Bodo Möller
b08b07b8ae
The previous revision should have generated _more_ warnings, not less ...
...
The return value of handshake_func is signed, not unsigned.
2000-02-25 15:32:36 +00:00
Geoff Thorpe
4621a00063
More VC++ pickiness. (destest.c doesn't have a "return" and the usual
...
signed/unsigned stuff in s3_pkt.c)
Submitted by:
Reviewed by:
PR:
2000-02-25 15:09:04 +00:00
Bodo Möller
3813046dc5
Add OpenSSL licen[cs]e.
2000-02-25 14:47:38 +00:00
Bodo Möller
e01eed0fae
Fix off-by-one error :-)
2000-02-25 14:40:11 +00:00
Bodo Möller
e5599db448
Fix warnings by using unsigned int where appropriate.
2000-02-25 14:27:31 +00:00
Ulf Möller
a3b17baf4e
signed/unsigned mismatch (VC++)
...
Submitted by: Peter 'Luna' Runestig" <peter+openssl-users@runestig.com>
2000-02-25 14:03:21 +00:00
Dr. Stephen Henson
fbb41ae0ad
Allow code which calls RSA temp key callback to cope
...
with a failure.
Fix typos in some error codes.
2000-02-25 00:23:48 +00:00
Richard Levitte
29a5374fb6
Remove structures that are no longer used.
2000-02-24 14:00:05 +00:00
Ulf Möller
4d524e10b4
nicer manpages
2000-02-24 11:55:57 +00:00
Ralf S. Engelschall
c6a33c6f61
Add missing prototypes for new functions
2000-02-24 10:48:36 +00:00
Ulf Möller
4c5fac4ac4
Fix NO_RSA (misplaced #endif).
2000-02-24 04:41:03 +00:00
Richard Levitte
e6a58767c5
make update
2000-02-23 23:38:59 +00:00
Dr. Stephen Henson
3142c86d65
Allow ADH to be used but not present in the default cipher
...
list.
Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
2000-02-23 01:11:01 +00:00
Dr. Stephen Henson
72b60351f1
Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for
...
the old functionality.
Various warning fixes.
Initial EVP symmetric cipher docs.
2000-02-22 02:59:26 +00:00
Bodo Möller
1b8a8088a5
Workarounds to make broken programs happy (such as s_client and s_server).
2000-02-21 17:46:20 +00:00
Bodo Möller
a2a0158959
Fix some bugs and document others
2000-02-21 17:09:54 +00:00
Bodo Möller
e7ecc7d4dd
Move ssl3_do_write from s3_pkt.c to s3_both.c.
2000-02-21 11:14:40 +00:00
Bodo Möller
745c70e565
Move MAC computations for Finished from ssl3_read_bytes into
...
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
2000-02-21 10:16:30 +00:00
Richard Levitte
d3442bc780
Move the registration of callback functions to special functions
...
designed for that. This removes the potential error to mix data and
function pointers.
Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases. I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
2000-02-20 23:43:02 +00:00
Bodo Möller
dab6f09573
Workaround for irrelevant problem.
2000-02-20 23:40:01 +00:00
Bodo Möller
45206340d3
ignore Client Hellos when we're in handshake anyway
2000-02-20 23:35:31 +00:00
Bodo Möller
b35e9050f2
Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.
2000-02-20 23:04:06 +00:00
Ben Laurie
c417db4675
Get rid of evil cast.
2000-02-17 09:39:22 +00:00
Dr. Stephen Henson
de469ef21e
Fix for Netscape "hang" bug.
2000-02-15 14:19:44 +00:00
Dr. Stephen Henson
af57d84312
Rename SSLeay_add_all_algorithms() et al to
...
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Bodo Möller
53002dc691
Report progress as in dsatest.c when creating a DHE key.
2000-02-04 11:21:18 +00:00
Bodo Möller
f50c049707
Use correct, not American spelling.
2000-02-04 00:56:09 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Dr. Stephen Henson
82fc1d9c28
Add new -notext option to 'ca', -pubkey option to spkac.
...
Remove some "WTF??" casts from applications.
Fixes to keep VC++ happy and avoid warnings.
Docs tidy.
2000-02-03 02:56:48 +00:00
Ulf Möller
51ca375e7e
Seek out and destroy another evil cast.
2000-01-30 23:33:40 +00:00
Ulf Möller
9d1a01be8f
Source code cleanups: Use void * rather than char * in lhash,
...
