- define a HERE variable to indicate where the source tree is (not
used right now)
- make more use of copying and making attribute changes to {file}.new,
and then move it to {file}
- use 'mv -f' to avoid all those questions to the user when the file
in question doesn't have write attributes for that user.
GNU ld comes first, checking the usage of collect2 gives that instead of
GNU ld, even if GNU ld would be the one that would get used if we link using
gcc. It's much better, apparently, to ask gcc directly what the path to
GNU ld is (provided it's there at all and gcc knows about it), and ask
the result if it's a GNU or not. The bonus is that our GNU ld detection
mechanism got shorter and easier to understand...
argument list length. This requires Gnu-tar. As we use the non-standard
"tardy" software anyway, it doesn't hurt too much to require Gnu-tar.
"make dist" will probably only be used by team-members anyway.
Submitted by:
Reviewed by:
PR:
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
sooner and the programs get built against the shared libraries.
This requires a bit more work. Things like -rpath and the possibility
to still link the programs statically should be included. Some
cleanup is also needed. This will be worked on.
used or not, let's ask collect2 which ld it uses and choose to use the
target do-gnu_shared if GNU ld is used.
This solves the reported problems on Solaris systems where GNU cc is
used but GNU ld isn't, and probably on other systems with similar
setups.
His comments are:
1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.
2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'. The reason is that most
people these days are using the newer compiler, so it should be the default.
3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.
4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries. This is explained in the comment in Configure. It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.
5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.
6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.
7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.
8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
SSL according to RFC 2712. His comment is:
This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication. I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week. The full kit includes patches
for mod-ssl, apache, and a few text clients. The sourceforge URL
is http://sourceforge.net/projects/kssl/ .
Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct. I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field. I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
like des_read_password and friends (backward compatibility functions
using this new API are provided). The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
abort with errors if no name is defined for some object, which was the
case for 'pilotAttributeType 27'.
Also avoid this very situation by assigning the name
'pilotAttributeType27'.
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
For performance reasons, it is also recommended to make the (mmap'ed)
shared library 'read-only'.
-> New permissions for installed shared libraries = 555
This doesn't hurt anybody, provided the installation is performed with
'cp -f' :-)
"-Wl,+s" instead of +s:
* Hardcoded necessary references to -ldld/-ldl into the build rules and
removed EX_LIBS.
HP-UX records the pathnames of dependent libraries when the shared libs
are built, so that ./libcrypto.sl... is recorded in libssl.sl..., with
"./" not being resolvable when running an application linked against -lssl:
* Build libssl without explicit reference to libcrypto, applications will
be linked with "-lssl -lcrypto" anyway.
Document these informations in Makefile.org.
full version number and not just 0. This should mark the shared
libraries as not backward compatible. Of course, this should be
changed again when we can guarantee backward binary compatibility.
ld warns that -Fl "may not be supported in future releases". We know
that, and are doing things in HP-UX 11 (64bit), so turn off that
warning with +vnocompatwarnings.
- Make note of the expected extension for the shared libraries and
if there is a need for symbolic links from for example libcrypto.so.0
to libcrypto.so.0.9.7. There is extended info in Configure for
that.
- Make as few rebuilds of the shared libraries as possible.
- Still avoid linking the OpenSSL programs with the shared libraries.
- When installing, install the shared libraries separately from the
static ones.
1. make sure libssl.so becomes dependent on libcrypto.so
2. correct a number of silly bugs in the solaris-shared target, and make
sure lib*.so also depends on libc.so.
