oweals/openssl.git
21 years agoIt's recommended to use req rather than x509 to create self-signed certificates
Richard Levitte [Thu, 3 Apr 2003 22:12:48 +0000 (22:12 +0000)]
It's recommended to use req rather than x509 to create self-signed certificates

21 years agoTypo correction
Richard Levitte [Thu, 3 Apr 2003 21:55:55 +0000 (21:55 +0000)]
Typo correction

21 years agoDon't try to free NULL values...
Richard Levitte [Thu, 3 Apr 2003 20:03:23 +0000 (20:03 +0000)]
Don't try to free NULL values...

21 years agoReindent for readability.
Richard Levitte [Thu, 3 Apr 2003 19:10:32 +0000 (19:10 +0000)]
Reindent for readability.

21 years agoRemove unused variable.
Richard Levitte [Thu, 3 Apr 2003 19:07:27 +0000 (19:07 +0000)]
Remove unused variable.

21 years agoReset the version number of the issuer certificate? I believe this
Richard Levitte [Thu, 3 Apr 2003 18:50:15 +0000 (18:50 +0000)]
Reset the version number of the issuer certificate?  I believe this
hasn't been tested in a long while...

21 years agoConditionalise all debug strings.
Richard Levitte [Thu, 3 Apr 2003 18:07:39 +0000 (18:07 +0000)]
Conditionalise all debug strings.

21 years agoMake it possible to have multiple active certificates with the same
Richard Levitte [Thu, 3 Apr 2003 16:33:03 +0000 (16:33 +0000)]
Make it possible to have multiple active certificates with the same
subject.

21 years agomake RSA blinding thread-safe
Bodo Möller [Wed, 2 Apr 2003 09:50:22 +0000 (09:50 +0000)]
make RSA blinding thread-safe

21 years agoIt seems like gcc-drivven shared library building on OpenUnix 8 requires
Richard Levitte [Tue, 1 Apr 2003 10:59:15 +0000 (10:59 +0000)]
It seems like gcc-drivven shared library building on OpenUnix 8 requires
-shared rather than -G.

21 years agoUpdate from stable branch.
Dr. Stephen Henson [Mon, 31 Mar 2003 22:29:25 +0000 (22:29 +0000)]
Update from stable branch.

21 years agoNo need to test -setalias twice.
Richard Levitte [Mon, 31 Mar 2003 13:56:52 +0000 (13:56 +0000)]
No need to test -setalias twice.
PR: 556

21 years agoDon't feil when indent is 0.
Richard Levitte [Mon, 31 Mar 2003 13:24:02 +0000 (13:24 +0000)]
Don't feil when indent is 0.
PR: 559

21 years agoAdd usage string for -fingerprint.
Richard Levitte [Mon, 31 Mar 2003 13:06:24 +0000 (13:06 +0000)]
Add usage string for -fingerprint.
PR: 560

21 years agoMulti valued AVA support.
Dr. Stephen Henson [Sun, 30 Mar 2003 01:51:16 +0000 (01:51 +0000)]
Multi valued AVA support.

21 years agoOpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better...
Richard Levitte [Fri, 28 Mar 2003 08:57:04 +0000 (08:57 +0000)]
OpenUNIX 8 has some problems using -G with gcc.  Maybe using gnu-shared works better (will be tested tonight).

21 years agoAdd warning about unwanted side effect when calling SSL_CTX_free():
Lutz Jänicke [Thu, 27 Mar 2003 22:04:05 +0000 (22:04 +0000)]
Add warning about unwanted side effect when calling SSL_CTX_free():
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>

PR: 547

21 years agoUpdate VMS building system
Richard Levitte [Wed, 26 Mar 2003 14:34:38 +0000 (14:34 +0000)]
Update VMS building system

21 years agoUpdate ocsp usage message and docs.
Dr. Stephen Henson [Wed, 26 Mar 2003 00:46:47 +0000 (00:46 +0000)]
Update ocsp usage message and docs.

21 years agoLet's limit the extent of the definition of _XOPEN_SOURCE.
Richard Levitte [Tue, 25 Mar 2003 21:17:28 +0000 (21:17 +0000)]
Let's limit the extent of the definition of _XOPEN_SOURCE.

21 years agoMissed a few dollars.
Richard Levitte [Tue, 25 Mar 2003 20:56:06 +0000 (20:56 +0000)]
Missed a few dollars.
PR: 528

21 years agomake update
Dr. Stephen Henson [Mon, 24 Mar 2003 17:06:25 +0000 (17:06 +0000)]
make update

21 years agoSupport for name constraints.
Dr. Stephen Henson [Mon, 24 Mar 2003 17:04:44 +0000 (17:04 +0000)]
Support for name constraints.