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Bodo Möller
a87030a1ed
Make DSA_generate_parameters, and fix a couple of bug
...
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Bodo Möller
52732b38da
Some comments added, and slight code clean-ups.
2000-01-26 22:36:55 +00:00
Bodo Möller
2557eaeac8
Avoid a race condition.
2000-01-24 17:57:56 +00:00
Dr. Stephen Henson
dd9d233e2a
Tidy up CRYPTO_EX_DATA structures.
2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
64287002ce
Minor patch: check only match @STRENGTH and remove eNULL
...
comment.
Add documentation for the ciphers command including a full
description of cipher lists.
2000-01-22 23:34:44 +00:00
Dr. Stephen Henson
018e57c74d
Apply Lutz Behnke's 56 bit cipher patch with a few
...
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Bodo Möller
af6f388180
Don't "goto err" in client_master_key because no such label exists;
...
just return -1 as in other error cases.
2000-01-21 11:20:22 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Ulf Möller
731d9c5fb5
Some more ifdefs for no-xxx options.
2000-01-21 00:03:51 +00:00
Richard Levitte
a9188d4e17
Compaq C 6.2 for VMS will complain when we want to convert
...
non-function pointers to function pointers and vice versa.
The current solution is to have unions that describe the
conversion we want to do, and gives us the ability to extract
the type of data we want.
The current solution is a quick fix, and can probably be made
in a more general or elegant way.
2000-01-18 09:30:51 +00:00
Richard Levitte
9c86df6a98
Prepare for a possible disabling of certain messages that DEC C spews out.
2000-01-17 00:58:09 +00:00
Richard Levitte
b058a08085
It doesn't make sense to try see if these variables are negative, since they're unsigned.
2000-01-17 00:49:52 +00:00
Bodo Möller
cef80e8c14
SSL_R_UNSUPPORTED_PROTOCOL (as in s23_clnt.c) for SSL 2 when
...
NO_SSL2 is defined, not SSL_R_UNKNOWN_PROTOCOL.
2000-01-16 21:29:57 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Bodo Möller
e1798f856d
In ssl3_read_n, set rwstate to SSL_NOTHING when the requested
...
number of bytes could be read.
2000-01-16 14:21:00 +00:00
Ulf Möller
b9d82f4735
RAND_seed
2000-01-16 12:21:22 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Bodo Möller
cc96f6b7a4
add check for internal error
2000-01-11 08:18:55 +00:00
Bodo Möller
3cc6cdea0f
The buffer in ss3_read_n cannot actually occur because it is never
...
called with max > n when extend is set.
2000-01-11 08:09:27 +00:00
Bodo Möller
c51ae173a6
Clean up some of the SSL server code.
2000-01-11 01:07:26 +00:00
Dr. Stephen Henson
25f923ddd1
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
...
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Ben Laurie
752d706aaf
Make NO_RSA compile with pedantic.
2000-01-08 21:06:24 +00:00
Bodo Möller
ca03109c3a
New functions SSL_get_finished, SSL_get_peer_finished.
...
Add short state string for MS SGC.
2000-01-06 01:19:17 +00:00
Bodo Möller
9fb617e252
Use less complicated arrangement for data strutures related to Finished
...
messages.
2000-01-06 00:41:22 +00:00
Bodo Möller
f2d9a32cf4
Use separate arrays for certificate verify and for finished hashes.
2000-01-06 00:24:24 +00:00
Bodo Möller
245206eadd
Use prototypes.
2000-01-05 23:31:47 +00:00
Bodo Möller
c44f754047
Slight code cleanup for handling finished labels.
2000-01-05 23:11:51 +00:00
Andy Polyakov
37b0d5d05d
Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least
...
passes 'make test' now:-)
2000-01-04 03:33:18 +00:00
Dr. Stephen Henson
3d14b9d04a
Add support for MS "fast SGC".
2000-01-02 18:52:58 +00:00
Bodo Möller
47134b7864
Don't request client certificate in anonymous ciphersuites
...
except when following the specs is bound to fail.
1999-12-29 17:43:03 +00:00
Bodo Möller
45fd4dbb84
Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
...
they can sometimes be different memory structures.
