will not support EDH cipher suites). The parameters can either be loaded
from a file (via "-dh_file"), generated by the application on start-up
("-dh_special generate"), or be standard DH parameters (as used in
s_server, etc).
* Seal off some buffer functions so that only the higher-level IO functions
are exposed.
* Using the above change to buffer, add support to tunala for displaying
traffic totals when a tunnel closes. Useful in debugging and analysis -
you get to see the total encrypted traffic versus the total tunneled
traffic. This shows not only how much expansion your data suffers from
SSL (a lot if you send/receive a few bytes at a time), but also the
overhead of SSL handshaking relative to the payload sent through the
tunnel. This is controlled by the "-out_totals" switch to tunala.
* Fix and tweak some bits in the README.
Eg. sample output of "-out_totals" from a tunnel client when tunneling a brief
"telnet" session.
Tunnel closing, traffic stats follow
SSL (network) traffic to/from server; 7305 bytes in, 3475 bytes out
tunnelled data to/from server; 4295 bytes in, 186 bytes out
tunnel to not pro-actively close down when failing an SSL handshake.
* Change the cert-chain callback - originally this was the same one used in
s_client and s_server but the output's as ugly as sin, so I've prettied
tunala's copy output up a bit (and made the output level configurable).
* Remove the superfluous "errors" from the SSL state callback - these are just
non-blocking side-effects.
* A little bit of code-cleanup
* Reformat the usage string (not so wide)
* Allow adding an alternative (usually DSA) cert/key pair (a la s_server)
* Allow control over cert-chain verify depth
- Add "-cipher" and "-out_state" command line arguments to control SSL
cipher-suites and handshake debug output respectively.
- Implemented error handling for SSL handshakes that break down. This uses
a cheat - storing a non-NULL pointer as "app_data" in the SSL structure
when the SSL should be killed.
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
