| Age | Commit message (Collapse) | Author |
|---|
|
|
|
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
|
|
version some time soon.
|
|
|
|
|
|
|
|
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
|
|
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
|
|
|
|
terms of new API.
|
|
|
|
|
|
supports it (yet).
|
|
defering freeing in OBJ_cleanup().
|
|
temporarily[!] removes support for couple of esoteric platforms [well,
Netware, vxWorks and VMS].
|
|
all Windows targets.
|
|
|
|
handles properly by bss_file.c, which renders _fmode redundant.
|
|
|
|
|
|
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
|
|
|
|
|
|
Add support for policy checking in verify utility.
|
|
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
|
|
and include bn.h in those C files that need bignum functionality.
|
|
initial serial numbers.
PR: 842
|
|
to apps.c, and give it the hopefully descriptive name parse_yesno().
|
|
|
|
to 'openssl req' and 'openssl ca'.
PR: 779
Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de>
Reviewed by: Richard Levitte
(there will be some follow-up changes)
|
|
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
|
|
platforms that don't (necessarely) have it. In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).
|
|
rotate_serial() that works like rotate_index().
|
|
subject.
|
|
PR: 287
|
|
|
|
PR: 184
|
|
for monolithic as well as non-monolithic biuld.
More work is probably needed in this area.
PR: 144
|
|
functionality in the programs that had that before.
Part fo PR 164
|
|
Submitted by: Goetz Babin-Ebell <babinebell@trustcenter.de>
PR: 89
|
|
|
|
Add "init" command to control ENGINE
initialization.
Call ENGINE_finish on initialized ENGINEs on exit.
Reorder shutdown in apps.c: modules should be shut
down first.
Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.
Fix print format for dh length parameter.
|
|
Submitted by Andrew W. Gray <agray@iconsinc.com>
|
|
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
|
|
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
|
|
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
|
|
types.h to ossl_typ.h.
|
|
algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)
This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
-engine auto
|
|
crypto/engine/README for details.
|
|
|