1999-12-29 14:29:32 +00:00
Bodo Möller
9535f8c165
Delete NO_PROTO section (which apparently was just a typo for NOPROTO --
...
if anyone had actually ever needed that they should have fixed this typo)
1999-12-29 14:27:35 +00:00
Bodo Möller
891e465607
fix comment
1999-12-29 14:25:35 +00:00
Dr. Stephen Henson
dd4134101f
Change the trust and purpose code so it doesn't need init
...
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca
Add part of chain verify SSL support code: not complete or doing anything
...
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Bodo Möller
1088e27ca8
Restore traditional SSL_get_session behaviour so that s_client and s_server
...
don't leak tons of memory.
1999-11-17 21:36:13 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Mark J. Cox
b7cfcfb7f8
This corrects the reference count handling in SSL_get_session.
...
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).
Submitted By: Geoff Thorpe <geoff@eu.c2.net>
1999-11-15 16:31:31 +00:00
Richard Levitte
c96ab5101a
Make sure installed files are world readable
1999-11-12 01:42:59 +00:00
Bodo Möller
798757762a
Improve support for running everything as a monolithic application.
...
Submitted by: Lennart Bång, Bodo Möller
1999-10-25 19:36:01 +00:00
Ulf Möller
de808df47b
Cosmetic changes.
1999-09-29 22:14:47 +00:00
Ben Laurie
ca7fea9656
Fix warnings.
1999-09-24 19:10:57 +00:00
Dr. Stephen Henson
1c80019a2c
Add new sign and verify members to RSA_METHOD and change SSL code to use sign
...
and verify rather than direct encrypt/decrypt.
1999-09-18 22:37:44 +00:00
Bodo Möller
0d3118bed3
Update dependencies.
1999-09-14 15:07:22 +00:00
Bodo Möller
4dd60b3b96
typo in a comment
1999-09-14 15:06:25 +00:00
Bodo Möller
ac7da00048
Set s->version correctly for "natural" SSL 3.0 client hello
1999-09-13 13:02:07 +00:00
Andy Polyakov
17f389bbbf
Initial support for MacOS.
...
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.
I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.
Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
1999-09-11 17:54:18 +00:00
Bodo Möller
5bdae1675c
Fix yet another bug for client hello handling.
1999-09-11 10:36:41 +00:00
Bodo Möller
cb0369d885
Repair another bug in s23_get_client_hello:
...
tls1 did not survive to restarts, so get rid of it.
1999-09-10 16:41:01 +00:00
Bodo Möller
6f7af1524e
Use non-copying BIO interface in ssltest.c.
1999-09-10 14:03:21 +00:00
Bodo Möller
396f631458
some more patches for avoiding problems with non-automatic variables
1999-09-08 21:58:13 +00:00
Bodo Möller
c1082a90bb
Non-copying interface to BIO pairs.
...
It's still totally untested ...
1999-09-07 21:37:09 +00:00
Bodo Möller
ba3a6e7262
use explicit constant 11 just once
1999-09-03 22:37:38 +00:00
Bodo Möller
f70df1b887
Make previous bugfix actually work
1999-09-03 16:49:11 +00:00
Bodo Möller
074309b7ee
Fix server behaviour when facing backwards-compatible client hellos.
1999-09-03 16:33:11 +00:00
Bodo Möller
77fa04a9bc
-no_dhe option for ssltest.c
1999-09-03 16:31:36 +00:00
Bodo Möller
de1915e48c
Fix horrible (and hard to track down) bug in ssl23_get_client_hello:
...
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
1999-08-18 17:14:42 +00:00
Bodo Möller
29159a42d2
BIO_write and BIO_read could, in theory, return -2.
1999-08-09 16:33:34 +00:00
Bodo Möller
385be6eb20
Provide fixed seed for parameter generation to speed up -dhe1024.
1999-08-09 12:59:10 +00:00
Bodo Möller
204cf1abb0
Comments.
1999-08-08 14:21:04 +00:00
Bodo Möller
5e63691972
add comments
1999-08-08 14:07:30 +00:00
Ralf S. Engelschall
b1816a0408
typo while I poke around...
1999-08-05 13:31:42 +00:00
Bodo Möller
48c843c367
New function DSA_dup_DH, and fixes for bugs that were found
...
while implementing and using it.
1999-08-05 11:50:18 +00:00
Bodo Möller
2b8e4959fb
generate error message
1999-08-02 21:41:46 +00:00
Bodo Möller
f3e67ac1bc
fix previous modification -- if ssl->cert is NULL, don't follow the pointer.
