Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.
Add option to pkcs8 utility.
Update docs.
(cherry picked from commit b60272b01f)
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
(cherry picked from commit 976c58302b)
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.
Add verify error code when building chain.
Update docs.
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d1d)
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file. However the value isn't used to generate the key, but it does
print it's generating such a key. The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.
We now read the config first and use the value from the config file when no size
is given.
PR: 2592
apps/pkcs12.c accepts -password as an argument. The document author
almost certainly meant to write "-password, -passin".
However, that is not correct, either. Actually the code treats
-password as equivalent to -passin, EXCEPT when -export is also
specified, in which case -password as equivalent to -passout.
