From c4a24b13f3fdd0a96214494045e6cec8a9bbfdd0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 25 Sep 2002 15:12:13 +0000 Subject: [PATCH] Merge in recent changes from 0.9.6-stable. --- CHANGES | 17 ++++ FAQ | 12 +++ Makefile.org | 10 +-- apps/makeapps.com | 2 +- apps/pkcs12.c | 10 +-- apps/s_server.c | 14 ++-- apps/speed.c | 2 +- crypto/asn1/a_strex.c | 4 +- crypto/asn1/a_utctm.c | 2 + crypto/cryptlib.c | 1 + crypto/crypto-lib.com | 4 +- crypto/crypto.h | 55 +++++++------ crypto/des/FILES | 96 ----------------------- crypto/pem/pem_lib.c | 7 +- crypto/rand/rand_egd.c | 2 +- doc/crypto/BN_CTX_new.pod | 2 +- doc/crypto/BN_add.pod | 2 +- doc/crypto/BN_add_word.pod | 2 +- doc/crypto/BN_bn2bin.pod | 2 +- doc/crypto/BN_copy.pod | 2 +- doc/crypto/BN_generate_prime.pod | 2 +- doc/crypto/BN_mod_inverse.pod | 2 +- doc/crypto/BN_mod_mul_montgomery.pod | 2 +- doc/crypto/BN_mod_mul_reciprocal.pod | 2 +- doc/crypto/BN_new.pod | 2 +- doc/crypto/BN_rand.pod | 2 +- doc/crypto/DH_generate_key.pod | 2 +- doc/crypto/DH_generate_parameters.pod | 3 +- doc/crypto/DH_new.pod | 2 +- doc/crypto/DSA_SIG_new.pod | 3 +- doc/crypto/DSA_do_sign.pod | 2 +- doc/crypto/DSA_dup_DH.pod | 2 +- doc/crypto/DSA_generate_key.pod | 3 +- doc/crypto/DSA_generate_parameters.pod | 2 +- doc/crypto/DSA_new.pod | 2 +- doc/crypto/DSA_sign.pod | 2 +- doc/crypto/EVP_SealInit.pod | 5 +- doc/crypto/RAND_bytes.pod | 3 +- doc/crypto/RSA_check_key.pod | 2 +- doc/crypto/RSA_generate_key.pod | 3 +- doc/crypto/RSA_private_encrypt.pod | 3 +- doc/crypto/RSA_public_encrypt.pod | 3 +- doc/crypto/RSA_sign.pod | 4 +- doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 4 +- doc/openssl.txt | 2 +- ssl/s23_clnt.c | 4 + ssl/s23_srvr.c | 4 + ssl/s2_clnt.c | 4 + ssl/s2_srvr.c | 6 +- ssl/s3_clnt.c | 27 +++---- ssl/s3_srvr.c | 4 + ssl/ssl-lib.com | 2 +- ssl/ssl_lib.c | 19 ++++- ssl/t1_clnt.c | 4 + ssl/t1_srvr.c | 4 + test/maketests.com | 2 +- util/pod2mantest | 22 +++--- 57 files changed, 197 insertions(+), 217 deletions(-) delete mode 100644 crypto/des/FILES diff --git a/CHANGES b/CHANGES index 8b947b8518..cf9d6cdab9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,23 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c + (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). + [Bodo Moeller] + + *) Fix initialization code race conditions in + SSLv23_client_method(), SSLv23_server_method(), + SSLv2_client_method(), SSLv2_server_method(), + SSLv3_client_method(), SSLv3_server_method(), + TLSv1_client_method(), TLSv1_server_method(). + [Patrick McCormick , Bodo Moeller] + + *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after + the cached sessions are flushed, as the remove_cb() might use ex_data + contents. Bug found by Sam Varshavchik + (see [openssl.org #212]). + [Geoff Thorpe, Lutz Jaenicke] + *) Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. [Steve Henson] diff --git a/FAQ b/FAQ index f9cd7d2820..360101a2bb 100644 --- a/FAQ +++ b/FAQ @@ -35,6 +35,7 @@ OpenSSL - Frequently Asked Questions * Why does the linker complain about undefined symbols? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? +* Why does the OpenSSL test fail with "bc: stack empty"? * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? * Why does the OpenSSL compilation fail on Win32 with VC++? @@ -392,6 +393,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used, for example. +* Why does the OpenSSL test fail with "bc: stack empty"? + +On some DG/ux versions, bc seems to have a too small stack for calculations +that the OpenSSL bntest throws at it. This gets triggered when you run the +test suite (using "make test"). The message returned is "bc: stack empty". + +The best way to deal with this is to find another implementation of bc +and compile/install it. GNU bc (see http://www.gnu.org/software/software.html +for download instructions) can be safely used, for example. + + * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? On some Alpha installations running Tru64 Unix and Compaq C, the compilation diff --git a/Makefile.org b/Makefile.org index aae587c894..2107c419c9 100644 --- a/Makefile.org +++ b/Makefile.org @@ -270,9 +270,7 @@ do_gnu-shared: done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ - collect2=`gcc -print-prog-name=collect2 2>&1` && \ - [ -n "$$collect2" ] && \ - my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ + my_ld=`gcc -print-prog-name=ld 2>&1` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 @@ -687,13 +685,13 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man=`cd util; ./pod2mantest ignore`; \ + @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$(PERL) $$pod2man \ + sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ @@ -703,7 +701,7 @@ install_docs: if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ - sh -c "$(PERL) $$pod2man \ + sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ diff --git a/apps/makeapps.com b/apps/makeapps.com index fe55369843..411beea872 100644 --- a/apps/makeapps.com +++ b/apps/makeapps.com @@ -1077,7 +1077,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC +$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! $! Special Threads For OpenVMS v7.1 Or Later $! diff --git a/apps/pkcs12.c b/apps/pkcs12.c index db34f0ef50..196770fc04 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -503,9 +503,10 @@ int MAIN(int argc, char **argv) /* Exclude verified certificate */ for (i = 1; i < sk_X509_num (chain2) ; i++) sk_X509_push(certs, sk_X509_value (chain2, i)); - } - sk_X509_free(chain2); - if (vret) { + /* Free first certificate */ + X509_free(sk_X509_value(chain2, 0)); + sk_X509_free(chain2); + } else { BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); goto export_end; @@ -532,8 +533,6 @@ int MAIN(int argc, char **argv) } sk_X509_pop_free(certs, X509_free); certs = NULL; - /* ucert is part of certs so it is already freed */ - ucert = NULL; #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -621,7 +620,6 @@ int MAIN(int argc, char **argv) if (certs) sk_X509_pop_free(certs, X509_free); if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); diff --git a/apps/s_server.c b/apps/s_server.c index ae77d9ae9d..0c2893d171 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -257,10 +257,10 @@ static char **local_argv; static int ebcdic_new(BIO *bi); static int ebcdic_free(BIO *a); static int ebcdic_read(BIO *b, char *out, int outl); -static int ebcdic_write(BIO *b, char *in, int inl); -static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); +static int ebcdic_write(BIO *b, const char *in, int inl); +static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); static int ebcdic_gets(BIO *bp, char *buf, int size); -static int ebcdic_puts(BIO *bp, char *str); +static int ebcdic_puts(BIO *bp, const char *str); #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) static BIO_METHOD methods_ebcdic= @@ -325,7 +325,7 @@ static int ebcdic_read(BIO *b, char *out, int outl) return(ret); } -static int ebcdic_write(BIO *b, char *in, int inl) +static int ebcdic_write(BIO *b, const char *in, int inl) { EBCDIC_OUTBUFF *wbuf; int ret=0; @@ -358,7 +358,7 @@ static int ebcdic_write(BIO *b, char *in, int inl) return(ret); } -static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) +static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret; @@ -377,7 +377,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) static int ebcdic_gets(BIO *bp, char *buf, int size) { - int i, ret; + int i, ret=0; if (bp->next_bio == NULL) return(0); /* return(BIO_gets(bp->next_bio,buf,size));*/ for (i=0; inext_bio == NULL) return(0); return ebcdic_write(bp, str, strlen(str)); diff --git a/apps/speed.c b/apps/speed.c index a13e257566..643a9a6df9 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -724,7 +724,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); -#ifdef TIMES +#if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 569b811998..9a57eba270 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -519,7 +519,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) { ASN1_STRING stmp, *str = &stmp; int mbflag, type, ret; - if(!