21 years agoName Constraints OID.
Dr. Stephen Henson [Mon, 24 Mar 2003 00:56:09 +0000 (00:56 +0000)]
Name Constraints OID.

21 years agoAdd SCO5 shared library scripts.
Lutz Jänicke [Sun, 23 Mar 2003 10:18:05 +0000 (10:18 +0000)]
Add SCO5 shared library scripts.
Upate SVR5 scripts for the upcoming 0.9.7b.
Submitted by: Boyd Lynn Gerber <gerberb@zenez.com>

21 years agoTo define OPENSSL_NO_FP_API for all MSDOS type targets was unfair
Richard Levitte [Sat, 22 Mar 2003 22:33:52 +0000 (22:33 +0000)]
To define OPENSSL_NO_FP_API for all MSDOS type targets was unfair
against DJGPP, and much more restricted than previous definitions.

21 years agomake update
Dr. Stephen Henson [Fri, 21 Mar 2003 16:28:29 +0000 (16:28 +0000)]
make update

21 years agoSupport for policy constraints.
Dr. Stephen Henson [Fri, 21 Mar 2003 16:26:20 +0000 (16:26 +0000)]
Support for policy constraints.

21 years agoremove patch ID (which is supposed to appear in patched variants of
Bodo Möller [Fri, 21 Mar 2003 13:11:14 +0000 (13:11 +0000)]
remove patch ID (which is supposed to appear in patched variants of
old OpenSSL releases, but not in new releases)

21 years agoDefine COMP method function prototypes properly.
Richard Levitte [Fri, 21 Mar 2003 00:05:14 +0000 (00:05 +0000)]
Define COMP method function prototypes properly.

21 years agoMake sure to declare mem*() properly.
Richard Levitte [Fri, 21 Mar 2003 00:04:14 +0000 (00:04 +0000)]
Make sure to declare mem*() properly.

21 years agomake update
Richard Levitte [Thu, 20 Mar 2003 23:54:33 +0000 (23:54 +0000)]
make update

21 years agoDon't put configuration macro definitions on the command line, we're
Richard Levitte [Thu, 20 Mar 2003 23:52:41 +0000 (23:52 +0000)]
Don't put configuration macro definitions on the command line, we're
just fooling ourselves and then screwing up for other applications.

21 years agoSometimes, we have partial comments on the same line as other stuff we
Richard Levitte [Thu, 20 Mar 2003 23:51:35 +0000 (23:51 +0000)]
Sometimes, we have partial comments on the same line as other stuff we
parse.  Make sure to read in the whole comment, so it can be entirely
removed.

21 years agoMake sure we get the definition of OPENSSL_NO_RSA.
Richard Levitte [Thu, 20 Mar 2003 23:34:28 +0000 (23:34 +0000)]
Make sure we get the definition of OPENSSL_NO_RSA.

21 years agoMake sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.
Richard Levitte [Thu, 20 Mar 2003 23:34:08 +0000 (23:34 +0000)]
Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.

21 years agoMake sure we get the definition of OPENSSL_NO_SHA.
Richard Levitte [Thu, 20 Mar 2003 23:32:16 +0000 (23:32 +0000)]
Make sure we get the definition of OPENSSL_NO_SHA.

21 years agoMake sure we get the definition of OPENSSL_NO_RIPEMD.
Richard Levitte [Thu, 20 Mar 2003 23:31:56 +0000 (23:31 +0000)]
Make sure we get the definition of OPENSSL_NO_RIPEMD.

21 years agoMake sure we get the definition of OPENSSL_NO_MDC2.
Richard Levitte [Thu, 20 Mar 2003 23:31:44 +0000 (23:31 +0000)]
Make sure we get the definition of OPENSSL_NO_MDC2.

21 years agoMake sure we get the definition of OPENSSL_NO_MD5.
Richard Levitte [Thu, 20 Mar 2003 23:31:34 +0000 (23:31 +0000)]
Make sure we get the definition of OPENSSL_NO_MD5.

21 years agoMake sure we get the definition of OPENSSL_NO_MD4.
Richard Levitte [Thu, 20 Mar 2003 23:31:24 +0000 (23:31 +0000)]
Make sure we get the definition of OPENSSL_NO_MD4.

