return(FORMAT_ASN1);
else if ((*s == 'T') || (*s == 't'))
return(FORMAT_TEXT);
- else if ((*s == 'P') || (*s == 'p'))
- {
- if (s[1] == 'V' || s[1] == 'v')
- return FORMAT_PVK;
- else
- return(FORMAT_PEM);
- }
else if ((*s == 'N') || (*s == 'n'))
return(FORMAT_NETSCAPE);
else if ((*s == 'S') || (*s == 's'))
return(FORMAT_PKCS12);
else if ((*s == 'E') || (*s == 'e'))
return(FORMAT_ENGINE);
+ else if ((*s == 'P') || (*s == 'p'))
+ {
+ if (s[1] == 'V' || s[1] == 'v')
+ return FORMAT_PVK;
+ else
+ return(FORMAT_PEM);
+ }
else
return(FORMAT_UNDEF);
}
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
+authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
#ifdef EAI_FAMILY
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_BEOS_BONE) || defined(OPENSSL_SYS_MSDOS)
# define SOCKLEN_T size_t
-# else
+# elif !defined(SOCKLEN_T)
# define SOCKLEN_T socklen_t
#endif
do {
* the non-constness means a lot of complication, and in practice
* comparison routines do always not touch their arguments.
*/
-#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \
+
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
{ \
type1 const *a = a_; \
type2 const *b = b_; \
return nm##_cmp(a,b); \
} \
- scope type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+ static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
{ \
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
nm##_cmp_BSEARCH_CMP_FN); \
} \
extern void dummy_prototype(void)
-#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
- _IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
-#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \
- _IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
+ static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
+ { \
+ type1 const *a = a_; \
+ type2 const *b = b_; \
+ return nm##_cmp(a,b); \
+ } \
+ type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+ { \
+ return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+ nm##_cmp_BSEARCH_CMP_FN); \
+ } \
+ extern void dummy_prototype(void)
#define OBJ_bsearch(type1,key,type2,base,num,cmp) \
((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
STACK_OF(X509) **ca)
{
STACK_OF(X509) *ocerts = NULL;
- X509 *x;
+ X509 *x = NULL;
/* Check for NULL PKCS12 structure */
if(!p12)
/* Under Win32 these are defined in wincrypt.h */
#undef X509_NAME
#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
#endif
#define X509_FILETYPE_PEM 1
if (!ret)
X509_NAME_free(nm);
gen->d.dirn = nm;
+ X509V3_section_free(ctx, sk);
return ret;
}
return(0);
}
-IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
- ssl_cipher_id);
-
/* This function needs to check if the ciphers required are actually
* available */
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+#ifndef OPENSSL_NO_SSL2
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
+#endif
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
IMPLEMENT_STACK_OF(SSL_CIPHER)
IMPLEMENT_STACK_OF(SSL_COMP)
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+ ssl_cipher_id);
+
@a=grep(!/^e_camellia$/,@a) if $no_camellia;
@a=grep(!/^e_seed$/,@a) if $no_seed;
- @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
- @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+ #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+ #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
"CMS",
# CryptoAPI Engine
"CAPIENG",
+ # SSL v2
+ "SSL2",
# JPAKE
"JPAKE",
# Deprecated functions
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-my $no_jpake;
+my $no_jpake; my $no_ssl2;
my $zlib;
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
+ elsif (/^no-ssl2$/) { $no_ssl2=1; }
elsif (/^no-capieng$/) { $no_capieng=1; }
elsif (/^no-jpake$/) { $no_jpake=1; }
}
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
+ if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
projects / oweals / openssl.git / commitdiff