From: "Chris D. Peterson" <cpeterson@aventail.com>
Subject: Implementation Issues with OpenSSL
To: openssl-users@openssl.org
Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage. For
the same reason, do the same check when a wpending is performed.
used or not, let's ask collect2 which ld it uses and choose to use the
target do-gnu_shared if GNU ld is used.
This solves the reported problems on Solaris systems where GNU cc is
used but GNU ld isn't, and probably on other systems with similar
setups.
specifically, a starting './' is removed. makedepend doesn't do this,
resulting in another possible commit war, so let's fix that by doing a
poor mans canonicalisation of file names that gives the same effect as
doing dependencies through gcc.
not implemented. (Bug reported by Martin Szotkowski)
This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.
it to be defined on all platforms whether or not it is of any practical
use on them. This also resolves linker problems on "special" platforms,
such as win32.
of the stack, and the (void *) type used in the underlying sk_***
functions. However, declaring a STACK_OF(type) where type is a *function*
type implicitly involves casts between function pointers and data pointers.
That's a no-no. This changes the ENGINE_CLEANUP handling to use a regular
data type in the stack.
algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)
This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
-engine auto