Merge from 1.0.0-stable branch.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 3 Apr 2009 11:45:19 +0000 (11:45 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 3 Apr 2009 11:45:19 +0000 (11:45 +0000)
17 files changed:
CHANGES
NEWS
STATUS
TABLE
apps/ocsp.c
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/des/enc_read.c
crypto/objects/obj_xref.h
crypto/pkcs12/p12_kiss.c
crypto/stack/safestack.h
crypto/x509v3/pcy_tree.c
demos/pkcs12/pkread.c
doc/apps/x509.pod
engines/ccgost/Makefile
ssl/d1_clnt.c
test/Makefile

diff --git a/CHANGES b/CHANGES
index 14ffb4083eecf419feb0a2d4b8bf4b7289ea4c93..f17154b8e345f201907010e0b8454be04dbb1961 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,13 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+
   *) Support use of registered digest and cipher names for dgst and cipher
      commands instead of having to add each one as a special case. So now
      you can do:
diff --git a/NEWS b/NEWS
index 91914af30be32c6d7c3f26ab19cdc7dabfa9f00d..d4841f9a627bdf6bdccc96687a05ef6004e92e51 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,7 @@
       o ecdsa-with-SHA224/256/384/512 signature types.
       o dsa-with-SHA224 and dsa-with-SHA256 signature types.
       o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.
 
   Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
 
diff --git a/STATUS b/STATUS
index 6c368603d766559f7f651e8e2ab5e0e280316a25..1d4f8b9fbe9499f145b22b6f5d1f6ea39fa72892 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,10 +1,10 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2009/03/30 11:33:03 $
+  ______________                           $Date: 2009/04/03 11:45:14 $
 
   DEVELOPMENT STATE
 
-    o  OpenSSL 1.0:  Under development...
+    o  OpenSSL 1.0.0-beta1: Released on April 1st, 2009
     o  OpenSSL 0.9.8h: Released on May       28th, 2008
     o  OpenSSL 0.9.8g: Released on October   19th, 2007
     o  OpenSSL 0.9.8f: Released on October   11th, 2007
diff --git a/TABLE b/TABLE
index eedbecced9c8e0c300796a007b6e693051a5b477..fffc6bdb807f75542280e24f0c5e59086e96a66c 100644 (file)
--- a/TABLE
+++ b/TABLE
@@ -1366,7 +1366,7 @@ $multilib     =
 
 *** debug-ben-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
index 43179c77b89fa4af2bdba1944766a0c1462cb31d..a8e00fd0ed62902f46af4fc3ff6c92f0a7d2fda0 100644 (file)
@@ -62,6 +62,8 @@
                                   on OpenVMS */
 #endif
 
+#define USE_SOCKETS
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
index 6129d0a1cf50259c960e8225143254ab7eefda85..8f5b0517e94bc047ff815421199f94c95a6e2c58 100644 (file)
@@ -1278,7 +1278,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_BAD_OBJECT_HEADER                        102
 #define ASN1_R_BAD_PASSWORD_READ                        103
 #define ASN1_R_BAD_TAG                                  104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                210
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                214
 #define ASN1_R_BN_LIB                                   105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                  106
 #define ASN1_R_BUFFER_TOO_SMALL                                 107
@@ -1370,7 +1370,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                         157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY                 158
 #define ASN1_R_UNEXPECTED_EOC                           159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH          211
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH          215
 #define ASN1_R_UNKNOWN_FORMAT                           160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM                 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE                      162
index cdee663834e393f098b3e46d0b452f197a9864af..82496b36983f4fdc5ae9a2f00155f7cb47615ad5 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -176,7 +176,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),   "PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),       "PKCS5_pbe_set"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR),        "PKCS5_pbe_set0_algor"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),     "SMIME_read_asn1"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),     "SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),  "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),       "X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),       "X509_CRL_add0_revoked"},
index e7c853f5cc7be14b1b46deffa9d9fd6ea242446c..edb6620d085697a8c887d9dcf93e783036795a40 100644 (file)
@@ -150,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
        /* first - get the length */
        while (net_num < HDRSIZE) 
                {
-#ifndef _WIN32
+#ifndef OPENSSL_SYS_WIN32
                i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
 #else
                i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
index d5b9b8e19830c30e6fbf87cc972a66c77beef0c1..7836f01d95ccacbc6a51b66abf65fdda8abef2fd 100644 (file)
@@ -1,4 +1,4 @@
-/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
+/* AUTOGENERATED BY crypto/objects/objxref.pl, DO NOT EDIT */
 
 typedef struct
        {
index 5c4c6ec988897d31b74d9651ad87e6bb7b1255ee..10ee5e7b945bf5341a0fb58a656d334237ee97d8 100644 (file)
 /* Simplified PKCS#12 routines */
 