1999-08-02 20:09:23 +00:00
Bodo Möller
a63a3f58fd
The SSL_CTX's cert structure is not relevant for the SSL
...
(because now SSL_new makes a copy).
1999-08-02 18:40:36 +00:00
Bodo Möller
a40f6dce87
correct error signalling for opendir() failure
1999-07-30 10:43:34 +00:00
Ulf Möller
8c197cc55e
VMS updates.
...
Submitted by: Richard Levitte <levitte@stacken.kth.se>
1999-07-28 23:25:59 +00:00
Bodo Möller
74678cc2f8
Additional user data argument to pem_password_cb function type
...
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
1999-07-21 20:57:16 +00:00
Bodo Möller
7eea36bb48
cosmetic changes
1999-07-12 18:50:34 +00:00
Bodo Möller
5059658219
fix memory leak in s3_clnt.c
1999-07-12 17:15:42 +00:00
Bodo Möller
6b521df33c
Looks like another memory leak ...
1999-07-12 15:20:08 +00:00
Bodo Möller
777ab7e611
Fix memory checking.
1999-07-09 16:27:30 +00:00
Bodo Möller
11b1adadbd
typo
1999-07-02 17:52:21 +00:00
Bodo Möller
1afd8b3942
typo
1999-07-02 14:23:33 +00:00
Bodo Möller
e105643595
New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is
...
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1999-07-02 13:55:32 +00:00
Bodo Möller
a14d1a03ec
Fix comments.
...
Submitted by: Anonymous
1999-06-28 12:14:06 +00:00
Bodo Möller
9c729e0a6d
Memory leak checks.
1999-06-25 14:04:10 +00:00
Bodo Möller
d486601f41
Obsolete.
1999-06-14 15:52:31 +00:00
Bodo Möller
31b4896209
Comment adjusted to reality.
1999-06-14 15:48:04 +00:00
Bodo Möller
d7fcc7f6c6
Bugfix.
1999-06-12 11:07:52 +00:00
Bodo Möller
95d29597b7
BIO pairs.
1999-06-12 01:03:40 +00:00
Bodo Möller
d58d092bc9
Avoid warnings.
1999-06-10 16:29:32 +00:00
Ulf Möller
df63a389a5
"extern" is a C++ reserved word.
...
Pointed out by: Janez Jere <jj@void.si>
1999-06-09 16:33:18 +00:00
Bodo Möller
b1c4fe3625
Don't mix real tabs with tabs expanded as 8 spaces -- that's
...
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Bodo Möller
3a66e306e4
Comments added.
1999-06-07 12:49:47 +00:00
Ulf Möller
ca570cfdbc
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
...
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:54:13 +00:00
Ben Laurie
838d25a1ec
More safe stack.
1999-05-30 14:13:19 +00:00
Bodo Möller
bdc98ffba9
Don't use NULL-pointer :-/
1999-05-23 16:19:08 +00:00
Bodo Möller
1dfad80565
Comment about bug.
1999-05-23 13:15:35 +00:00
Bodo Möller
8876bc0548
Let ssl_get_prev_session reliably work in multi-threaded settings.
1999-05-23 13:07:03 +00:00
Bodo Möller
9a193d8825
Avoid memory hole when we don't like the session proposed by the client
1999-05-23 10:43:46 +00:00
Bodo Möller
470df4b905
We need e_os.h here.
1999-05-21 11:46:29 +00:00
Bodo Möller
7e70181723
It was a very bad idea to use #include "../e_os.h" -- when this occurs
...
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers. So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes. Argh.
1999-05-21 11:16:48 +00:00
Bodo Möller
17e3dd1c62
Don't install e_os.h in include/openssl, use it only as a local
...
include file.
1999-05-20 21:59:20 +00:00
Ulf Möller
1444ba8d78
NeXT doesn't have dirent.
...
Pointed out by Juergen Moellenhoff <jurgen@oic.de>
1999-05-20 17:58:42 +00:00
Bodo Möller
673eadec2c
Additional, more descriptive error message for rejection of a session ID
...
because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).
1999-05-17 11:15:49 +00:00
Dr. Stephen Henson
a74c55cd8f
Various Win32 fixes. Change args in do_ms.bat to put platform last. Fix
...
unsigned/signed cmp error in asn1parse. Change various pem_all.c args to
use pem_password_cb.
