oweals/openssl.git
24 years agoDocumentation on using the SSL library with non-blocking I/O.
Bodo Möller [Fri, 17 Nov 2000 10:25:46 +0000 (10:25 +0000)]
Documentation on using the SSL library with non-blocking I/O.

24 years agoImprove usability of 'openssl passwd' by including
Bodo Möller [Fri, 17 Nov 2000 09:03:02 +0000 (09:03 +0000)]
Improve usability of 'openssl passwd' by including
password verification where it makes sense.

24 years agoConstify bn_dump1 implementation so that it matches the prototype
Bodo Möller [Fri, 17 Nov 2000 08:36:10 +0000 (08:36 +0000)]
Constify bn_dump1 implementation so that it matches the prototype
in bn.h

24 years agoMore constification of the BN library.
Richard Levitte [Thu, 16 Nov 2000 22:43:32 +0000 (22:43 +0000)]
More constification of the BN library.

24 years agoMake sure to print the BN counting (BN_COUNT) to stderr instead of
Richard Levitte [Thu, 16 Nov 2000 22:42:39 +0000 (22:42 +0000)]
Make sure to print the BN counting (BN_COUNT) to stderr instead of
stdout.  bc gets so confused by bean counts.

24 years agoOops, when I clean, I should do it thoroughly.
Richard Levitte [Thu, 16 Nov 2000 22:41:26 +0000 (22:41 +0000)]
Oops, when I clean, I should do it thoroughly.

24 years agoI've checked again and again. There really is no need to expand a to
Richard Levitte [Thu, 16 Nov 2000 21:35:41 +0000 (21:35 +0000)]
I've checked again and again.  There really is no need to expand a to
4 times it's size when bn_sqr_recursive() won't look farther than the
original length.  Thereby, constification is no longer a problem.

24 years ago/proc/cpuinfo can have several lines containing the word "type". We want the one...
Richard Levitte [Thu, 16 Nov 2000 18:59:02 +0000 (18:59 +0000)]
/proc/cpuinfo can have several lines containing the word "type".  We want the one that is "type", plain and simple.  Caught by Raoul Borenius <borenius@shuttle.de>

24 years agoI have no idea how this comment got there, but it's certainly not
Geoff Thorpe [Thu, 16 Nov 2000 00:17:11 +0000 (00:17 +0000)]
I have no idea how this comment got there, but it's certainly not
applicable to ENGINE_ctrl()

24 years agoMany applications that use OpenSSL with ENGINE support might face a
Geoff Thorpe [Thu, 16 Nov 2000 00:15:50 +0000 (00:15 +0000)]
Many applications that use OpenSSL with ENGINE support might face a
situation where they've initialised the ENGINE, loaded keys (which are then
linked to that ENGINE), and performed other checks (such as verifying
certificate chains etc). At that point, if the application goes
multi-threaded or multi-process it creates problems for any ENGINE
implementations that are either not thread/process safe or that perform
optimally when they do not have to perform locking and other contention
management tasks at "run-time".

This defines a new ENGINE_ctrl() command that can be supported by engines
at their discretion. If ENGINE_ctrl(..., ENGINE_CTRL_HUP,...) returns an
error then the caller should check if the *_R_COMMAND_NOT_IMPLEMENTED error
reason was set - it may just be that the engine doesn't support or need the
HUP command, or it could be that the attempted reinitialisation failed. A
crude alternative is to ignore the return value from ENGINE_ctrl() (and
clear any errors with ERR_clear_error()) and perform a test operation
immediately after the "HUP". Very crude indeed.

ENGINEs can support this command to close and reopen connections, files,
handles, or whatever as an alternative to run-time locking when such things
would otherwise be needed. In such a case, it's advisable for the engine
implementations to support locking by default but disable it after the
arrival of a HUP command, or any other indication by the application that
locking is not required. NB: This command exists to allow an ENGINE to
reinitialise without the ENGINE's functional reference count having to sink
down to zero and back up - which is what is normally required for the
finish() and init() handlers to get invoked. It would also be a bad idea
for engine_lib to catch this command itself and interpret it by calling the
engine's init() and finish() handlers directly, because reinitialisation
may need special handling on a case-by-case basis that is distinct from a
finish/init pair - eg. calling a finish() handler may invalidate the state
stored inside individual keys that have already loaded for this engine.

