustering). The
default session ID generation is to fill the ID with random data.

The callback used by default is built in to ssl_sess.c, but registering a
callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL
callbacks will override SSL_CTX callbacks, and a new SSL structure inherits
any callback set in its 'parent' SSL_CTX. The header comments describe how
this mechanism ticks, and source code comments describe (hopefully) why it
ticks the way it does.

Man pages are on the way ...

[NB: Lutz was also hacking away and helping me to figure out how best to do
this.]
2001-02-21 18:06:26 +00:00
Richard Levitte
941181ec0f 'make update' 2001-02-21 14:12:50 +00:00
Richard Levitte
701adceb12 "make update" plus a rewrite of both .num files. 2000-12-29 00:19:12 +00:00
Richard Levitte
4d0c6b2936 I started with a make update, but a rewrite was actually needed.
Perhaps we should make rewrites the default thing to do?
2000-09-11 11:45:02 +00:00
Richard Levitte
724f9694a6 *.num rewitten to include the extra information. 2000-09-07 08:44:13 +00:00