1999-05-15 20:33:15 +00:00
Bodo Möller
3398f6cc21
OPENSSL_EXTERN
1999-05-15 14:30:31 +00:00
Bodo Möller
7f0dae3276
OPENSSL_EXTERN, OPENSSL_GLOBAL
1999-05-15 14:23:29 +00:00
Bodo Möller
127640b449
Update dependencies.
1999-05-15 13:38:48 +00:00
Ben Laurie
531b2cf7e9
Get rid of the cast.
1999-05-15 11:54:21 +00:00
Bodo Möller
d3407350d8
Comment.
1999-05-15 10:40:02 +00:00
Bodo Möller
e2e3d5ce0c
A comment.
1999-05-15 00:00:28 +00:00
Bodo Möller
2a82c7cf25
Various bugfixes: Uses locking for some more of the stuff that is not
...
thread-safe (where thread-safe counterparts are not available on all
platforms), and don't memcpy to NULL-pointers
Submitted by: Anonymous
Reviewed by: Bodo Moeller
Also, clean up htons vs. ntohs confusions.
1999-05-14 12:40:39 +00:00
Bodo Möller
3ae76679c7
Introduce and use function typedef pem_password_cb so that we don't call
...
those functions without having a parameter list declaration.
(There are various similar cases left ...)
1999-05-14 11:52:49 +00:00
Ben Laurie
2adca9cdc6
Update dependencies.
1999-05-13 17:33:27 +00:00
Bodo Möller
224551f732
Some tiny clean-ups related to the cert_st / sess_cert_st change.
1999-05-13 15:27:45 +00:00
Bodo Möller
b56bce4fc7
New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
...
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
1999-05-13 15:09:38 +00:00
Ulf Möller
7d7d2cbcb0
VMS support.
...
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Bodo Möller
8d111f4a47
Spacing in comment corrected.
1999-05-13 10:36:29 +00:00
Bodo Möller
8a41eb70cc
First tiny changes in preparation of changing of "sess_cert" handling.
...
Also I've subsituted real tabs for 8-spaces sequences in some lines so that
things don't look that weird with a tab-width of 4.
1999-05-13 10:32:04 +00:00
Bodo Möller
fa2b248f23
Clarify comment.
...
Submitted by:
Reviewed by:
PR:
1999-05-11 14:26:14 +00:00
Bodo Möller
ff71222024
And I thought I could spell ... but in caps really everything looks the same.
...
Submitted by:
Reviewed by:
PR:
1999-05-11 07:54:38 +00:00
Bodo Möller
b31b04d951
Make SSL library a little more fool-proof by not requiring any longer
...
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
1999-05-11 07:43:16 +00:00
Bodo Möller
1c3e0a1976
Changed a comment.
...
Submitted by:
Reviewed by:
PR:
1999-05-10 15:10:11 +00:00
Bodo Möller
9d5cceac6f
No actual change, but the cert_st member of struct ssl_session_st is now
...
called sess_cert instead of just cert. This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
1999-05-09 21:22:45 +00:00
Bodo Möller
ca8e5b9b8a
Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying
...
pointers. The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
1999-05-09 20:12:44 +00:00
Bodo Möller
8d1157c71c
One comment was in the wrong line ... some others are new.
...
Submitted by:
Reviewed by:
PR:
1999-05-09 16:41:00 +00:00
Bodo Möller
8450bddfaf
Some tiny changes to the source code to make future diffs smaller
...
when restructuring the cert_st handling (removed unnused parts,
and the like).
Submitted by:
Reviewed by:
PR:
1999-05-09 15:45:38 +00:00
Bodo Möller
303c002898
Use "const char *" instead of "char *" for filenames passed to functions.
...
Submitted by:
Reviewed by:
PR:
1999-05-09 10:12:10 +00:00
Dr. Stephen Henson
a5ab0532ca
Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a
...
Win32 version of rename() ). There isn't a precise rename() equivalent under
Win95: the standard rename() complains if the destination already exists so
replaced with a combination of unlink() and MoveFile().
1999-05-08 22:46:51 +00:00
Ulf Möller
c2eb65ba7c
Remove unreachable return statements.
1999-05-05 22:06:44 +00:00
Ben Laurie
661b361b4b
Some more stack stuff.
1999-05-03 19:55:00 +00:00
Bodo Möller
8051996a5b
Annotate a bug.
...
