Commit graph

1971 commits

Author SHA1 Message Date
Emilia Kasper
3101154481 DTLS: remove unused cookie field
Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-09 15:32:35 +02:00
Dr. Stephen Henson
e58c4d3cdd Don't try and parse boolean type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-06 15:14:55 +01:00
Andy Polyakov
45f1351821 Address Windows warnings in apps/.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-05 09:25:06 +02:00
Andy Polyakov
b13fdc4860 Explicitly cast INVALID_SOCKET to (int) to address warnings on Windows.
Even though SOCKET is effectively declared as (void *) on Windows, it's
not actually a pointer, but an index within per-process table of
kernel objects. The table size is actually limited and its upper limit
is far below upper limit for signed 32-bit integer. This is what makes
cast in question possible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-05 09:22:54 +02:00
Ben Laurie
19948ceab7 Display brief help if no options for list.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-30 13:55:56 +01:00
Andy Polyakov
db40a14ecb Fix -Wshadow warnings in mingw builds.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-29 18:05:55 +02:00
Alessandro Ghedini
fecd04e910 Print debug info for extended master secret extension
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 13:37:44 -04:00
Michal Bozon
5573ee3669 RT4053: Typo in error message
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-28 13:36:46 -04:00
Dr. Stephen Henson
d40a1f72b6 SRP memory leak fix
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-28 14:29:16 +01:00
Emilia Kasper
3a79618474 Silence Wconditional-uninitialized
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 15:28:16 +02:00
Alessandro Ghedini
c9c84a1391 GH408 follow-on: update buflen
Some builds break, as documented in:
  https://github.com/openssl/openssl/pull/408#issuecomment-142971427
This fixes it.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-25 20:22:27 -04:00
Matt Caswell
2b6bcb702d Add support for -no-CApath and -no-CAfile options
For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Vladimir Kotal
e7a68985d5 fix compilation on Solaris
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-24 11:25:25 -04:00
Rich Salz
1c9c243509 Restore the old interactive prompt.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-24 10:27:31 -04:00
Matt Caswell
d8249e99b9 Fix s_server DTLSv1_listen issues
Use sockaddr_storage not sockaddr for the client IP address to allow for
IPv6.
Also fixed a section of code which was conditional on OPENSSL_NO_DTLS1
which should not have been.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Matt Caswell
fd4e98ec84 Add support for DTLSv1_listen in s_server
DTLSv1_listen is a commonly used function within DTLS solutions for
listening for new incoming connections. This commit adds support to s_server
for using it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Rich Salz
18cd23df8a Remove "noise" comments from TS files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-22 00:40:31 -04:00
Matt Caswell
dfd6211ce3 Fix -srpvfile option in srp command line
The -srpvfile option was broken in the srp command line app. Using it would
always result in "-dbfile and -configfile cannot be specified together."
The error message is also wrong because the option is "-srpvfile" not
"-dbfile", so that has been fixed too.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-21 10:17:58 +01:00
Dr. Stephen Henson
4e7e623012 Make SRP work with -www
PR#3817

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-20 14:19:49 +01:00
Dr. Stephen Henson
37f3a3b327 make no-dh work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:55 +01:00
Richard Levitte
da9a22bb57 Finally, remove a possibly disabled feature
I have no clue why MD_GHOST94 was checked on, there is no
OPENSSL_NO_MD_GHOST94 in sight anywhere

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 01:57:57 +02:00
Richard Levitte
56c1ef0501 Add more features that may be disabled
Have a look at the directories in crypto/, I found reason to add
checks on CMAC and HMAC.  This might be completely irrelevant, but I
prefered covering too much than not enough.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 01:57:57 +02:00
Richard Levitte
2df84dd329 Add more features that may be disabled
A grep of OPENSSL_NO_ in the rest of the source tree revealed a few
more features to check.