*out || !in) return -1; + if(!in) return -1; type = in->type; if((type < 0) || (type > 30)) return -1; mbflag = tag2nbyte[type]; @@ -528,6 +528,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) stmp.data = NULL; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; - if(out) *out = stmp.data; + *out = stmp.data; return stmp.length; } diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index dd5955ac9f..1aafb663f6 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -246,6 +246,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) ts=(struct tm *)localtime(&t); } #endif + if (ts == NULL) + return(NULL); p=(char *)s->data; if ((p == NULL) || (s->length < 14)) { diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 84dcab094b..f2f3d23381 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -89,6 +89,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ssl_session", "ssl_sess_cert", "ssl", + /* "ssl_method", */ "rand", "rand2", "debug_malloc", diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 2bfb24f068..ec01c1f1fd 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -1333,7 +1333,7 @@ $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS $! $! Show user the result $! -$ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC +$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC $! $! Else The User Entered An Invalid Arguement. $! @@ -1364,7 +1364,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE $! $! Show user the result $! -$ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO +$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO $! $! Time to check the contents, and to make sure we get the correct library. $! diff --git a/crypto/crypto.h b/crypto/crypto.h index d8258fcc79..a305bd058d 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -95,36 +95,39 @@ extern "C" { * names in cryptlib.c */ -#define CRYPTO_LOCK_ERR 1 -#define CRYPTO_LOCK_ERR_HASH 2 -#define CRYPTO_LOCK_X509 3 -#define CRYPTO_LOCK_X509_INFO 4 -#define CRYPTO_LOCK_X509_PKEY 5 +#define CRYPTO_LOCK_ERR 1 +#define CRYPTO_LOCK_ERR_HASH 2 +#define CRYPTO_LOCK_X509 3 +#define CRYPTO_LOCK_X509_INFO 4 +#define CRYPTO_LOCK_X509_PKEY 5 #define CRYPTO_LOCK_X509_CRL 6 #define CRYPTO_LOCK_X509_REQ 7 #define CRYPTO_LOCK_DSA 8 #define CRYPTO_LOCK_RSA 9 #define CRYPTO_LOCK_EVP_PKEY 10 -#define CRYPTO_LOCK_X509_STORE 11 -#define CRYPTO_LOCK_SSL_CTX 12 -#define CRYPTO_LOCK_SSL_CERT 13 -#define CRYPTO_LOCK_SSL_SESSION 14 -#define CRYPTO_LOCK_SSL_SESS_CERT 15 -#define CRYPTO_LOCK_SSL 16 -#define CRYPTO_LOCK_RAND 17 -#define CRYPTO_LOCK_RAND2 18 -#define CRYPTO_LOCK_MALLOC 19 -#define CRYPTO_LOCK_BIO 20 -#define CRYPTO_LOCK_GETHOSTBYNAME 21 -#define CRYPTO_LOCK_GETSERVBYNAME 22 -#define CRYPTO_LOCK_READDIR 23 -#define CRYPTO_LOCK_RSA_BLINDING 24 -#define CRYPTO_LOCK_DH 25 -#define CRYPTO_LOCK_MALLOC2 26 -#define CRYPTO_LOCK_DSO 27 -#define CRYPTO_LOCK_DYNLOCK 28 -#define CRYPTO_LOCK_ENGINE 29 -#define CRYPTO_NUM_LOCKS 30 +#define CRYPTO_LOCK_X509_STORE 11 +#define CRYPTO_LOCK_SSL_CTX 12 +#define CRYPTO_LOCK_SSL_CERT 13 +#define CRYPTO_LOCK_SSL_SESSION 14 +#define CRYPTO_LOCK_SSL_SESS_CERT 15 +#define CRYPTO_LOCK_SSL 16 +/* for binary compatibility between 0.9.6 minor versions, + * reuse an existing lock (later version use a new one): */ +# define CRYPTO_LOCK_SSL_METHOD CRYPTO_LOCK_SSL_CTX +#define CRYPTO_LOCK_RAND 17 +#define CRYPTO_LOCK_RAND2 18 +#define CRYPTO_LOCK_MALLOC 19 +#define CRYPTO_LOCK_BIO 20 +#define CRYPTO_LOCK_GETHOSTBYNAME 21 +#define CRYPTO_LOCK_GETSERVBYNAME 22 +#define CRYPTO_LOCK_READDIR 23 +#define CRYPTO_LOCK_RSA_BLINDING 24 +#define CRYPTO_LOCK_DH 25 +#define CRYPTO_LOCK_MALLOC2 26 +#define CRYPTO_LOCK_DSO 27 +#define CRYPTO_LOCK_DYNLOCK 28 +#define CRYPTO_LOCK_ENGINE 29 +#define CRYPTO_NUM_LOCKS 30 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -146,7 +149,7 @@ extern "C" { #endif #else #define CRYPTO_w_lock(a) -#define CRYPTO_w_unlock(a) +#define CRYPTO_w_unlock(a) #define CRYPTO_r_lock(a) #define CRYPTO_r_unlock(a) #define CRYPTO_add(a,b,c) ((*(a))+=(b)) diff --git a/crypto/des/FILES b/crypto/des/FILES deleted file mode 100644 index 4c7ea2de7a..0000000000 --- a/crypto/des/FILES +++ /dev/null @@ -1,96 +0,0 @@ -/* General stuff */ -COPYRIGHT - Copyright info. -MODES.DES - A description of the features of the different modes of DES. -FILES - This file. -INSTALL - How to make things compile. -Imakefile - For use with kerberos. -README - What this package is. -VERSION - Which version this is and what was changed. -KERBEROS - Kerberos version 4 notes. -Makefile.PL - An old makefile to build with perl5, not current. -Makefile.ssl - The SSLeay makefile -Makefile.uni - The normal unix makefile. -GNUmakefile - The makefile for use with glibc. -makefile.bc - A Borland C makefile -times - Some outputs from 'speed' on some machines. -vms.com - For use when compiling under VMS - -/* My SunOS des(1) replacement */ -des.c - des(1) source code. -des.man - des(1) manual. - -/* Testing and timing programs. */ -destest.c - Source for libdes.a test program. -speed.c - Source for libdes.a timing program. -rpw.c - Source for libdes.a testing password reading routines. - -/* libdes.a source code */ -des_crypt.man - libdes.a manual page. -des.h - Public libdes.a header file. -ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code. -ecb3_enc.c - des_ecb3_encrypt() source. -cbc_ckm.c - des_cbc_cksum() source. -cbc_enc.c - des_cbc_encrypt() source. -ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies - the new iv values back in the passed iv vector. -ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES. -cbc3_enc.c - des_3cbc_encrypt() source, don't use this function. -cfb_enc.c - des_cfb_encrypt() source. -cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be - used as a stream cipher. -cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be - used as a stream cipher and using triple DES. -ofb_enc.c - des_cfb_encrypt() source. -ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be - used as a stream cipher. -ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be - used as a stream cipher and using triple DES. -enc_read.c - des_enc_read() source. -enc_writ.c - des_enc_write() source. -pcbc_enc.c - des_pcbc_encrypt() source. -qud_cksm.c - quad_cksum() source. -rand_key.c - des_random_key() source. -read_pwd.c - Source for des_read_password() plus related functions. -set_key.c - Source for des_set_key(). -str2key.c - Covert a string of any length into a key. -fcrypt.c - A small, fast version of crypt(3). -des_locl.h - Internal libdes.a header file. -podd.h - Odd parity tables - used in des_set_key(). -sk.h - Lookup tables used in des_set_key(). -spr.h - What is left of the S tables - used in ecb_encrypt(). -des_ver.h - header file for the external definition of the - version string. -des.doc - SSLeay documentation for the library. - -/* The perl scripts - you can ignore these files they are only - * included for the curious */ -des.pl - des in perl anyone? des_set_key and des_ecb_encrypt - both done in a perl library. -testdes.pl - Testing program for des.pl -doIP - Perl script used to develop IP xor/shift code. -doPC1 - Perl script used to develop PC1 xor/shift code. -doPC2 - Generates sk.h. -PC1 - Output of doPC1 should be the same as output from PC1. -PC2 - used in development of doPC2. -shifts.pl - Perl library used by my perl scripts. - -/* I started making a perl5 dynamic library for libdes - * but did not fully finish, these files are