This commit was manufactured by cvs2svn to create branch

'OpenSSL_0_9_6-stable'.

3 files changed, 192 insertions, 0 deletions

diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
new file mode 100644
index 0000000000..21a9db0e2a
--- /dev/null
+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_add_extra_chain_cert - add certificate to chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
+
+=head1 DESCRIPTION
+
+SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
+chain presented together with the certificate. Several certificates
+can be added one after the other.
+
+=head1 NOTES
+
+When constructing the certificate chain, the chain will be formed from
+these certificates explicitly specified. If no chain is specified,
+the library will try to complete the chain from the available CA
+certificates in the trusted CA storage, see
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+
+=head1 RETURN VALUES
+
+SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
+error stack to find out the reason for failure otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
new file mode 100644
index 0000000000..a5343a1cf3
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+
+ int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_default_passwd_cb() sets the default password callback called
+when loading/storing a PEM certificate with encryption.
+
+SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
+will be provided to the password callback on invocation.
+
+The pem_passwd_cb(), which must be provided by the application, hands back the
+password to be used during decryption. On invocation a pointer to B<userdata>
+is provided. The pem_passwd_cb must write the password into the provided buffer
+B<buf> which is of size B<size>. The actual length of the password must
+be returned to the calling function. B<rwflag> indicates whether the
+callback is used for reading/decryption (rwflag=0) or writing/encryption
+(rwflag=1).
+
+=head1 NOTES
+
+When loading or storing private keys, a password might be supplied to
+protect the private key. The way this password can be supplied may depend
+on the application. If only one private key is handled, it can be practical
+to have pem_passwd_cb() handle the password dialog interactively. If several
+keys have to be handled, it can be practical to ask for the password once,
+then keep it in memory and use it several times. In the last case, the
+password could be stored into the B<userdata> storage and the
+pem_passwd_cb() only returns the password already stored.
+
+Other items in PEM formatting (certificates) can also be encrypted, it is
+however not usual, as certificate information is considered public.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata()
+do not provide diagnostic information.
+
+=head1 EXAMPLES
+
+The following example returns the password provided as B<userdata> to the
+calling function. The password is considered to be a '\0' terminated
+string. If the password does not fit into the buffer, the password is
+truncated.
+
+ int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
+ {
+  strncpy(buf, (char *)(password), size);
+  buf[size - 1] = '\0';
+  return(strlen(buf));
+ }
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>
+
+=cut
diff --git a/test/bctest b/test/bctest
new file mode 100755
index 0000000000..6fa0663bb0
--- /dev/null
+++ b/test/bctest
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'bc'
+# is installed.
+# ('make test_bn' should not try to run 'bc' if it does not exist or if
+# it is a broken 'bc' version that is known to cause trouble.)
+#
+# If 'bc' works, we also test if it knows the 'print' command.
+#
+# In any case, output an appropriate command line for running (or not
+# running) bc.
+
+
+# Test for SunOS 5.[78] bc bug (or missing bc)
+if [ 0 != "`bc <<\EOF
+obase=16
+ibase=16
+a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
+CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
+10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
+C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
+3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
+4FC3CADF855448B24A9D7640BCF473E
+b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
+9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
+8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
+3ED0E2017D60A68775B75481449
+(a/b)*b + (a%b) - a
+EOF`" ]
+then
+  echo "bc does not work.  Consider installing GNU bc." >&2
+  echo "cat >/dev/null"
+  exit 1
+fi
+
+
+# Test for SCO bc bug.
+if [ "0
+0" != "`bc <<\EOF
+obase=16
+ibase=16
+-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
+9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
+11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
+1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
+AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
+F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
+B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
+02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
+85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
+A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
+E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
+8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
+04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
+89C8D71
+AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
+928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
+8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
+37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
+E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
+F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
+9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
+D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
+5296964
+EOF`" ]
+then
+  echo "bc does not work.  Consider installing GNU bc." >&2
+  echo "cat >/dev/null"
+  exit 1
+fi
+
+
+# bc works, good.
+# Now check if it knows the 'print' command.
+if [ "OK" = "`bc 2>/dev/null <<\EOF
+print \"OK\"
+EOF`" ]
+then
+    echo "bc"
+else
+    echo "sed 's/print.*//' | bc"
+fi
+
+exit 0