Richard Levitte
7ed20a2158
Merge of stuff from main trunk, all conflicts resolved.
2000-06-19 14:44:57 +00:00
Richard Levitte
86787f93d6
- merged in the latest from the main trunk, fixed all conflicts
...
- implemented nCipher support via the nfhwcrhk library (not well tested).
- make update + make depend
2000-06-13 16:21:06 +00:00
Richard Levitte
d44c7dcf00
Merge in code from main trunk to BRANCH_engine.
2000-06-08 11:00:37 +00:00
Richard Levitte
82271cee5b
In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
...
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order. Thusly fixed.
2000-05-02 12:16:01 +00:00
Bodo Möller
448e2f9ba7
Use correct function names in SSLerr macros.
2000-03-14 14:10:56 +00:00
Richard Levitte
fe10275da8
Let's not lie to the people.
2000-03-06 07:31:17 +00:00
Richard Levitte
1e7396beeb
Some time in history, SSL_CTX_sessions() disappeared. It is now
...
restored, but not as a macro this time...
2000-02-25 22:50:28 +00:00
Dr. Stephen Henson
fbb41ae0ad
Allow code which calls RSA temp key callback to cope
...
with a failure.
Fix typos in some error codes.
2000-02-25 00:23:48 +00:00
Ralf S. Engelschall
c6a33c6f61
Add missing prototypes for new functions
2000-02-24 10:48:36 +00:00
Richard Levitte
e6a58767c5
make update
2000-02-23 23:38:59 +00:00
Dr. Stephen Henson
3142c86d65
Allow ADH to be used but not present in the default cipher
...
list.
Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
2000-02-23 01:11:01 +00:00
Richard Levitte
d3442bc780
Move the registration of callback functions to special functions
...
designed for that. This removes the potential error to mix data and
function pointers.
Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases. I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
2000-02-20 23:43:02 +00:00
Bodo Möller
b35e9050f2
Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.
2000-02-20 23:04:06 +00:00
Dr. Stephen Henson
af57d84312
Rename SSLeay_add_all_algorithms() et al to
...
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Ulf Möller
9d1a01be8f
Source code cleanups: Use void * rather than char * in lhash,
...
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Bodo Möller
52732b38da
Some comments added, and slight code clean-ups.
2000-01-26 22:36:55 +00:00
Dr. Stephen Henson
dd9d233e2a
Tidy up CRYPTO_EX_DATA structures.
2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
018e57c74d
Apply Lutz Behnke's 56 bit cipher patch with a few
...
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Ulf Möller
731d9c5fb5
Some more ifdefs for no-xxx options.
2000-01-21 00:03:51 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Bodo Möller
c51ae173a6
Clean up some of the SSL server code.
2000-01-11 01:07:26 +00:00
Bodo Möller
ca03109c3a
New functions SSL_get_finished, SSL_get_peer_finished.
...
Add short state string for MS SGC.
2000-01-06 01:19:17 +00:00
Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca
Add part of chain verify SSL support code: not complete or doing anything
...
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Bodo Möller
4dd60b3b96
typo in a comment
1999-09-14 15:06:25 +00:00
Bodo Möller
de1915e48c
Fix horrible (and hard to track down) bug in ssl23_get_client_hello:
...
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
1999-08-18 17:14:42 +00:00
Bodo Möller
204cf1abb0
Comments.
1999-08-08 14:21:04 +00:00
Bodo Möller
5e63691972
add comments
1999-08-08 14:07:30 +00:00
Ulf Möller
8c197cc55e
VMS updates.
...
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-07-28 23:25:59 +00:00
Bodo Möller
74678cc2f8
Additional user data argument to pem_password_cb function type
...
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Bodo Möller
e105643595
New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is
...
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1999-07-02 13:55:32 +00:00
Bodo Möller
a14d1a03ec
Fix comments.
...
Submitted by: Anonymous
1999-06-28 12:14:06 +00:00
Bodo Möller
31b4896209
Comment adjusted to reality.
1999-06-14 15:48:04 +00:00
Ulf Möller
df63a389a5
"extern" is a C++ reserved word.
...
Pointed out by: Janez Jere <jj@void.si>
1999-06-09 16:33:18 +00:00
Ben Laurie
838d25a1ec
More safe stack.
1999-05-30 14:13:19 +00:00
Bodo Möller
673eadec2c
Additional, more descriptive error message for rejection of a session ID
...
because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).
1999-05-17 11:15:49 +00:00
Bodo Möller
3ae76679c7
Introduce and use function typedef pem_password_cb so that we don't call
...
those functions without having a parameter list declaration.
(There are various similar cases left ...)
1999-05-14 11:52:49 +00:00
Bodo Möller
b56bce4fc7
New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
...
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
1999-05-13 15:09:38 +00:00
Ulf Möller
7d7d2cbcb0
VMS support.
...
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Bodo Möller
fa2b248f23
Clarify comment.
...
Submitted by:
Reviewed by:
PR:
1999-05-11 14:26:14 +00:00
Bodo Möller
ff71222024
And I thought I could spell ... but in caps really everything looks the same.
...
Submitted by:
Reviewed by:
PR:
1999-05-11 07:54:38 +00:00
Bodo Möller
b31b04d951
Make SSL library a little more fool-proof by not requiring any longer
...
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
1999-05-11 07:43:16 +00:00
Bodo Möller
9d5cceac6f
No actual change, but the cert_st member of struct ssl_session_st is now
...
called sess_cert instead of just cert. This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
1999-05-09 21:22:45 +00:00
Bodo Möller
ca8e5b9b8a
Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying
...
pointers. The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
1999-05-09 20:12:44 +00:00
Bodo Möller
8d1157c71c
One comment was in the wrong line ... some others are new.
...
Submitted by:
Reviewed by:
PR:
1999-05-09 16:41:00 +00:00
Bodo Möller
8450bddfaf
Some tiny changes to the source code to make future diffs smaller
...
when restructuring the cert_st handling (removed unnused parts,
and the like).
Submitted by:
Reviewed by:
PR:
1999-05-09 15:45:38 +00:00
Bodo Möller
303c002898
Use "const char *" instead of "char *" for filenames passed to functions.
...
Submitted by:
Reviewed by:
PR:
1999-05-09 10:12:10 +00:00