Submitted by:
Reviewed by:
PR:
1999-05-02 04:03:22 +00:00
Bodo Möller
b3ca645f47
New function SSL_CTX_use_certificate_chain_file.
...
Submitted by:
Reviewed by:
PR:
1999-05-01 17:43:52 +00:00
Bodo Möller
7f89714e64
Support verify_depth from the SSL API without need for user-defined
...
callbacks.
Submitted by:
Reviewed by:
PR:
1999-05-01 03:20:40 +00:00
Bodo Möller
0fda2e3788
Add "static" to function definition
...
Submitted by: Anonymous
Reviewed by:
PR:
Submitted by:
Reviewed by:
PR:
1999-05-01 00:18:54 +00:00
Bodo Möller
4eb77b2679
New function SSL_CTX_set_session_id_context.
...
Submitted by:
Reviewed by:
PR:
1999-04-30 17:15:56 +00:00
Dr. Stephen Henson
801294f873
Fix a couple of cases where an attempt is made to lock an already locked
...
mutex.
1999-04-29 22:25:52 +00:00
Bodo Möller
e5f3045fbf
Support INSTALL_PREFIX for packagers.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c
Ignore Makefile.save
...
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
1314c344ac
Obey $(PERL) when running util/mklink.pl.
...
Submitted by:
Reviewed by:
PR:
1999-04-29 12:46:59 +00:00
Bodo Möller
6e6acfd4b9
Use util/mklink.pl instead of util/mklink.sh.
...
Submitted by:
Reviewed by:
PR:
1999-04-28 22:33:54 +00:00
Ulf Möller
61f217eec2
Undo.
1999-04-27 11:46:13 +00:00
Ulf Möller
d02f751ce1
Message digest stuff.
1999-04-27 04:18:53 +00:00
Ulf Möller
79df9d6272
New Configure option no-<cipher> (rsa, idea, rc5, ...).
1999-04-27 03:19:12 +00:00
Ulf Möller
281c52c054
Add missing DEPFLAG.
1999-04-27 01:41:57 +00:00
Ulf Möller
a9be3af5ad
Remove NOPROTO definitions and error code comments.
1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
c74b3a6037
Various header consistency fixes.
1999-04-25 16:38:52 +00:00
Bodo Möller
0b86eb3ea6
Fix header files so that any one can be included first.
...
Submitted by:
Reviewed by:
PR:
1999-04-24 18:50:40 +00:00
Dr. Stephen Henson
7393480047
Change the command line options of mkerr.pl so -static is now default and
...
a -write option is needed to actually change anything. Second attempt at
getting rid of ERR, ERRC definitions: it might even work this time :-)
1999-04-24 17:28:43 +00:00
Bodo Möller
c76b0f751f
Restore ERRC definitions that are needed to compile the library.
...
Submitted by:
Reviewed by:
PR:
Submitted by:
Reviewed by:
PR:
1999-04-24 15:57:02 +00:00
Dr. Stephen Henson
6e781e8e07
Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
...
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858
Complete rewrite of the error code generation script. It now runs as a single
...
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717
"make depend"
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9
Change #include filenames from <foo.h> to <openssl.h>.
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338
Work with -pedantic!
1999-04-23 15:01:15 +00:00
Bodo Möller
85f48f7e93
Don't return 0 from ssl2_read when a packet with empty payload is received.
...
Submitted by:
Reviewed by:
PR:
1999-04-22 14:28:38 +00:00
Bodo Möller
5cc146f344
Fixed some race conditions.
...
Submitted by:
Reviewed by:
PR:
1999-04-22 13:37:46 +00:00
Ben Laurie
4997138a06
Fix DES export ciphersuites.
1999-04-21 13:24:58 +00:00
Ben Laurie
e4aac1cb68
const correctness.
1999-04-19 23:43:11 +00:00
Ulf Möller
6b691a5c85
Change functions to ANSI C.
1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53
Massive constification.
1999-04-17 21:25:43 +00:00
Ben Laurie
c5db363e1b
Fix some warnings. Contributed by Anonymous.
1999-04-16 18:13:27 +00:00
Ben Laurie
abed0b8a1f
Add new experimental ciphersuites. Bring naming into line with RFC.
1999-04-15 18:52:13 +00:00
Ben Laurie
28db340142
Just use an ANSI declaration, instead.
1999-04-15 10:10:21 +00:00
Bodo Möller
9e7bd9b5fe
Make Windows compilers happy.
...