NOTE: there are some of those macros that I ignore because a check of
them doesn't seem useful to external apps.  This might change later on.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 01:57:57 +02:00
Richard Levitte
66b14bab0a Add more features that may be disabled
After a grep of OPENSSL_NO_ in apps/*.c, a few more features that may
be interesting to check the availability of came up.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 01:57:57 +02:00
Richard Levitte
27dae1b04f Add more features that may be disabled
I've tried to make this list as complete as possible, based on
information found in apps/progs.pl.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 01:57:57 +02:00
Richard Levitte
d230bd1ddd Sort the disabled features alphabetically
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 01:57:57 +02:00
Richard Levitte
f5349f8ca5 Small typo
OPENSSL_NO_ECA changed to OPENSSL_NO_EC

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-20 00:46:44 +02:00
Dr. Stephen Henson
a760a3805b Print out a list of disabled features.
New option "openssl list -disabled" this lists a set of disabled features
in a form which can be conveniently parsed by the test framework so it
knows which tests to skip.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-19 05:57:19 +01:00
Rich Salz
568b80206a RT4033: Use OPENSSL_SYS_UNIX not "unix"
Real fix for RT 4033

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-17 12:05:14 -04:00
Dr. Stephen Henson
03706afa30 Use default field separator.
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-11 20:50:48 +01:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Rich Salz
4c7103a5ee Unwriteable directories are errors
Make the script and app match the documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-10 16:13:55 -04:00
Rich Salz
ff2f6bb084 Fix rehash/c_rehash doc and behavior.
Both now warn once if directory isn't writeable.
Both now warn on file-write errors (multiple times).
Update manpage to describe both program and script correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-08 15:13:57 -04:00
Ben Laurie
8c82de991b Fix uninit warning. Remove unnecessary casts. Nothing to add is an error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-08 05:46:38 +01:00
Rich Salz
5278dec375 add support for apple os/x
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-07 21:58:03 -04:00
Rich Salz
ce249fac57 GH391: Apple port
Also make internal functions consistently return values, and
add a comment documenting them.

Reviewed-by: Ben Laurie <ben@openssl.org>
2015-09-07 14:41:00 -04:00
Rich Salz
62fdf4ee6c fix build breakage on windows
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 21:39:26 -04:00
Rich Salz
9e0da06089 Fix typo, that broke build on non-unix
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 19:01:53 -04:00
Timo Teras
8f6f1441a3 Add rehash command to openssl
On Unix/Linux platforms, merge c_rehash script into openssl as a
C program.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 18:03:54 -04:00
Richard Levitte
496f4f9d6a Small fix: make istext static
This takes away a build failure in some cases.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 23:41:12 +02:00
Richard Levitte
5f62e044d3 Fix enc so it properly treats BASE64 as text
To set both the incoming and outgoing data when 'encrypting' or
'decrypting' to FORMAT_BASE64 wasn't quite the right thing to do.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 17:12:39 +02:00
Richard Levitte
a60994df34 Change the treatment of stdin and stdout to allow binary data
If the output to stdout or the input from stdin is meant to be binary,
it's deeply unsetting to get the occasional LF converted to CRLF or
the other way around.  If someone happens to forget to redirect stdin
or stdout, they will get gibberish anyway, line ending conversion will
not change that.

Therefore, let's not have dup_bio_* decide unilaterally what mode the
BIO derived from stdin and stdout, and rather let the app decide by
declaring the intended format.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 13:34:49 +02:00
Richard Levitte
a412b89198 dup_bio_* and bio_open_* are utility functions and belong in apps.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 13:34:48 +02:00
Richard Levitte
afc12d76f8 Have binary mode when the format is binary, not the other way around
Fixing a small mixup.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 01:35:54 +02:00
Richard Levitte
bdd58d9846 Change the way apps open their input and output files
The different apps had the liberty to decide whether they would open their
input and output files in binary mode or not, which could be confusing if
two different apps were handling the same type of file in different ways.