 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-               EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+               EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 
 static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                      int passlen, EVP_PKEY **pkey, X509 **cert,
-                      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                      char *keymatch);
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 
 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                       ASN1_OCTET_STRING **keyid, char *keymatch);
+                       EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 
 /* Parse and decrypt a PKCS#12 structure returning user key, user cert
  * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
@@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
             STACK_OF(X509) **ca)
 {
-
+       STACK_OF(X509) *ocerts = NULL;
+       X509 *x;
        /* Check for NULL PKCS12 structure */
 
-       if(!p12) {
+       if(!p12)
+               {
                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
                return 0;
-       }
-
-       /* Allocate stack for ca certificates if needed */
-       if ((ca != NULL) && (*ca == NULL)) {
-               if (!(*ca = sk_X509_new_null())) {
-                       PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-                       return 0;
                }
-       }
 
-       if(pkey) *pkey = NULL;
-       if(cert) *cert = NULL;
+       if(pkey)
+               *pkey = NULL;
+       if(cert)
+               *cert = NULL;
 
        /* Check the mac */
 
@@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                goto err;
        }
 
-       if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
+       /* Allocate stack for other certificates */
+       ocerts = sk_X509_new_null();
+
+       if (!ocerts)
+               {
+               PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+
+       if (!parse_pk12 (p12, pass, -1, pkey, ocerts))
                {
                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
                goto err;
                }
 
+       while ((x = sk_X509_pop(ocerts)))
+               {
+               if (pkey && *pkey && cert && !*cert)
+                       {
+                       if (X509_check_private_key(x, *pkey))
+                               {
+                               *cert = x;
+                               x = NULL;
+                               }
+                       }
+
+               if (ca && x)
+                       {
+                       if (!*ca)
+                               *ca = sk_X509_new_null();
+                       if (!*ca)
+                               goto err;
+                       if (!sk_X509_push(*ca, x))
+                               goto err;
+                       x = NULL;
+                       }
+               if (x)
+                       X509_free(x);
+               }
+
+       if (ocerts)
+               sk_X509_pop_free(ocerts, X509_free);
+
        return 1;
 
  err:
 
-       if (pkey && *pkey) EVP_PKEY_free(*pkey);
-       if (cert && *cert) X509_free(*cert);
-       if (ca) sk_X509_pop_free(*ca, X509_free);
+       if (pkey && *pkey)
+               EVP_PKEY_free(*pkey);
+       if (cert && *cert)
+               X509_free(*cert);
+       if (x)
+               X509_free(*cert);
+       if (ocerts)
+               sk_X509_pop_free(ocerts, X509_free);
        return 0;
 
 }
@@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 /* Parse the outer PKCS#12 structure */
 
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
-            EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+            EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
        STACK_OF(PKCS7) *asafes;
        STACK_OF(PKCS12_SAFEBAG) *bags;
        int i, bagnid;
        PKCS7 *p7;
-       ASN1_OCTET_STRING *keyid = NULL;
 
-       char keymatch = 0;
        if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
                p7 = sk_PKCS7_value (asafes, i);
@@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                        return 0;
                }
-               if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
-                                                        &keyid, &keymatch)) {
+               if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                        return 0;
@@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
        }
        sk_PKCS7_pop_free(asafes, PKCS7_free);
-       if (keyid) M_ASN1_OCTET_STRING_free(keyid);
        return 1;
 }
 
 
 static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                     int passlen, EVP_PKEY **pkey, X509 **cert,
-                     STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                     char *keymatch)
+                     int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
        int i;
        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
                if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-                        pass, passlen, pkey, cert, ca, keyid,
-                                                        keymatch)) return 0;
+                                pass, passlen, pkey, ocerts))
+                       return 0;
        }
        return 1;
 }
 
-#define MATCH_KEY  0x1
-#define MATCH_CERT 0x2
-#define MATCH_ALL  0x3
-
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                    EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                    ASN1_OCTET_STRING **keyid,
-                    char *keymatch)
+                    EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
        PKCS8_PRIV_KEY_INFO *p8;
        X509 *x509;
-       ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
        ASN1_TYPE *attrib;
        ASN1_BMPSTRING *fname = NULL;
+       ASN1_OCTET_STRING *lkid = NULL;
 
        if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
                fname = attrib->value.bmpstring;
 
-       if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
-               lkey = attrib->value.octet_string;
-               ckid = lkey;
-       }
+       if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
+               lkid = attrib->value.octet_string;
 