24 years agoFill in missing information about the string returned from
Lutz Jänicke [Wed, 15 Nov 2000 18:42:41 +0000 (18:42 +0000)]
Fill in missing information about the string returned from
SSL_CIPHER_description(), as there is no other API function to find
out details about the cipher used besides the number of bits or protocol used.

24 years agoignore
Ulf Möller [Tue, 14 Nov 2000 19:18:31 +0000 (19:18 +0000)]
ignore

24 years agoModify () to (void), since that's what is actually defined in the
Richard Levitte [Tue, 14 Nov 2000 15:33:06 +0000 (15:33 +0000)]
Modify () to (void), since that's what is actually defined in the
engine structure, and some ANSI C compilers will complain otherwise.

24 years agoTwo OCSP functions that aren't yet implemented.
Richard Levitte [Tue, 14 Nov 2000 13:50:42 +0000 (13:50 +0000)]
Two OCSP functions that aren't yet implemented.

24 years agomake update
Richard Levitte [Tue, 14 Nov 2000 13:39:38 +0000 (13:39 +0000)]
make update

24 years agoGet the Rijndael function declarations.
Richard Levitte [Tue, 14 Nov 2000 13:24:06 +0000 (13:24 +0000)]
Get the Rijndael function declarations.

24 years agoDetect and mark functions that no longer exist.
Richard Levitte [Tue, 14 Nov 2000 13:20:10 +0000 (13:20 +0000)]
Detect and mark functions that no longer exist.

24 years agoSome platforms (namely HP-UX) require the 'x' bit set for shared libraries.
Lutz Jänicke [Tue, 14 Nov 2000 11:05:10 +0000 (11:05 +0000)]
Some platforms (namely HP-UX) require the 'x' bit set for shared libraries.
For performance reasons, it is also recommended to make the (mmap'ed)
shared library 'read-only'.
-> New permissions for installed shared libraries = 555

This doesn't hurt anybody, provided the installation is performed with
'cp -f' :-)

24 years agoTypo, was "time" instead of "tim".
Richard Levitte [Tue, 14 Nov 2000 10:52:16 +0000 (10:52 +0000)]
Typo, was "time" instead of "tim".
Caught by Jeffrey Altman <jaltman@columbia.edu>

24 years agoAdd Rijndael as things to look through.
Richard Levitte [Tue, 14 Nov 2000 10:51:00 +0000 (10:51 +0000)]
Add Rijndael as things to look through.

24 years agoHP-UX shared libraries do not build any longer, as EX_LIBS contains
Lutz Jänicke [Mon, 13 Nov 2000 14:40:07 +0000 (14:40 +0000)]
HP-UX shared libraries do not build any longer, as EX_LIBS contains
"-Wl,+s" instead of +s:
* Hardcoded necessary references to -ldld/-ldl into the build rules and
  removed EX_LIBS.

HP-UX records the pathnames of dependent libraries when the shared libs
are built, so that ./libcrypto.sl... is recorded in libssl.sl..., with
"./" not being resolvable when running an application linked against -lssl:
* Build libssl without explicit reference to libcrypto, applications will
  be linked with "-lssl -lcrypto" anyway.

Document these informations in Makefile.org.

24 years agoin some new file names the first 8 characters were not unique
Ulf Möller [Sun, 12 Nov 2000 22:32:18 +0000 (22:32 +0000)]
in some new file names the first 8 characters were not unique

24 years agoFor a long time, I've wanted to be able to easily run one or a few
Richard Levitte [Sun, 12 Nov 2000 20:24:30 +0000 (20:24 +0000)]
For a long time, I've wanted to be able to easily run one or a few
individual tests.  I finally got myself to implement it...