21 years agoMake sure we get the definition of OPENSSL_NO_MD2.
Richard Levitte [Thu, 20 Mar 2003 23:30:04 +0000 (23:30 +0000)]
Make sure we get the definition of OPENSSL_NO_MD2.

21 years agoMake sure we get the definition of OPENSSL_NO_DES.
Richard Levitte [Thu, 20 Mar 2003 23:29:38 +0000 (23:29 +0000)]
Make sure we get the definition of OPENSSL_NO_DES.

21 years agoMake sure we get the definition of OPENSSL_NO_RC5.
Richard Levitte [Thu, 20 Mar 2003 23:29:26 +0000 (23:29 +0000)]
Make sure we get the definition of OPENSSL_NO_RC5.

21 years agoMake sure we get the definition of OPENSSL_NO_RC4.
Richard Levitte [Thu, 20 Mar 2003 23:29:17 +0000 (23:29 +0000)]
Make sure we get the definition of OPENSSL_NO_RC4.

21 years agoMake sure we get the definition of OPENSSL_NO_RC2.
Richard Levitte [Thu, 20 Mar 2003 23:29:06 +0000 (23:29 +0000)]
Make sure we get the definition of OPENSSL_NO_RC2.

21 years agoMake sure we get the definition of OPENSSL_NO_IDEA.
Richard Levitte [Thu, 20 Mar 2003 23:28:55 +0000 (23:28 +0000)]
Make sure we get the definition of OPENSSL_NO_IDEA.

21 years agoMake sure we get the definition of OPENSSL_NO_CAST.
Richard Levitte [Thu, 20 Mar 2003 23:28:27 +0000 (23:28 +0000)]
Make sure we get the definition of OPENSSL_NO_CAST.

21 years agoMake sure we get the definition of OPENSSL_NO_BF.
Richard Levitte [Thu, 20 Mar 2003 23:28:16 +0000 (23:28 +0000)]
Make sure we get the definition of OPENSSL_NO_BF.

21 years agoMake sure we get the definition of OPENSSL_NO_AES.
Richard Levitte [Thu, 20 Mar 2003 23:28:03 +0000 (23:28 +0000)]
Make sure we get the definition of OPENSSL_NO_AES.

21 years agoMake sure we get the definition of a number of OPENSSL_NO_* macros.
Richard Levitte [Thu, 20 Mar 2003 23:27:17 +0000 (23:27 +0000)]
Make sure we get the definition of a number of OPENSSL_NO_* macros.

21 years agoMake sure we get the definition of OPENSSL_NO_BIO.
Richard Levitte [Thu, 20 Mar 2003 23:26:46 +0000 (23:26 +0000)]
Make sure we get the definition of OPENSSL_NO_BIO.

21 years agoInclude e_os.h correctly.
Richard Levitte [Thu, 20 Mar 2003 23:26:32 +0000 (23:26 +0000)]
Include e_os.h correctly.

21 years agoMake sure we get the definition of OPENSSL_NO_MD2.
Richard Levitte [Thu, 20 Mar 2003 23:24:59 +0000 (23:24 +0000)]
Make sure we get the definition of OPENSSL_NO_MD2.

21 years agoMake sure we get the definition of OPENSSL_NO_FP_API.
Richard Levitte [Thu, 20 Mar 2003 23:24:47 +0000 (23:24 +0000)]
Make sure we get the definition of OPENSSL_NO_FP_API.

21 years agoMake sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT.
Richard Levitte [Thu, 20 Mar 2003 23:24:32 +0000 (23:24 +0000)]
Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT.

21 years agoMake sure we get the definition of OPENSSL_NO_HMAC.
Richard Levitte [Thu, 20 Mar 2003 23:23:43 +0000 (23:23 +0000)]
Make sure we get the definition of OPENSSL_NO_HMAC.

21 years agoMake sure we get the definition of OPENSSL_NO_ECDSA.
Richard Levitte [Thu, 20 Mar 2003 23:22:31 +0000 (23:22 +0000)]
Make sure we get the definition of OPENSSL_NO_ECDSA.

21 years agoMake sure we get the definition of OPENSSL_NO_ECDH.
Richard Levitte [Thu, 20 Mar 2003 23:22:17 +0000 (23:22 +0000)]
Make sure we get the definition of OPENSSL_NO_ECDH.

21 years agoMake sure we get the definition of OPENSSL_NO_EC.
Richard Levitte [Thu, 20 Mar 2003 23:22:06 +0000 (23:22 +0000)]
Make sure we get the definition of OPENSSL_NO_EC.

