diff options
81 files changed, 319 insertions, 552 deletions
@@ -2,31 +2,6 @@ OpenSSL CHANGES _______________ - Changes between 0.9.6 and 0.9.7 [xx XXX 2000] - - *) Fix for bug in DirectoryString mask setting. Add support for - X509_NAME_print_ex() in 'req' and X509_print_ex() function - to allow certificate printing to more controllable, additional - 'certopt' option to 'x509' to allow new printing options to be - set. - [Steve Henson] - - *) Clean old EAY MD5 hack from e_os.h. - [Richard Levitte] - - *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. - - Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new - and not in SSL_clear because the latter is also used by the - accept/connect functions; previously, the settings made by - SSL_set_read_ahead would be lost during the handshake. - [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>] - - *) Correct util/mkdef.pl to be selective about disabled algorithms. - Previously, it would create entries for disableed algorithms no - matter what. - [Richard Levitte] - Changes between 0.9.5a and 0.9.6 [24 Sep 2000] *) In ssl23_get_client_hello, generate an error message when faced @@ -280,8 +280,8 @@ my %table=( # # <appro@fy.chalmers.se> # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:dlfcn:linux-shared:-fPIC", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o:dlfcn:linux-shared:-fPIC", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::", @@ -719,10 +719,6 @@ if ($shared_cflag ne "") $shared_mark2 = ".shlib."; } } -else - { - $no_shared = 1; - } #my ($bn1)=split(/\s+/,$bn_obj); #$bn1 = "" unless defined $bn1; diff --git a/Makefile.org b/Makefile.org index 96e4aaa8fb..c6f660954b 100644 --- a/Makefile.org +++ b/Makefile.org @@ -462,8 +462,7 @@ install: all install_docs if [ -f "$$i" ]; then \ ( echo installing $$i; \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - (echo $$i | grep '\\.a$$' > /dev/null 2>&1) \ - && $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi \ done @@ -474,19 +473,19 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 + @echo installing man 1 and man 5 @for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \ - echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `dirname $$i`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`) \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ done + @echo installing man 3 and man 7 @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \ - echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `dirname $$i`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`) \ @@ -1,5 +1,5 @@ - OpenSSL 0.9.7-dev 24 Sep 2000 + OpenSSL 0.9.6 24 Sep 2000 Copyright (c) 1998-2000 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -1,10 +1,9 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/09/24 17:31:36 $ + ______________ $Date: 2000/09/24 15:42:34 $ DEVELOPMENT STATE - o OpenSSL 0.9.7: Under development... o OpenSSL 0.9.6: Released on September 24th, 2000 o OpenSSL 0.9.5a: Released on April 1st, 2000 o OpenSSL 0.9.5: Released on February 28th, 2000 diff --git a/apps/apps.c b/apps/apps.c index 03bd9e2d3f..c22550b294 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -74,14 +74,6 @@ # include "bss_file.c" #endif -typedef struct { - char *name; - unsigned long flag; - unsigned long mask; -} NAME_EX_TBL; - -static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); - int app_init(long mesgwin); #ifdef undef /* never finished - probably never will be :-) */ int args_from_file(char *file, int *argc, char **argv[]) @@ -702,43 +694,16 @@ end: return(othercerts); } - -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -/* Return error for unknown extensions */ -#define X509V3_EXT_DEFAULT 0 -/* Print error for unknown extensions */ -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -/* ASN1 parse unknown extensions */ -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -/* BIO_dump unknown extensions */ -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - -int set_cert_ex(unsigned long *flags, const char *arg) -{ - static const NAME_EX_TBL cert_tbl[] = { - { "compatible", X509_FLAG_COMPAT, 0xffffffffl}, - { "no_header", X509_FLAG_NO_HEADER, 0}, - { "no_version", X509_FLAG_NO_VERSION, 0}, - { "no_serial", X509_FLAG_NO_SERIAL, 0}, - { "no_signame", X509_FLAG_NO_SIGNAME, 0}, - { "no_validity", X509_FLAG_NO_VALIDITY, 0}, - { "no_subject", X509_FLAG_NO_SUBJECT, 0}, - { "no_pubkey", X509_FLAG_NO_PUBKEY, 0}, - { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, - { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, - { "no_aux", X509_FLAG_NO_AUX, 0}, - { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, - { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - { NULL, 0, 0} - }; - return set_table_opts(flags, arg, cert_tbl); -} +typedef struct { + char *name; + unsigned long flag; + unsigned long