24 years agoAdditional explanations for SSL_ERROR_WANT_READ/WRITE.
Bodo Möller [Sun, 12 Nov 2000 19:17:22 +0000 (19:17 +0000)]
Additional explanations for SSL_ERROR_WANT_READ/WRITE.

24 years agoEnhance granularity on what I want to debug for the moment by changing
Richard Levitte [Sun, 12 Nov 2000 18:25:30 +0000 (18:25 +0000)]
Enhance granularity on what I want to debug for the moment by changing
LEVITTE_DEBUG to LEVITTE_DEBUG_MEM.

24 years agoUpdate my own debugging configuration entry
Richard Levitte [Sun, 12 Nov 2000 16:20:40 +0000 (16:20 +0000)]
Update my own debugging configuration entry

24 years agoMake Rijndael work! Those long flights have some good points.
Ben Laurie [Sun, 12 Nov 2000 02:13:38 +0000 (02:13 +0000)]
Make Rijndael work! Those long flights have some good points.

24 years agoMake this stuff compile.
Ben Laurie [Sun, 12 Nov 2000 02:11:13 +0000 (02:11 +0000)]
Make this stuff compile.

24 years agoPoint to SSL_set_bio(3) early because that manpage provides
Bodo Möller [Fri, 10 Nov 2000 07:50:18 +0000 (07:50 +0000)]
Point to SSL_set_bio(3) early because that manpage provides
information that is essential for using BIO pairs.

24 years agoadd missing word
Bodo Möller [Fri, 10 Nov 2000 07:46:11 +0000 (07:46 +0000)]
add missing word

24 years agotmp2 is not used in BN_mod_mul_montgomery.
Bodo Möller [Thu, 9 Nov 2000 16:39:01 +0000 (16:39 +0000)]
tmp2 is not used in BN_mod_mul_montgomery.

24 years agoReally stupid glitch (a comment not properly ended) fixed.
Richard Levitte [Wed, 8 Nov 2000 18:10:35 +0000 (18:10 +0000)]
Really stupid glitch (a comment not properly ended) fixed.

24 years agoRemove references to RSAref. The glue library is but a memory to fade
Richard Levitte [Wed, 8 Nov 2000 17:51:37 +0000 (17:51 +0000)]
Remove references to RSAref.  The glue library is but a memory to fade
away now...

24 years agoBN_CTX-related fixes.
Bodo Möller [Wed, 8 Nov 2000 10:05:34 +0000 (10:05 +0000)]
BN_CTX-related fixes.

24 years agoConstification of LHASH. Contributed by "Paul D. Smith" <psmith@gnu.org>
Richard Levitte [Tue, 7 Nov 2000 23:43:21 +0000 (23:43 +0000)]
Constification of LHASH.  Contributed by "Paul D. Smith" <psmith@gnu.org>
I didn't apply all his patches yet, since I have some hesitance about
unconstifying.  To be pondered.

24 years agoDocument that the Nuron hardware has been added and remove the
Richard Levitte [Tue, 7 Nov 2000 14:31:53 +0000 (14:31 +0000)]
Document that the Nuron hardware has been added and remove the
requirement for an engine utility since we now have that.

24 years agoConstify DH-related code.
Richard Levitte [Tue, 7 Nov 2000 14:30:37 +0000 (14:30 +0000)]
Constify DH-related code.

24 years agoConstify DSA-related code.
Richard Levitte [Tue, 7 Nov 2000 13:54:39 +0000 (13:54 +0000)]
Constify DSA-related code.

24 years agoMake sure ERR_get_error() is declared.
Richard Levitte [Tue, 7 Nov 2000 13:53:21 +0000 (13:53 +0000)]
Make sure ERR_get_error() is declared.

24 years agoA few more constifications of some RSA routines that I forgot
Richard Levitte [Tue, 7 Nov 2000 13:49:46 +0000 (13:49 +0000)]
A few more constifications of some RSA routines that I forgot
yesterday.

