Commit graph

661 commits

Author SHA1 Message Date
Richard Levitte
b476df64a1 make update
perl util/mkerr.pl -recurse -write -rebuild
2001-11-15 12:25:14 +00:00
Richard Levitte
817dfc18a3 Change the order of events so the capabilities of loaded engines can
get listed as well.
2001-11-14 22:30:17 +00:00
Richard Levitte
135c0af1bb Implement STARTTLS for certain protocols, currently only supporting SMTP. 2001-11-14 13:57:52 +00:00
Bodo Möller
29e0c30c2a more output for SSL 2.0 in our msg_callback 2001-11-10 01:17:02 +00:00
Dr. Stephen Henson
b83eddc578 Win32 fixes. 2001-11-06 13:40:27 +00:00
Dr. Stephen Henson
6229a5607c Fix email address delete code. 2001-11-06 01:44:21 +00:00
Richard Levitte
f559f31bef DOS and Windows do not like unistd.h 2001-11-05 12:43:17 +00:00
Ben Laurie
3210b4fd14 If verify fails, say why. 2001-11-02 13:29:14 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Dr. Stephen Henson
9b55da73ca Another noemailDN fix. 2001-10-27 17:53:06 +00:00
Dr. Stephen Henson
e7156ff2e8 Allow ca to certify requests containing BMPStrings and UTF8Strings. 2001-10-27 17:04:47 +00:00
Dr. Stephen Henson
437db75b94 Bugfixes for noemailDN option. Make it use the
correct name (instead of NULL) if nomailDN is
not set, fix memory leaks and retain DN structure
when deleting emailAddress.
2001-10-27 17:03:20 +00:00
Dr. Stephen Henson
1fc6d41bf6 New options to allow req to accept UTF8 strings as input. 2001-10-26 12:40:38 +00:00
Richard Levitte
66d3e7481e Make sure openssl speed is compilable on systems where fork() doesn't
exist.  For now, that's all the ones we "support" except Unix.
2001-10-25 16:08:17 +00:00
Ben Laurie
0e21156333 Add paralellism to speed - note that this currently causes a weird memory leak. 2001-10-25 14:27:17 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
2001-10-25 08:25:19 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Dr. Stephen Henson
6ca487992b Stop spurious "unable to load config info" errors in req 2001-10-21 01:05:53 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Lutz Jänicke
41ebed27fa Flush buffers to prevent mixed output (Adam Back <adam@cypherspace.org>). 2001-10-16 14:24:46 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Richard Levitte
dd5e774664 Add support for md4WithRSAEncryption. 2001-10-10 21:37:45 +00:00
Richard Levitte
712557128b 'make update' 2001-10-10 08:27:52 +00:00
Richard Levitte
b30245dae0 'make update' 2001-10-10 07:56:20 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Richard Levitte
3d90a32429 sch isn't an array, how did this pass through gcc? 2001-10-02 11:49:55 +00:00
Geoff Thorpe
4ba163cbf9 Make "openssl engine -c" list any supported digests as well as supported
ciphers.
2001-10-01 15:41:31 +00:00
Richard Levitte
a4a8f7b3ef Change HZ in speed to rely on sysconf() if the clock tick is available
that way.  Synchronise s_time with these changes.
2001-09-28 10:34:48 +00:00
Geoff Thorpe
34c66925aa ENGINE_register_all_complete() will register all implementations of all
algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)

This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
   -engine auto
2001-09-28 02:25:14 +00:00
Richard Levitte
7876e4488f Stop thinking arguments starting with - are algorithm identifiers.
Show timing parameters and timing functions used.
It looks like some Linuxen have very weird settings for CLK_TCK.  I'm
very unsure about this change and will investigate further.
2001-09-27 15:43:55 +00:00
Geoff Thorpe
0b4b9a11f5 Put the cipher info back into the "openssl engine" command. 2001-09-25 21:45:03 +00:00
Geoff Thorpe
6dc5d570d0 Make necessary tweaks to apps/ files due to recent ENGINE surgery. See
crypto/engine/README for details.
2001-09-25 20:35:01 +00:00
Geoff Thorpe
10b2328fea "make update" 2001-09-24 17:42:35 +00:00
Bodo Möller
c404ff7955 make update 2001-09-20 22:52:19 +00:00
Geoff Thorpe
8ce2912fbc Updated dependencies from "make update" 2001-09-12 02:43:22 +00:00
Geoff Thorpe
1372965e2e Reduce the header dependencies on engine.h in apps/. 2001-09-12 02:39:06 +00:00
Geoff Thorpe
51ac0cfe44 make update 2001-09-10 21:18:11 +00:00
Geoff Thorpe
16e819e1d8 Put all "common" initialisation in the apps_startup() and apps_shutdown()
macros in apps.h.
2001-09-10 21:04:14 +00:00
Bodo Möller
c2222c2ea2 restore previous revision -- memory leak should be fixed in mem.c 2001-09-10 18:47:33 +00:00
Bodo Möller
336da5642d fix memory leak 2001-09-10 18:13:16 +00:00
Bodo Möller
a52c2fb296 exclude disabled message digests 2001-09-10 17:18:56 +00:00
Bodo Möller
41450b27f2 add AES ciphers 2001-09-10 17:12:31 +00:00
Bodo Möller
e72d5983f2 Update so that progs.h can indeed be automatically generated
(Working file: progs.h
     revision 1.24

     date: 2001/02/19 16:06:03;  author: levitte;  state: Exp;  lines: +59 -59
     Make all configuration macros available for application by making
     sure they are available in opensslconf.h, by giving them names starting
     with "OPENSSL_" to avoid conflicts with other packages and by making
     sure e_os2.h will cover all platform-specific cases together with
     opensslconf.h.

     [...])
2001-09-10 17:00:28 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
2001-09-10 09:50:30 +00:00
Ben Laurie
7d34470458 Look up MD5 by name. 2001-09-07 11:45:42 +00:00