Submitted by:Tom Titchener
Reviewed by:
PR:
1999-04-14 21:43:02 +00:00
Ben Laurie
8f7de4f04c
Typo.
1999-04-14 11:13:47 +00:00
Ben Laurie
f73e07cf42
Add type-safe STACKs and SETs.
1999-04-12 17:23:57 +00:00
Bodo Möller
adbfb08354
Tiny comment to improve code comprehensibility.
...
Submitted by:
Reviewed by:
PR:
1999-04-09 07:12:17 +00:00
Ulf Möller
99aab1619f
New Makefile variables $(RANLIB) and $(PERL).
1999-04-01 12:34:33 +00:00
Bodo Möller
6d02d8e444
New option "-showcerts" for s_client
...
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
bc37a6b81c
Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation
...
kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12
code. It might compile under Win32 now ...
1999-03-29 22:18:54 +00:00
Ralf S. Engelschall
72e442a3a6
function names recently changed - consistency.
1999-03-22 15:50:34 +00:00
Ben Laurie
b4cadc6e13
Fix security hole.
1999-03-22 12:22:14 +00:00
Dr. Stephen Henson
199d59e5a1
Remove some references which called malloc and free instead of Malloc and Free.
1999-03-14 01:16:45 +00:00
Dr. Stephen Henson
bc420ac592
Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that
...
NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.
1999-03-12 01:43:28 +00:00
Ben Laurie
bc3482442a
Disable new TLS1 ciphersuites.
1999-03-06 15:21:02 +00:00
Ben Laurie
a49034aba9
Fix names of cert stack functions.
1999-03-06 14:49:11 +00:00
Ben Laurie
6242bb9c63
Put the dependencies back.
1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
63493c7b06
Move the SSL_CTX_xxx defines at the top of ssl.h to the location of other
...
SSL_CTX_xxx defines. What was the reason to move them to the top, even before
the copyright and #ifdef HEADER_SSL_H? Hmmm... when there was and still is a
good reason feel free to reverse this patch, but please document why it is
needed this way.
1999-03-06 14:24:54 +00:00
Ben Laurie
f415fa3243
Fix export ciphersuites, again.
1999-03-06 14:09:36 +00:00
Ralf S. Engelschall
bb8f3c5879
General source tree makefile cleanups: Made `making xxx in yyy...' display
...
consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
988788f697
Permit null ciphers.
1999-03-06 12:09:36 +00:00
Ralf S. Engelschall
a06c602e6f
Remove confusing variables in function signatures in files
...
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.
Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-03-04 07:54:01 +00:00
Dr. Stephen Henson
06c6849124
Fix the Win32 compile environment and add various changes so it will now compile
...
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
eb90a483ad
Add functions to add certs to stacks, used for CA file/path stuff in servers.
1999-02-28 17:41:55 +00:00
Ben Laurie
49bc262459
More truth in declarations.
1999-02-28 14:39:18 +00:00
Ben Laurie
4f43d0e71f
Experiment with doxygen documentation.
1999-02-28 12:41:50 +00:00
Ralf S. Engelschall
c707fb2741
Ops, the logic of the second argument has to be coupled with the != test to
...
work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes
again fine.
1999-02-26 22:31:54 +00:00
Ralf S. Engelschall
15d21c2df4
Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
...
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).
For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.
The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.
Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
90a52cecaf
Fix the cipher decision scheme for export ciphers: the export bits are *not*
...
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the
original variable has to be used instead of the already masked variable.
Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Dr. Stephen Henson
e527ba09a6
Various changes to make this stuff compile under Win32 and VC++ with and
...
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.
Also changed ssleay.exe target to openssl.exe
1999-02-22 01:26:40 +00:00
Ben Laurie
60e31c3a4b
More stuff for new TLS ciphersuites.
1999-02-21 21:58:59 +00:00
Ben Laurie
a040ea8251
Undo a couple of kludges.
1999-02-21 20:07:41 +00:00
Ben Laurie
06ab81f9f7
Add support for new TLS export ciphersuites.
1999-02-21 20:03:24 +00:00
Ben Laurie
4004dbb7f6
Generate errors when public/private key check is done.
1999-02-20 11:50:07 +00:00
Mark J. Cox
413c4f45ed
Updates to the new SSL compression code
...