24 years agoLutz tells me HP cc uses the same syntax for flags that should be
Richard Levitte [Tue, 7 Nov 2000 13:23:16 +0000 (13:23 +0000)]
Lutz tells me HP cc uses the same syntax for flags that should be
passed down to ld as GNU cc.

24 years agoWhen ENGINE_by_id() couldn't find the given engine id, it generates an
Richard Levitte [Tue, 7 Nov 2000 13:21:09 +0000 (13:21 +0000)]
When ENGINE_by_id() couldn't find the given engine id, it generates an
error.  When checking like engine_add() is, those errors are actually
good, so remove them.

24 years agoshl_load() also needs to load along a path given through an
Richard Levitte [Tue, 7 Nov 2000 11:25:26 +0000 (11:25 +0000)]
shl_load() also needs to load along a path given through an
environment variable, SHLIB_PATH.  This change makes that possible.

24 years agoHandle BN_copy failure after successful BN_new.
Bodo Möller [Tue, 7 Nov 2000 09:39:51 +0000 (09:39 +0000)]
Handle BN_copy failure after successful BN_new.

24 years agohandle the case when BN_new returns NULL
Bodo Möller [Tue, 7 Nov 2000 09:35:19 +0000 (09:35 +0000)]
handle the case when BN_new returns NULL

24 years agoDocument recent constifications.
Richard Levitte [Mon, 6 Nov 2000 23:29:52 +0000 (23:29 +0000)]
Document recent constifications.

24 years agoConstification of CRYPTO_get_ex_data() needed for the sake of
Richard Levitte [Mon, 6 Nov 2000 23:24:59 +0000 (23:24 +0000)]
Constification of CRYPTO_get_ex_data() needed for the sake of
RSA_get_ext_data().

24 years agoThe consequence of constification is that to pass the address to a
Richard Levitte [Mon, 6 Nov 2000 23:16:04 +0000 (23:16 +0000)]
The consequence of constification is that to pass the address to a
pointer to a const double pointe parameter, the pointer must point to
const data as well.

24 years agoConstify the RSAref glue code.
Richard Levitte [Mon, 6 Nov 2000 23:15:03 +0000 (23:15 +0000)]
Constify the RSAref glue code.

24 years agoConstify the RSA parts of the ASN.1 library. Note some ugly casts
Richard Levitte [Mon, 6 Nov 2000 23:04:15 +0000 (23:04 +0000)]
Constify the RSA parts of the ASN.1 library.  Note some ugly casts
that are needed in the ASN.1 macros.  Hopefully, we can get rid of
those in an elegant way in the future.

24 years agoConstify the RSA library.
Richard Levitte [Mon, 6 Nov 2000 22:49:05 +0000 (22:49 +0000)]
Constify the RSA library.

24 years agoConstify the RSA library.
Richard Levitte [Mon, 6 Nov 2000 22:34:17 +0000 (22:34 +0000)]
Constify the RSA library.

24 years agoAs a consequence of the BIGNUM constification, the ENGINE code needs a
Richard Levitte [Mon, 6 Nov 2000 22:15:50 +0000 (22:15 +0000)]
As a consequence of the BIGNUM constification, the ENGINE code needs a
few small constifying changes, and why not throw in a couple of extras
while I'm at it?

24 years agoMake all engines available in the openssl application.
Richard Levitte [Mon, 6 Nov 2000 22:03:00 +0000 (22:03 +0000)]
Make all engines available in the openssl application.

24 years agolooks like a cut&paste error
Ulf Möller [Mon, 6 Nov 2000 21:28:38 +0000 (21:28 +0000)]
looks like a cut&paste error

24 years agoConstify the BIGNUM routines a bit more. The only trouble were the
Richard Levitte [Mon, 6 Nov 2000 21:15:54 +0000 (21:15 +0000)]
Constify the BIGNUM routines a bit more.  The only trouble were the
two functions that did expansion on in parameters (BN_mul() and
BN_sqr()).  The problem was solved by making bn_dup_expand() which is
a mix of bn_expand2() and BN_dup().