The solution is to centralise the decision of low level file organisation,
and that the apps would use a selection of formats to state the intent of
the file.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 01:35:54 +02:00
Richard Levitte
d303b9d85e Make the handling of output and input formats consistent
Most of all, we needed to sort out which ones are binary and which
ones are text, and make sure they are treated accordingly and
consistently so

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 01:29:36 +02:00
Dr. Stephen Henson
a8d8e06b0a Avoid direct X509 structure access
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 00:17:37 +01:00
Rich Salz
ca4a494cb7 Make TS structures opaque.
Most of the accessors existed and were already used so it was easy.
TS_VERIFY_CTX didn't have accessors/settors so I added the simple and
obvious ones, and changed the app to use them.  Also, within crypto/ts,
replaced the functions with direct access to the structure members
since we generally aren't opaque within a directory.

Also fix RT3901.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 17:49:20 -04:00
David Woodhouse
d35ff2c0ad RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 16:17:15 -04:00
Rich Salz
b0809bc8ff RT3998: Allow scrypt to be disabled
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available.  Mostly done by David Woodhouse.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-04 14:09:14 -04:00
Rich Salz
64b25758ed remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:26:34 -04:00
Dr. Stephen Henson
e3e571925c make X509_CRL opaque
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-02 21:26:17 +01:00
Adam Eijdenberg
fb029cebae RT3984: Fix clang compiler warning on Mac OS X where %ld is used for uint64_t.
clang suggests %llu instead, but it isn't clear that is portable on
all platforms.

C99 and above define a handy macro for us, so we try to use that
definition and fall back to current definition if needed (though we
switch to 'u' for unsigned).

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-01 20:18:46 +02:00
Emilia Kasper
08a721ac61 apps/speed.c: fix memory leak
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-01 20:01:55 +02:00
Dr. Stephen Henson
124055a96e make X509_REQ opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Dr. Stephen Henson
d8c054f2da Remove asn1-kludge option.
Remove asn1-kludge option from the req utility. It was a decade old
workaround for CAs and software which required an invalid encoding
of PKCS#10 certificate requests: omitting the attributes field even
though it is not OPTIONAL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Hubert Kario
ad775e04f6 GH350: -help text few s_client and s_server flags
add -help description of sigalgs, client_sigalgs, curves
and named_curve

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-26 17:43:20 -04:00
Alessandro Ghedini
b48357d995 GH371: Print debug info for ALPN extension
Also known as RT 4106
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-26 07:07:47 -04:00
Tim Hudson
dfba17b4f3 Restore previous behaviour of only running one algorithm when -evp alg is used.
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-17 22:20:06 +10:00
Tim Hudson
686e344918 restore usage of -elapsed that was disabled in the ifdef reorg
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-17 22:16:39 +10:00
Rich Salz
eb647452eb GH345: Remove stderr output
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-16 21:08:25 -04:00
Rich Salz
ade44dcb16 Remove Gost94 signature algorithm.
This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 18:23:29 -04:00
Rich Salz
fd682e4cdd GH365: Missing #ifdef rename.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:17:53 -04:00
Rich Salz
82c494276d Fix build break.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-08-10 12:00:23 -04:00
bluelineXY
ff4a9394a2 GH357: Update ocsp.c
Add Host Header in OCSP query if no host header is set via -header

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-08 18:18:03 -04:00
Matt Caswell
e77bdc7310 Fix SRTP s_client/s_server options
The -use_srtp s_client/s_server option is supposed to take a colon
separated string as an argument. In master this was incorrectly set to
expect a filename.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-04 19:20:11 +01:00
Ben Laurie
bb484020c3 Fix refactoring breakage.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 16:11:16 +01:00
Dr. Stephen Henson
5a168057bc don't reset return value to 0
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-02 14:28:50 +01:00
Ben Laurie
480405e4a9 Add -Wconditional-uninitialized to clang strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:45:44 +01:00
Rich Salz
740ceb5b0c Various doc fixes from GH pull requests
Thanks folks:
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 12:27:27 -04:00
Kai Engert
898ea7b855 RT3742: Add xmpp_server to s_client.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:19:45 -04:00
Adam Eijdenberg
be0c03618a RT3963: Allow OCSP stapling with -rev and -www
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:15:42 -04:00
Adam Eijdenberg
e46bcca25e RT3962: Check accept_count only if not unlimited
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:13:58 -04:00
Adam Eijdenberg
902c6b95a3 RT3961: Fix switch/case errors in flag parsing
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:11:55 -04:00
Rich Salz
5bb17d1b3c RT3639: Add -no_comp description to online help
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-07-29 16:58:55 -04:00
Rich Salz
0bc2f36555 Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-16 01:06:48 -04:00
Rich Salz
5b89036c41 Can't use -trusted with -CA{path,file}
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-14 07:46:20 -04:00
Richard Levitte
eeb97bce75 Remove extra '; \' in apps/Makefile
Fixes GH#330

