install to a different location than it had created. (BTW, VMS will need a
matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm
putting "engines/" into the libs directory rather than at the "--prefix"
level or inside "ssl/".
dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies
being reproduced for "deprecated" header behaviour when a developer doesn't
define the symbol (with the subsequent CVS wars that can ensue).
that gets built before objects barfs all over the place because it
uses a new NID that hasn't had a chance of getting defined yet (in
this case, it was about a couple of new EC curves, and therefore a
couple of new corresponding NIDs).
I'm placing objects first in SDIRS! There.
applications, at least on the platforms where it's known how
to do it.
Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others. Additionally, it's not yet
supported on the following platforms, for lack of information:
Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX
Please help out with testing and the platforms we don't yet know well
enough.
- define a HERE variable to indicate where the source tree is (used
very little right now)
- make more use of copying and making attribute changes to {file}.new,
and then move it to {file}
- use 'mv -f' to avoid all those questions to the user when the file
in question doesn't have write attributes for that user.
automatic load of dynamic engines. Make the changes in the main
Makefile so the engines are built, but now in the engines/ directory.
Note: The changes in step 12 have all been made by Geoff Thorpe.
Credit where credit is due.
GNU ld comes first, checking the usage of collect2 gives that instead of
GNU ld, even if GNU ld would be the one that would get used if we link using
gcc. It's much better, apparently, to ask gcc directly what the path to
GNU ld is (provided it's there at all and gcc knows about it), and ask
the result if it's a GNU or not. The bonus is that our GNU ld detection
mechanism got shorter and easier to understand...
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
argument list length. This requires Gnu-tar. As we use the non-standard
"tardy" software anyway, it doesn't hurt too much to require Gnu-tar.
"make dist" will probably only be used by team-members anyway.
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
sooner and the programs get built against the shared libraries.
This requires a bit more work. Things like -rpath and the possibility
to still link the programs statically should be included. Some
cleanup is also needed. This will be worked on.
used or not, let's ask collect2 which ld it uses and choose to use the
target do-gnu_shared if GNU ld is used.
This solves the reported problems on Solaris systems where GNU cc is
used but GNU ld isn't, and probably on other systems with similar
setups.
His comments are:
1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.
2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'. The reason is that most
people these days are using the newer compiler, so it should be the default.
3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.
4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries. This is explained in the comment in Configure. It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.
5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.
6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.
7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.
8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
SSL according to RFC 2712. His comment is:
This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication. I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week. The full kit includes patches
for mod-ssl, apache, and a few text clients. The sourceforge URL
is http://sourceforge.net/projects/kssl/ .
Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct. I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field. I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
like des_read_password and friends (backward compatibility functions
using this new API are provided). The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