24 years agomode used too early in EVP_PKEY_save_parameters.
Richard Levitte [Mon, 6 Nov 2000 21:12:21 +0000 (21:12 +0000)]
mode used too early in EVP_PKEY_save_parameters.
Spotted by Ken Lalonde <ken@torus.ca>

24 years agoMake sure that shared libraries get the internal name engine with the
Richard Levitte [Mon, 6 Nov 2000 06:52:47 +0000 (06:52 +0000)]
Make sure that shared libraries get the internal name engine with the
full version number and not just 0.  This should mark the shared
libraries as not backward compatible.  Of course, this should be
changed again when we can guarantee backward binary compatibility.

24 years agoSet the CryptoAPI randomness estimate back to 0.
Ulf Möller [Sat, 4 Nov 2000 03:33:26 +0000 (03:33 +0000)]
Set the CryptoAPI randomness estimate back to 0.
The randomness may not actually be very good (we don't know).

24 years agoincrease the value a bit
Ulf Möller [Fri, 3 Nov 2000 23:07:01 +0000 (23:07 +0000)]
increase the value a bit

24 years agoRichard moved hw_nuron.c over to DSO-land recently, so this include isn't
Geoff Thorpe [Fri, 3 Nov 2000 17:09:19 +0000 (17:09 +0000)]
Richard moved hw_nuron.c over to DSO-land recently, so this include isn't
needed now.

24 years agoMinor corrections (HPUX).
Ulf Möller [Fri, 3 Nov 2000 16:35:31 +0000 (16:35 +0000)]
Minor corrections (HPUX).
From: Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>

24 years agoavoid memory leak
Bodo Möller [Fri, 3 Nov 2000 15:40:10 +0000 (15:40 +0000)]
avoid memory leak

24 years agoInstead of just STACK, use STACK_OF(ASN1_OBJECT).
Richard Levitte [Fri, 3 Nov 2000 00:59:49 +0000 (00:59 +0000)]
Instead of just STACK, use STACK_OF(ASN1_OBJECT).

24 years agoUpdate the standards list to the current status
Richard Levitte [Thu, 2 Nov 2000 22:55:14 +0000 (22:55 +0000)]
Update the standards list to the current status

24 years agoChange the engine library so the application writer has to explicitely
Richard Levitte [Thu, 2 Nov 2000 20:33:04 +0000 (20:33 +0000)]
Change the engine library so the application writer has to explicitely
load the "external" built-in engines (those that require DSO).  This
makes linking with libdl or other dso libraries non-mandatory.

Change 'openssl engine' accordingly.

Change the engine header files so some declarations (that differed at
that!) aren't duplicated, and make sure engine_int.h includes
engine.h.  That way, there should be no way of missing the needed
info.

24 years ago'openssl engine' can now list engine capabilities. The current
Richard Levitte [Thu, 2 Nov 2000 19:24:48 +0000 (19:24 +0000)]
'openssl engine' can now list engine capabilities.  The current
implementation is contained in the application, and the capability
string building part should really be part of the engine library.
This is therefore an experimental hack, and will be changed in the
near future.

24 years agoBetter error reporting in 'openssl engine'
Richard Levitte [Thu, 2 Nov 2000 18:58:43 +0000 (18:58 +0000)]
Better error reporting in 'openssl engine'

24 years agomake update
Richard Levitte [Thu, 2 Nov 2000 18:53:25 +0000 (18:53 +0000)]
make update

24 years agoNever call load_dh_param(NULL) because this leads to an illegal
Bodo Möller [Thu, 2 Nov 2000 10:35:10 +0000 (10:35 +0000)]
Never call load_dh_param(NULL) because this leads to an illegal
fopen(NULL).

24 years ago-t is supported, so display some help about it.
Richard Levitte [Wed, 1 Nov 2000 23:55:45 +0000 (23:55 +0000)]
-t is supported, so display some help about it.

24 years agooops, remove comments that are no longer true.
Geoff Thorpe [Wed, 1 Nov 2000 23:14:19 +0000 (23:14 +0000)]
oops, remove comments that are no longer true.