21 years agoMake sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.
Richard Levitte [Thu, 20 Mar 2003 23:21:51 +0000 (23:21 +0000)]
Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.

21 years agoMake sure we get the definition of OPENSSL_NO_DH.
Richard Levitte [Thu, 20 Mar 2003 23:21:27 +0000 (23:21 +0000)]
Make sure we get the definition of OPENSSL_NO_DH.

21 years agoMake sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES,
Richard Levitte [Thu, 20 Mar 2003 23:21:10 +0000 (23:21 +0000)]
Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES,
DES_LONG and OPENSSL_NO_DESCBCM.

21 years agoMake sure we get the definition of OPENSSL_NO_CAST.
Richard Levitte [Thu, 20 Mar 2003 23:20:15 +0000 (23:20 +0000)]
Make sure we get the definition of OPENSSL_NO_CAST.

21 years agoMake sure we get the definition of OPENSSL_NO_ERR.
Richard Levitte [Thu, 20 Mar 2003 23:19:41 +0000 (23:19 +0000)]
Make sure we get the definition of OPENSSL_NO_ERR.

21 years agoMake sure we get the definition of OPENSSL_NO_SOCK.
Richard Levitte [Thu, 20 Mar 2003 23:18:32 +0000 (23:18 +0000)]
Make sure we get the definition of OPENSSL_NO_SOCK.

21 years agoMake sure we get the definition of OPENSSL_NO_FP_API.
Richard Levitte [Thu, 20 Mar 2003 23:17:23 +0000 (23:17 +0000)]
Make sure we get the definition of OPENSSL_NO_FP_API.

21 years agoMake sure we get the definition of OPENSSL_NO_BF.
Richard Levitte [Thu, 20 Mar 2003 23:17:04 +0000 (23:17 +0000)]
Make sure we get the definition of OPENSSL_NO_BF.

21 years agoMake sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.
Richard Levitte [Thu, 20 Mar 2003 23:16:45 +0000 (23:16 +0000)]
Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.

21 years agoMake sure we get the definition of OPENSSL_NO_AES.
Richard Levitte [Thu, 20 Mar 2003 23:15:51 +0000 (23:15 +0000)]
Make sure we get the definition of OPENSSL_NO_AES.

21 years agoBecause it may be needed in public header files, move the definition
Richard Levitte [Thu, 20 Mar 2003 23:14:49 +0000 (23:14 +0000)]
Because it may be needed in public header files, move the definition
of OPENSSL_NO_FP_API on existence of OPENSSL_SYS_MSDOS to e_os2.h.

21 years agomake update
Dr. Stephen Henson [Thu, 20 Mar 2003 17:59:39 +0000 (17:59 +0000)]
make update

21 years agoNew ASN1 macros to just implement and declare the new and free functions
Dr. Stephen Henson [Thu, 20 Mar 2003 17:58:33 +0000 (17:58 +0000)]
New ASN1 macros to just implement and declare the new and free functions
and changes to mkdef.pl so it recognises them.

Use these in policyMappings extension.

21 years agomake sure RSA blinding works when the PRNG is not properly seeded;
Bodo Möller [Thu, 20 Mar 2003 17:31:30 +0000 (17:31 +0000)]
make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically for the built-in engine

21 years agoSupport for policyMappings
Dr. Stephen Henson [Thu, 20 Mar 2003 17:26:44 +0000 (17:26 +0000)]
Support for policyMappings

21 years agoTypo: OID should be policyMappings
Dr. Stephen Henson [Thu, 20 Mar 2003 17:14:27 +0000 (17:14 +0000)]
Typo: OID should be policyMappings

21 years agoAvoid warning.
Dr. Stephen Henson [Thu, 20 Mar 2003 17:09:46 +0000 (17:09 +0000)]
Avoid warning.

21 years agoAdd documentation for -starttls (s_client) and -id_prefix (s_server).
Richard Levitte [Thu, 20 Mar 2003 16:34:27 +0000 (16:34 +0000)]
Add documentation for -starttls (s_client) and -id_prefix (s_server).
PR: 542

21 years agomake update
Dr. Stephen Henson [Thu, 20 Mar 2003 14:21:36 +0000 (14:21 +0000)]
make update

21 years agoSome shells (ksh in this case) don't say 'command not found'.
Richard Levitte [Thu, 20 Mar 2003 11:44:28 +0000 (11:44 +0000)]
Some shells (ksh in this case) don't say 'command not found'.
PR: 540

