gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from
being defined, and that breaks havock into the rest of the standard
headers... *sigh*
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
compression identity is already present among the registered
compression methods, and if so, reject the addition request.
Declare SSL_COMP_get_compression_method() so it can be used properly.
Change ssltest.c so it checks what compression methods are available
and enumerates them. As a side-effect, built-in compression methods
will be automagically loaded that way. Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.
Finally, make update.
Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