24 years agoExplanation, tips, etc.
Geoff Thorpe [Wed, 1 Nov 2000 23:12:01 +0000 (23:12 +0000)]
Explanation, tips, etc.

24 years agoThis is a demo that performs SSL tunneling (client and/or server) and is
Geoff Thorpe [Wed, 1 Nov 2000 23:11:19 +0000 (23:11 +0000)]
This is a demo that performs SSL tunneling (client and/or server) and is
built using an abstracted state machine with a non-blocking IP wrapper
around it. README will follow in the next commit.

24 years agoAdd application to enumerate, list and test engines with.
Richard Levitte [Wed, 1 Nov 2000 02:57:35 +0000 (02:57 +0000)]
Add application to enumerate, list and test engines with.

24 years agoAdd support for shared libraries under Irix.
Richard Levitte [Wed, 1 Nov 2000 00:05:04 +0000 (00:05 +0000)]
Add support for shared libraries under Irix.
Submitted by Albert Chin-A-Young <china@thewrittenword.com>

24 years agoRename true64 to the correct tru64.
Richard Levitte [Tue, 31 Oct 2000 23:39:08 +0000 (23:39 +0000)]
Rename true64 to the correct tru64.
Suggested by Albert Chin-A-Young <china@thewrittenword.com>

24 years agoImprovements to openssl.spec.
Richard Levitte [Tue, 31 Oct 2000 23:26:32 +0000 (23:26 +0000)]
Improvements to openssl.spec.
Submitted by Damien Miller <djm@mindrot.org>
This change has been CC:ed to crypt@bxa.doc.gov

24 years agoAdd configuration option to build on Linux on both big-endian and
Richard Levitte [Tue, 31 Oct 2000 23:14:19 +0000 (23:14 +0000)]
Add configuration option to build on Linux on both big-endian and
little-endian MIPS.
Submitted by Ralf Baechle <ralf@uni-koblenz.de>

24 years agoMake flag variables int instead of char. This avoids getting into trouble on systems...
Richard Levitte [Tue, 31 Oct 2000 11:58:56 +0000 (11:58 +0000)]
Make flag variables int instead of char.  This avoids getting into trouble on systems where char is unsigned by default

24 years ago_lrotl() is a call to the C runtime library!
Ulf Möller [Mon, 30 Oct 2000 20:14:27 +0000 (20:14 +0000)]
_lrotl() is a call to the C runtime library!

24 years agoDSO_load() should also work when it is passed a NULL - a new DSO is created
Geoff Thorpe [Mon, 30 Oct 2000 18:47:27 +0000 (18:47 +0000)]
DSO_load() should also work when it is passed a NULL - a new DSO is created
automatically, however some code was still referring to the original
pointer rather than the internal one (and thus to NULL instead of the
created pointer).

24 years agoDocument the change.
Richard Levitte [Sat, 28 Oct 2000 22:44:03 +0000 (22:44 +0000)]
Document the change.

24 years agoAdd the possibility to use keys handled by engines in more
Richard Levitte [Sat, 28 Oct 2000 22:40:40 +0000 (22:40 +0000)]
Add the possibility to use keys handled by engines in more
applications.

24 years agoSmall documentation change
Richard Levitte [Sat, 28 Oct 2000 22:21:04 +0000 (22:21 +0000)]
Small documentation change

24 years ago-engine is gone.
Ulf Möller [Fri, 27 Oct 2000 20:43:18 +0000 (20:43 +0000)]
-engine is gone.

24 years agoNetBSD doesn't use ftime().
Richard Levitte [Fri, 27 Oct 2000 20:28:37 +0000 (20:28 +0000)]
NetBSD doesn't use ftime().

24 years agoDocument the OCSP addition.
Richard Levitte [Fri, 27 Oct 2000 11:22:17 +0000 (11:22 +0000)]
Document the OCSP addition.

24 years agomake update
Richard Levitte [Fri, 27 Oct 2000 11:09:52 +0000 (11:09 +0000)]
make update

24 years agoThe majority of the OCSP code from CertCo.
Richard Levitte [Fri, 27 Oct 2000 11:05:35 +0000 (11:05 +0000)]
The majority of the OCSP code from CertCo.