21 years agoSpelling errors.
Richard Levitte [Thu, 20 Mar 2003 11:41:59 +0000 (11:41 +0000)]
Spelling errors.
PR: 538

21 years agoMake sure that all the library paths are modified in prepend mode, not
Richard Levitte [Thu, 20 Mar 2003 11:37:47 +0000 (11:37 +0000)]
Make sure that all the library paths are modified in prepend mode, not
replace mode.
PR: 528

21 years agohinv may generate more than one line (1 line per CPU).
Richard Levitte [Thu, 20 Mar 2003 11:15:12 +0000 (11:15 +0000)]
hinv may generate more than one line (1 line per CPU).
PR: 520

21 years agoShut up an ANSI compiler about uninitialised variables.
Richard Levitte [Thu, 20 Mar 2003 10:57:09 +0000 (10:57 +0000)]
Shut up an ANSI compiler about uninitialised variables.
PR: 517

21 years agoAdd the target linux-ia64-ecc, suggested by Keith Thompson <kst@sdsc.edu>.
Richard Levitte [Thu, 20 Mar 2003 10:50:36 +0000 (10:50 +0000)]
Add the target linux-ia64-ecc, suggested by Keith Thompson <kst@sdsc.edu>.
PR: 516

21 years agocountermeasure against new Klima-Pokorny-Rosa atack
Bodo Möller [Wed, 19 Mar 2003 19:19:53 +0000 (19:19 +0000)]
countermeasure against new Klima-Pokorny-Rosa atack

21 years agoFix Certificate and CRL adding in X509_load_cert_crl_file:
Dr. Stephen Henson [Wed, 19 Mar 2003 13:55:48 +0000 (13:55 +0000)]
Fix Certificate and CRL adding in X509_load_cert_crl_file:
an X509_INFO structure can contain more than one object,
for example a certififcate and a CRL.

21 years agofix formatting
Bodo Möller [Tue, 18 Mar 2003 12:52:02 +0000 (12:52 +0000)]
fix formatting

21 years agoFix for no-ec on Windows.
Dr. Stephen Henson [Sat, 15 Mar 2003 01:28:55 +0000 (01:28 +0000)]
Fix for no-ec on Windows.

21 years agoDon't give an error if response reason absent in OCSP HTTP.
Dr. Stephen Henson [Fri, 14 Mar 2003 23:38:34 +0000 (23:38 +0000)]
Don't give an error if response reason absent in OCSP HTTP.

21 years agoAdd entry for domainComponent so it is treated correctly.
Dr. Stephen Henson [Fri, 14 Mar 2003 01:44:42 +0000 (01:44 +0000)]
Add entry for domainComponent so it is treated correctly.

Add table order test to end of a_strnid.c

21 years agoAdd some OIDs.
Dr. Stephen Henson [Thu, 13 Mar 2003 23:37:55 +0000 (23:37 +0000)]
Add some OIDs.

21 years agoFix PEDANTIC stuff...
Dr. Stephen Henson [Thu, 13 Mar 2003 21:28:03 +0000 (21:28 +0000)]
Fix PEDANTIC stuff...

21 years agoFix a bone-head bug. This warrants a CHANGES entry because it could affect
Geoff Thorpe [Thu, 13 Mar 2003 20:28:42 +0000 (20:28 +0000)]
Fix a bone-head bug. This warrants a CHANGES entry because it could affect
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.

21 years agoReturn an error if gmtime returns NULL.
Dr. Stephen Henson [Thu, 13 Mar 2003 14:13:53 +0000 (14:13 +0000)]
Return an error if gmtime returns NULL.

21 years agoAvoid warnings for no-engine and PEDANTIC
Dr. Stephen Henson [Wed, 12 Mar 2003 02:38:57 +0000 (02:38 +0000)]
Avoid warnings for no-engine and PEDANTIC

21 years agoFixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.
Dr. Stephen Henson [Wed, 12 Mar 2003 02:31:40 +0000 (02:31 +0000)]
Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.

21 years agoThe default implementation of DSA_METHOD has an interdependence on the
Geoff Thorpe [Tue, 11 Mar 2003 01:49:21 +0000 (01:49 +0000)]
The default implementation of DSA_METHOD has an interdependence on the
dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).

This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.

PR: 507

21 years ago- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
Bodo Möller [Fri, 28 Feb 2003 15:37:10 +0000 (15:37 +0000)]
- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary

21 years agomemset problem has been handled
Bodo Möller [Fri, 28 Feb 2003 15:17:45 +0000 (15:17 +0000)]
memset problem has been handled

PR: 343