mask; +} NAME_EX_TBL; int set_name_ex(unsigned long *flags, const char *arg) { - static const NAME_EX_TBL ex_tbl[] = { + char c; + const NAME_EX_TBL *ptbl, ex_tbl[] = { { "esc_2253", ASN1_STRFLGS_ESC_2253, 0}, { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, @@ -766,13 +731,7 @@ int set_name_ex(unsigned long *flags, const char *arg) { "multiline", XN_FLAG_MULTILINE, 0xffffffffL}, { NULL, 0, 0} }; - return set_table_opts(flags, arg, ex_tbl); -} -static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl) -{ - char c; - const NAME_EX_TBL *ptbl; c = arg[0]; if(c == '-') { @@ -783,7 +742,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T arg++; } else c = 1; - for(ptbl = in_tbl; ptbl->name; ptbl++) { + for(ptbl = ex_tbl; ptbl->name; ptbl++) { if(!strcmp(arg, ptbl->name)) { *flags &= ~ptbl->mask; if(c) *flags |= ptbl->flag; diff --git a/apps/apps.h b/apps/apps.h index 0951299d58..82587b9770 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -147,7 +147,6 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); int dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags); #endif -int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(BIO *err, LHASH *conf); diff --git a/apps/req.c b/apps/req.c index 4d707e83ed..1aab38d9d7 100644 --- a/apps/req.c +++ b/apps/req.c @@ -143,7 +143,6 @@ int MAIN(int argc, char **argv) #ifndef NO_DSA DSA *dsa_params=NULL; #endif - unsigned long nmflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; @@ -151,7 +150,7 @@ int MAIN(int argc, char **argv) int i,badops=0,newreq=0,newkey= -1,pkey_type=0; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; - int nodes=0,kludge=0,newhdr=0,subject=0; + int nodes=0,kludge=0,newhdr=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; char *req_exts = NULL; @@ -323,13 +322,6 @@ int MAIN(int argc, char **argv) nodes=1; else if (strcmp(*argv,"-noout") == 0) noout=1; - else if (strcmp(*argv,"-nameopt") == 0) - { - if (--argc < 1) goto bad; - if (!set_name_ex(&nmflag, *(++argv))) goto bad; - } - else if (strcmp(*argv,"-subject") == 0) - subject=1; else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-x509") == 0) @@ -811,7 +803,7 @@ loop: BIO_printf(bio_err,"verify OK\n"); } - if (noout && !text && !modulus && !subject) + if (noout && !text && !modulus) { ex=0; goto end; @@ -848,14 +840,6 @@ loop: X509_REQ_print(out,req); } - if(subject) - { - if(x509) - print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); - else - print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); - } - if (modulus) { EVP_PKEY *pubkey; diff --git a/apps/x509.c b/apps/x509.c index 3bef1fc590..76dd66db86 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -129,7 +129,6 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", -" -certopt arg - various certificate text options\n", NULL }; @@ -175,7 +174,7 @@ int MAIN(int argc, char **argv) char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend=0,checkoffset=0; - unsigned long nmflag = 0, certflag = 0; + unsigned long nmflag = 0; reqfile=0; @@ -327,11 +326,6 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } - else if (strcmp(*argv,"-certopt") == 0) - { - if (--argc < 1) goto bad; - if (!set_cert_ex(&certflag, *(++argv))) goto bad; - } else if (strcmp(*argv,"-nameopt") == 0) { if (--argc < 1) goto bad; @@ -780,7 +774,7 @@ bad: } else if (text == i) { - X509_print_ex(out,x,nmflag, certflag); + X509_print(out,x); } else if (startdate == i) { diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index ae761da79f..8c399bbff1 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -90,8 +90,7 @@ links: lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - @echo You may get an error following this line. Please ignore. - - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) @touch lib libs: diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 269af44593..eae97f321d 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -75,8 +75,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - @echo You may get an error following this line. Please ignore. - - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) @touch lib files: diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 5335538ae0..569b811998 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -491,24 +491,12 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) { - if(flags == XN_FLAG_COMPAT) - return X509_NAME_print(out, nm, indent); return do_name_ex(send_bio_chars, out, nm, indent, flags); } int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) { - if(flags == XN_FLAG_COMPAT) - { - BIO *btmp; - int ret; - btmp = BIO_new_fp(fp, BIO_NOCLOSE); - if(!btmp) return -1; - ret = X509_NAME_print(btmp, nm, indent); - BIO_free(btmp); - return ret; - } return do_name_ex(send_fp_chars, fp, nm, indent, flags); } diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 732e68fe46..6b10cff99 |