part of that effort. */ -DES.pm -DES.pod -DES.xs -t -typemap - -/* The following are for use with sun RPC implementaions. */ -rpc_des.h -rpc_enc.c - -/* The following are contibuted by Mark Murray . They - * are not normally built into libdes due to machine specific routines - * contained in them. They are for use in the most recent incarnation of - * export kerberos v 4 (eBones). */ -supp.c -new_rkey.c - - diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 01759f75c3..043b578e22 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -405,8 +405,11 @@ err: memset(iv,0,sizeof(iv)); memset((char *)&ctx,0,sizeof(ctx)); memset(buf,0,PEM_BUFSIZE); - memset(data,0,(unsigned int)dsize); - OPENSSL_free(data); + if (data != NULL) + { + memset(data,0,(unsigned int)dsize); + OPENSSL_free(data); + } return(ret); } diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index a6601696ad..e17060fe90 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -59,7 +59,7 @@ /* Query the EGD . */ -#if defined(WIN32) || defined(VMS) || defined(__VMS) +#if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) int RAND_egd(const char *path) { return(-1); diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod index c94d8c610d..ad8d07db89 100644 --- a/doc/crypto/BN_CTX_new.pod +++ b/doc/crypto/BN_CTX_new.pod @@ -42,7 +42,7 @@ BN_CTX_init() and BN_CTX_free() have no return values. =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 0541d45643..7baed2d492 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -86,7 +86,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, +L, L, L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod index 66bedfb924..94244adea4 100644 --- a/doc/crypto/BN_add_word.pod +++ b/doc/crypto/BN_add_word.pod @@ -46,7 +46,7 @@ BN_mod_word() and BN_div_word() return B%B. =head1 SEE ALSO -L, L, L +L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index b62d1af0ff..a4b17ca60a 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -80,7 +80,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, +L, L, L, L, L diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod index 8ad25e7834..388dd7df26 100644 --- a/doc/crypto/BN_copy.pod +++ b/doc/crypto/BN_copy.pod @@ -25,7 +25,7 @@ by L. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 638f6514ee..6ea23791d1 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -90,7 +90,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L +L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_mod_inverse.pod b/doc/crypto/BN_mod_inverse.pod index 49e62daf9f..3ea3975c74 100644 --- a/doc/crypto/BN_mod_inverse.pod +++ b/doc/crypto/BN_mod_inverse.pod @@ -27,7 +27,7 @@ NULL on error. The error codes can be obtained by L, L, L +L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod index 0b8ab512df..f3cee924b9 100644 --- a/doc/crypto/BN_mod_mul_montgomery.pod +++ b/doc/crypto/BN_mod_mul_montgomery.pod @@ -81,7 +81,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod index a28925f8a9..74a216ddc2 100644 --- a/doc/crypto/BN_mod_mul_reciprocal.pod +++ b/doc/crypto/BN_mod_mul_reciprocal.pod @@ -69,7 +69,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod index c1394ff2a3..3033789c51 100644 --- a/doc/crypto/BN_new.pod +++ b/doc/crypto/BN_new.pod @@ -42,7 +42,7 @@ values. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 9cec238f9e..81f93c2eb3 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -45,7 +45,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, +L, L, L, L, L =head1 HISTORY diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod index 920995b2e5..81f09fdf45 100644 --- a/doc/crypto/DH_generate_key.pod +++ b/doc/crypto/DH_generate_key.pod @@ -40,7 +40,7 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, L +L, L, L, L =head1 HISTORY diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod index a7d0c75f0c..9081e9ea7c 100644 --- a/doc/crypto/DH_generate_parameters.pod +++ b/doc/crypto/DH_generate_parameters.pod @@ -59,7 +59,8 @@ a usable generator. =head1 SEE ALSO -L, L, L, L +L, L, L, +L =head1 HISTORY diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod index 64624b9d15..60c930093e 100644 --- a/doc/crypto/DH_new.pod +++ b/doc/crypto/DH_new.pod @@ -29,7 +29,7 @@ DH_free() returns no value. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod index 671655554a..3ac6140038 100644 --- a/doc/crypto/DSA_SIG_new.pod +++ b/doc/crypto/DSA_SIG_new.pod @@ -30,7 +30,8 @@ DSA_SIG_free() returns no value. =head1 SEE ALSO -L, L, L +L, L, +L =head1 HISTORY diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod index a24fd5714e..5dfc733b20 100644 --- a/doc/crypto/DSA_do_sign.pod +++ b/doc/crypto/DSA_do_sign.pod @@ -36,7 +36,7 @@ L. =head1 SEE ALSO -L, L, L, +L, L, L, L, L diff --git a/doc/crypto/DSA_dup_DH.pod b/doc/crypto/DSA_dup_DH.pod index 29cb1075d1..695f99a13b 100644 --- a/doc/crypto/DSA_dup_DH.pod +++ b/doc/crypto/DSA_dup_DH.pod @@ -27,7 +27,7 @@ Be careful to avoid small subgroup attacks when using this. =head1 SEE ALSO -L, L, L +L, L, L =head1 HISTORY diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod index 52890db5be..af83ccfaa1 100644 --- a/doc/crypto/DSA_generate_key.pod +++ b/doc/crypto/DSA_generate_key.pod @@ -24,7 +24,8 @@ The error codes can be obtained by L. =head1 SEE ALSO -L, L, L, L +L, L, L, +L =head1 HISTORY diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index 43f60b0eb9..be7c924ff8 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -90,7 +90,7 @@ Seed lengths E 20 are not supported. =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod index 7dde54445b..301af912dd 100644 --- a/doc/crypto/DSA_new.pod +++ b/doc/crypto/DSA_new.pod @@ -30,7 +30,7 @@ DSA_free() returns no value. =head1 SEE ALSO -L, L, +L, L, L, L diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index f6e60a8ca3..97389e8ec8 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -55,7 +55,7 @@ Standard, DSS), ANSI X9.30 =head1 SEE ALSO -L, L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 0451eb648a..7cd12491cd 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -12,7 +12,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); - int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, + void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); =head1 DESCRIPTION @@ -43,8 +43,7 @@ page. EVP_SealInit() returns 0 on error or B if successful. -EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for -failure. +EVP_SealUpdate() returns 1 for success and 0 for failure. =head1 NOTES diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index b6ebd50527..ce6329ce54 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -35,7 +35,8 @@ method. =head1 SEE ALSO -L, L, L +L, L, +L =head1 HISTORY diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod index d2db47e978..496fc47137 100644 --- a/doc/crypto/RSA_check_key.pod +++ b/doc/crypto/RSA_check_key.pod @@ -39,7 +39,7 @@ key data too. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod index 8714f7179d..52dbb14a53 100644 --- a/doc/crypto/RSA_generate_key.pod +++ b/doc/crypto/RSA_generate_key.pod @@ -59,7 +59,8 @@ RSA_generate_key() goes into an infinite loop for illegal input values. =head1 SEE ALSO -L, L, L, L +L, L, L, +L =head1 HISTORY diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod index 6861a98a10..746a80c79e 100644 --- a/doc/crypto/RSA_private_encrypt.pod +++ b/doc/crypto/RSA_private_encrypt.pod @@ -59,7 +59,8 @@ obtained by L. =head1 SEE ALSO -L, L, L, L +L, L, +L, L =head1 HISTORY diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod index 02edb7aa75..9ae5f93152 100644 --- a/doc/crypto/RSA_public_encrypt.pod +++ b/doc/crypto/RSA_public_encrypt.pod @@ -72,7 +72,8 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO -L, L, L, L +L, L, L, +L =head1 NOTES diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod index f0bf6eea1b..71688a665e 100644 --- a/doc/crypto/RSA_sign.pod +++ b/doc/crypto/RSA_sign.pod @@ -50,8 +50,8 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO -L, L, L, -L, +L, L, +L, L, L =head1 HISTORY diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod index df9ceb339a..e70380bbfc 100644 --- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod @@ -47,8 +47,8 @@ These functions serve no recognizable purpose. =head1 SEE ALSO -L, L, L, -L, L, +L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/openssl.txt b/doc/openssl.txt index 5da519e7e4..432a17b66c 100644 --- a/doc/openssl.txt +++ b/doc/openssl.txt @@ -344,7 +344,7 @@ the extension. Examples: -subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/ +subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ subjectAltName=email:my@other.address,RID:1.2.3.4 Issuer Alternative Name. diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 2d0eb4a8ff..df9ed02ddd 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -87,11 +87,15 @@ SSL_METHOD *SSLv23_client_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv23_client_data, (char *)sslv23_base_method(),sizeof(SSL_METHOD)); SSLv23_client_data.ssl_connect=ssl23_connect; SSLv23_client_data.get_ssl_method=ssl23_get_client_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_client_data); } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index b40bb01ab7..94198750f9 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -139,11 +139,15 @@ SSL_METHOD *SSLv23_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv23_server_data, (char *)sslv23_base_method(),sizeof(SSL_METHOD)); SSLv23_server_data.ssl_accept=ssl23_accept; SSLv23_server_data.get_ssl_method=ssl23_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_server_data); } diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 236b394db7..c59fa6e429 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -145,11 +145,15 @@ SSL_METHOD *SSLv2_client_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), sizeof(SSL_METHOD)); SSLv2_client_data.ssl_connect=ssl2_connect; SSLv2_client_data.get_ssl_method=ssl2_get_client_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_client_data); } diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index d736f6807b..48fff175d4 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -145,11 +145,15 @@ SSL_METHOD *SSLv2_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), sizeof(SSL_METHOD)); SSLv2_server_data.ssl_accept=ssl2_accept; SSLv2_server_data.get_ssl_method=ssl2_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_server_data); } @@ -1001,7 +1005,7 @@ static int request_certificate(SSL *s) len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); goto end; } j = (int)len - s->init_num; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 32b9cea1ca..a55acd1975 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -146,11 +146,15 @@ SSL_METHOD *SSLv3_client_method(void) if (init) { - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), sizeof(SSL_METHOD)); SSLv3_client_data.ssl_connect=ssl3_connect; SSLv3_client_data.get_ssl_method=ssl3_get_client_method; + init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_client_data); } @@ -632,23 +636,11 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); - if(j > sizeof s->session->session_id) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; - } - - if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) + if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { - /* SSLref returns 16 :-( */ - if (j < SSL2_SSL_SESSION_ID_LENGTH) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - goto f_err; - } + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; } if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) @@ -656,6 +648,7 @@ static int ssl3_get_server_hello(SSL *s) if(s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { + /* actually a client application