24 years ago.
Ulf Möller [Thu, 26 Oct 2000 22:24:49 +0000 (22:24 +0000)]
.

24 years agoMerge the engine branch into the main trunk. All conflicts resolved.
Richard Levitte [Thu, 26 Oct 2000 21:07:28 +0000 (21:07 +0000)]
Merge the engine branch into the main trunk.  All conflicts resolved.
At the same time, add VMS support for Rijndael.

24 years agoAdd a note about the recent DSO changes in CHANGES. BEFORE_engine
Geoff Thorpe [Thu, 26 Oct 2000 20:02:33 +0000 (20:02 +0000)]
Add a note about the recent DSO changes in CHANGES.

24 years agoOn HP-UX, at least when shl_* are used, the libraries have the
Richard Levitte [Thu, 26 Oct 2000 18:42:35 +0000 (18:42 +0000)]
On HP-UX, at least when shl_* are used, the libraries have the
extension .sl instead of .so.

24 years agoFor the operating systems where it matters, it is sometimes good to
Richard Levitte [Thu, 26 Oct 2000 18:30:34 +0000 (18:30 +0000)]
For the operating systems where it matters, it is sometimes good to
translate library names by only adding ".so" to them without
prepending them with "lib".  Add the flag DSO_FLAG_NAME_TRANSLATION_EXT_ONLY
for that purpose.

24 years agoThis changes the behaviour of the DSO mechanism for determining an
Geoff Thorpe [Thu, 26 Oct 2000 17:38:59 +0000 (17:38 +0000)]
This changes the behaviour of the DSO mechanism for determining an
appropriate filename translation on the host system. Apart from this point,
users should also note that there's a slight change in the API functions
too. The DSO now contains its own to-be-converted filename
("dso->filename"), and at the time the DSO loads the "dso->loaded_filename"
value is set to the translated form. As such, this also provides an impicit
way of determining if the DSO is currently loaded or not. Except, perhaps,
VMS .... :-)

The various DSO_METHODs have been updated for this mechanism except VMS
which is deliberately broken for now, Richard is going to look at how to
fit it in (the source comments in there explain "the issue").

Basically, the new callback scheme allows the filename conversion to
(a) be turned off altogether through the use of the
    DSO_FLAG_NO_NAME_TRANSLATION flag,
(b) be handled in the default way using the default DSO_METHOD's converter
(c) overriden per-DSO by setting the override callback
(d) a mix of (b) and (c) - eg. implement an override callback that;
    (i) checks if we're win32 "if(strstr(dso->meth->name, "win32"))..."
        and if so, convert "blah" into "blah32.dll" (the default is
otherwise to make it "blah.dll").
    (ii) default to the normal behaviour - eg. we're not on win32, so
         finish with (return dso->meth->dso_name_converter(dso,NULL)).
(e) be retried a number of times by writing a new DSO_METHOD where the
    "dso_load()" handler will call the converter repeatedly. Then the
    custom converter could use state information in the DSO to suggest
    different conversions or paths each time it is invoked.

24 years agorsautl.c requires RSA.
Bodo Möller [Thu, 26 Oct 2000 12:05:57 +0000 (12:05 +0000)]
rsautl.c requires RSA.

24 years agos_server not s_client
Ulf Möller [Mon, 23 Oct 2000 19:13:35 +0000 (19:13 +0000)]
s_server not s_client

24 years agoCert chain verification is useable by now.
Bodo Möller [Mon, 23 Oct 2000 14:36:18 +0000 (14:36 +0000)]
Cert chain verification is useable by now.
Whether Steve is still working on 'proper' verification is up to
him to decide ...

24 years agoCorrection from Tani Hosokawa <unknown@riverstyx.net>
Ulf Möller [Mon, 23 Oct 2000 14:02:02 +0000 (14:02 +0000)]
Correction from Tani Hosokawa <unknown@riverstyx.net>