-       /* Check for any local key id matching (if needed) */
-       if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
-               if (*keyid) {
-                       if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
-               } else {
-                       if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-                               PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
-                               return 0;
-                   }
-               }
-       }
-       
        switch (M_PKCS12_bag_type(bag))
        {
        case NID_keyBag:
-               if (!lkey || !pkey) return 1;   
-               if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
-               *keymatch |= MATCH_KEY;
+               if (!pkey || *pkey)
+                       return 1;       
+               if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+                       return 0;
        break;
 
        case NID_pkcs8ShroudedKeyBag:
-               if (!lkey || !pkey) return 1;   
+               if (!pkey || *pkey)
+                       return 1;       
                if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
                                return 0;
                *pkey = EVP_PKCS82PKEY(p8);
                PKCS8_PRIV_KEY_INFO_free(p8);
                if (!(*pkey)) return 0;
-               *keymatch |= MATCH_KEY;
        break;
 
        case NID_certBag:
                if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-                                                                return 1;
-               if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
-               if(ckid)
+                       return 1;
+               if (!(x509 = PKCS12_certbag2x509(bag)))
+                       return 0;
+               if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length))
                        {
-                       if (!X509_keyid_set1(x509, ckid->data, ckid->length))
-                               {
-                               X509_free(x509);
-                               return 0;
-                               }
+                       X509_free(x509);
+                       return 0;
                        }
                if(fname) {
                        int len, r;
@@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                        }
                }
 
+               if(!sk_X509_push(ocerts, x509))
+                       {
+                       X509_free(x509);
+                       return 0;
+                       }
 
-               if (lkey) {
-                       *keymatch |= MATCH_CERT;
-                       if (cert) *cert = x509;
-                       else X509_free(x509);
-               } else {
-                       if(ca) sk_X509_push (*ca, x509);
-                       else X509_free(x509);
-               }
        break;
 
        case NID_safeContentsBag:
                return parse_bags(bag->value.safes, pass, passlen,
-                                       pkey, cert, ca, keyid, keymatch);
+                                       pkey, ocerts);
        break;
 
        default:
index 58597c447936d415c399a29cbdce5b1c92aa84b6..3f565e9efa2f3a80fb6bd379583a4fdb2692156c 100644 (file)
@@ -1967,29 +1967,6 @@ DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
 
-#define sk_X509_POLICY_REF_new(cmp) SKM_sk_new(X509_POLICY_REF, (cmp))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
-
 #define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
 #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
index 6dcdf481d973d27fe6d9a30143014c786ab55e6e..92f6b245567d4901f4cf48fb908c9513d4f11cb8 100644 (file)
@@ -231,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
        tree->auth_policies = NULL;
        tree->user_policies = NULL;
 
-       if (!tree)
+       if (!tree->levels)
                {
                OPENSSL_free(tree);
                return 0;
index 8e1b68631216e94830a791a0adaeaf425d286697..02e16cda2af5d281ef82a1b03ae086be30e93dba 100644 (file)
@@ -51,7 +51,7 @@ int main(int argc, char **argv)
                fprintf(fp, "***User Certificate***\n");
                PEM_write_X509_AUX(fp, cert);
        }
-       if (ca && sk_num(ca)) {
+       if (ca && sk_X509_num(ca)) {
                fprintf(fp, "***Other Certificates***\n");
                for (i = 0; i < sk_X509_num(ca); i++) 
                    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
index c0c39770cec84683a5bfff419adf4d61b2c9cf40..04d732dc60222fbe2c5bf982316f1033a9b076ae 100644 (file)
@@ -23,6 +23,7 @@ B<openssl> B<x509>
 [B<-issuer>]
 [B<-nameopt option>]
 [B<-email>]
+[B<-ocsp_uri>]
 [B<-startdate>]
 [B<-enddate>]
 [B<-purpose>]
@@ -176,6 +177,10 @@ set multiple options. See the B<NAME OPTIONS> section for more information.
 
 outputs the email address(es) if any.
 
+=item B<-ocsp_uri>
+
+outputs the OCSP responder address(es) if any.
+
 =item B<-startdate>
 
 prints out the start date of the certificate, that is the notBefore date.
index 8959165b65052e9233e6e59d673c252b8342146e..61077b551a39f005ed5e86e223b4a3d627019a64 100644 (file)
@@ -55,7 +55,7 @@ install:
                        esac; \
                        cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
                else \
-                       sfx="so"; \
+                       sfx=".so"; \
                        cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
                fi; \
                chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$${pfx}$(LIBNAME)$$sfx.new; \
index f4e9df9810a1810587e45d32711109f9f6355dca..f569d4beacdea52676028c18dc4332bb8176276c 100644 (file)
@@ -425,8 +425,6 @@ int dtls1_connect(SSL *s)
                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                }
                        s->init_num=0;
-                       /* mark client_random uninitialized */
-                       memset (s->s3->client_random,0,sizeof(s->s3->client_random));
                        break;
 
                case SSL3_ST_CR_FINISHED_A:
index c515d1ac4cbdc44f72eb5ee15069576081236a92..75eb2d902dc02aa5ee4e01ba22f6e41eaaf5da2c 100644 (file)
@@ -573,7 +573,11 @@ ideatest.o: ../include/openssl/opensslconf.h ideatest.c
 igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
 igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
 igetest.o: ../include/openssl/rand.h igetest.c
-jpaketest.o: ../include/openssl/opensslconf.h jpaketest.c
+jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+jpaketest.o: ../include/openssl/symhacks.h jpaketest.c
 md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h