bug */ al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index fe1e689014..50913ae8e4 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -151,11 +151,15 @@ SSL_METHOD *SSLv3_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), sizeof(SSL_METHOD)); SSLv3_server_data.ssl_accept=ssl3_accept; SSLv3_server_data.get_ssl_method=ssl3_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_server_data); } diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 7d2836478d..44ea1bb979 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -1089,7 +1089,7 @@ $ ENDIF $! $! Show user the result $! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC +$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! $! Else The User Entered An Invalid Arguement. $! diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4f84a3476d..6b5a135ffe 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1245,13 +1245,24 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif + + /* + * Free internal session cache. However: the remove_cb() may reference + * the ex_data of SSL_CTX, thus the ex_data store can only be removed + * after the sessions were flushed. + * As the ex_data handling routines might also touch the session cache, + * the most secure solution seems to be: empty (flush) the cache, then + * free ex_data, then finally free the cache. + * (See ticket [openssl.org #212].) + */ + if (a->sessions != NULL) + SSL_CTX_flush_sessions(a,0); + CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); if (a->sessions != NULL) - { - SSL_CTX_flush_sessions(a,0); - lh_free(a->sessions); - } + lh_free(a->sessions); + if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c index 9745630a00..df00a1215a 100644 --- a/ssl/t1_clnt.c +++ b/ssl/t1_clnt.c @@ -79,11 +79,15 @@ SSL_METHOD *TLSv1_client_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), sizeof(SSL_METHOD)); TLSv1_client_data.ssl_connect=ssl3_connect; TLSv1_client_data.get_ssl_method=tls1_get_client_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_client_data); } diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c index 996b7ca8e2..e62275c6f8 100644 --- a/ssl/t1_srvr.c +++ b/ssl/t1_srvr.c @@ -80,11 +80,15 @@ SSL_METHOD *TLSv1_server_method(void) if (init) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), sizeof(SSL_METHOD)); TLSv1_server_data.ssl_accept=ssl3_accept; TLSv1_server_data.get_ssl_method=tls1_get_server_method; init=0; + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&TLSv1_server_data); } diff --git a/test/maketests.com b/test/maketests.com index 3d1b208ddc..c2f81c5c1b 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -906,7 +906,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC +$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! $! Else The User Entered An Invalid Arguement. $! diff --git a/util/pod2mantest b/util/pod2mantest index 449ef14f1b..026a6a1789 100755 --- a/util/pod2mantest +++ b/util/pod2mantest @@ -11,7 +11,8 @@ IFS=: -try_without_dir=false + +try_without_dir=true # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. for dir in dummy:$PATH; do if [ "$try_without_dir" = true ]; then @@ -29,9 +30,16 @@ for dir in dummy:$PATH; do if [ ! "$pod2man" = '' ]; then failure=none + if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then + : + else + failure=BasicTest + fi - if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then - failure=MultilineTest + if [ "$failure" = none ]; then + if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then + failure=MultilineTest + fi fi @@ -45,9 +53,5 @@ for dir in dummy:$PATH; do done echo "No working pod2man found. Consider installing a new version." >&2 -if [ "$1" = ignore ]; then - echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 - echo "../../util/pod2man.pl" - exit 0 -fi -exit 1 +echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 +echo "$1 ../../util/pod2man.pl" -- 2.25.1