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix so that the version number in the master secret, when passed
via RSA, checks that if TLS was proposed, but we roll back to SSLv3
(because the server will not accept higher), that the version number
is 0x03,0x01, not 0x03,0x00
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Dr. Stephen Henson
a8236c8c32
Fix various memory leaks in SSL, apps and DSA
1999-02-15 21:05:21 +00:00
Ben Laurie
436d318c80
In the absence of feedback either way, commit the fix that looks right for
...
wrong keylength with export null ciphers.
1999-02-13 12:39:50 +00:00
Ralf S. Engelschall
4a16967b45
Remove one more totally bogus source file.
...
This one is exactly the same as ssl_sess.c.
Thanks to Adam Goodman <adam@a-domain.com> for hint.
1999-02-10 12:44:27 +00:00
Ralf S. Engelschall
155d7a0e1d
First cut for a very conservative source tree cleanup:
...
1. merge various obsolete readme texts into doc/ssleay.txt
where we collect the old documents and readme texts.
2. remove the first part of files where I'm already sure that we no longer need
them because of three reasons: either they are just temporary files which
were left by Eric or they are preserved original files where I've verified
that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b"
or they were renamed (as it was definitely the case for the crypto/md/
stuff).
We've still a horrible mess under crypto/bn/asm/. There for a lot of files
I'm sure whether we need them or not. So, when someone knows it better, feel
free to cleanup there.
1999-02-10 08:26:08 +00:00
Ben Laurie
bf5dcd135f
More exactitude with function arguments.
1999-02-09 23:01:08 +00:00
Dr. Stephen Henson
9b3086fe38
Fix various stuff: that VC++ 5.0 chokes on:
...
1. Add *lots* of missing prototypes for static ssl functions.
2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org
3. Add a few missing prototypes in pem.org
Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95.
Fix mkdef.pl so it doesn't truncate longer names.
1999-01-31 17:30:18 +00:00
Dr. Stephen Henson
679ab7c39e
Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and
...
add x509v3.h to mkdef.pl list of include files.
1999-01-30 17:35:01 +00:00
Ben Laurie
59ff713462
Break circular dependency between pem and err.
1999-01-30 13:40:34 +00:00
Ben Laurie
6f93539970
This time, get it right.
1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc
Finally lay dependencies to rest (I hope!).
1999-01-19 21:36:31 +00:00
Dr. Stephen Henson
6c8abdd744
New err_code.pl script to retain old error codes. This should allow the use
...
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ben Laurie
f06b01eb62
More prototypes.
1999-01-16 17:56:00 +00:00
Ben Laurie
da10692aa2
More prototypes.
1999-01-16 17:49:12 +00:00
Ben Laurie
f7ba298480
More prototypes.
1999-01-16 17:40:04 +00:00
Ben Laurie
207ccf628d
More prototypes.
1999-01-16 17:28:15 +00:00
Ben Laurie
cd3916c40f
More prototypes.
1999-01-16 17:12:36 +00:00
Ben Laurie
1933485b60
Fix comment.
1999-01-10 19:41:33 +00:00
Ben Laurie
e03ddfae7e
Accept NULL in *_free.
1999-01-07 19:15:59 +00:00
Ben Laurie
6fa89f94c4
Fix DH key generation.
...
Contributed by: Anonymous <nobody@replay.com>
1999-01-07 00:37:01 +00:00
Ben Laurie
5b00115ab0
Fix export tests.
1999-01-06 23:18:08 +00:00
Ben Laurie
f8c3c05db9
Make the world a safer place (if people object to this kind of change, speak up
...
soon - I intend to do a lot of it!).
1999-01-06 22:53:34 +00:00
Ralf S. Engelschall
f7ceceb518
Remove more old temporary files from CVS
1998-12-31 21:51:27 +00:00
Ralf S. Engelschall
9cb0969f65
Fix version stuff:
...
1. The already released version was 0.9.1c and not 0.9.1b
2. The next release should be 0.9.2 and not 0.9.1d, because
first the changes are already too large, second we should avoid any more
0.9.1x confusions and third, the Apache version semantics of
VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
.2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
1998-12-31 09:36:40 +00:00
Ralf S. Engelschall
320a14cb5b
*** empty log message ***
1998-12-23 12:09:47 +00:00
Ralf S. Engelschall
5f32680329
Switch version string to SSLeay/OpenSSL
1998-12-23 07:53:55 +00:00
Ralf S. Engelschall
13e91dd365
Incorporation of RSEs assembled patches
1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
651d0aff98
Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00