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-13 15:48:57 +02:00
Peter Waltenberg
99dcd88035 Exit on error in ecparam
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-07-09 15:42:52 -04:00
Matt Caswell
7f3f41d816 Extend -show_chain option to verify to show more info
The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 21:57:12 +01:00
Matt Caswell
a64ba70dbb Add help text for some verify options
Fills in the help text for a number of options to verify that were blank.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 21:57:11 +01:00
Richard Levitte
f1cece554d Make "oneline" the default for nameopt
There's no reason why we should default to a output format that is
old, and confusing in some cases.

This affects the commands "ca", "crl", "req" and "x509".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 11:17:14 +02:00
Dr. Stephen Henson
13cbe5e711 missing break
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-25 12:55:56 +01:00
Rich Salz
4b8d8e2ad3 RT3682: Avoid double-free on OCSP parse error
Found by Kurt Cancemi.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23 08:12:01 -04:00
Rich Salz
3b061a00e3 RT2547: Tighten perms on generated privkey files
When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-06-15 18:26:56 -04:00
Tim Hudson
29eca1c0d5 Fix argument processing error from the option parsing change over.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-15 14:55:34 +10:00
Tim Hudson
e58ddf0af8 Fix argument processing error from the option parsing change over.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-15 11:36:32 +10:00
Emilia Kasper
a8e4ac6a2f Remove SSL_OP_TLS_BLOCK_PADDING_BUG
This is a workaround so old that nobody remembers what buggy clients
it was for. It's also been broken in stable branches for two years and
nobody noticed (see
https://boringssl-review.googlesource.com/#/c/1694/).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-10 13:55:11 +02:00
Richard Levitte
acaff3b797 When making libcrypto from apps or test, make sure to include engines
For librypto to be complete, the stuff in both crypto/ and engines/
have to be built.  Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-10 02:01:49 +02:00
Rich Salz
7768e116dc Use bio_err not stderr in apps.
Except for VMS startup code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-09 12:48:55 -04:00
Rodger Combs
65d3941f4a Increase buffer size for passwords in pkcs12 CLI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-06 22:24:01 -04:00
Rich Salz
9c3bcfa027 Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 12:40:24 -04:00
Rich Salz
366e2a60b2 RT832: Use REUSEADDR in ocsp responder
I also re-ordered some of #ifdef's.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 12:22:38 -04:00
Gunnar Kudrjavets
45d051c825 RT3848: Call SSL_COMP_free_compression_methods
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 11:53:12 -04:00
Dr. Stephen Henson
688c244685 fix warning
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-30 23:07:06 +01:00
Dr. Stephen Henson
2d4deb256f fix asn1parse -inform
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-29 12:09:25 +01:00
Richard Levitte
296f54ee21 Restore module loading
The module loading feature got broken a while ago, so restore it, but
have it a bit more explicit this time around.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-05-29 12:41:50 +02:00
Richard Levitte
2142519500 Fix double BIO_free in req
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-29 12:41:50 +02:00
Rich Salz
cc01d21756 RT3876: Only load config when needed
Create app_load_config(), a routine to load config file.  Remove the
"always load config" from the main app.  Change the places that used to
load config to call the new common routine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 17:28:33 -04:00
Dr. Stephen Henson
0ceb8b74f5 scrypt in pkcs8 util
Add support for PKCS#8 private key encryption using the scrypt algorithm
in the pkcs8 utility. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:26 +01:00