| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Call SSL_CTX_new() before doing any configuration.
(or call OPENSSL_ssl_init())
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
'ECDHParameters = Automatic' isn't accepted.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Note: server-cmod doesn't seem to do things right... from loading
cmod.cnf, it tries to load libssl_conf.so.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The Unix build was the last to retain the classic build scheme. The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup. Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Use new SSL_CONF options in demo. Add intermediate and root CAs and
update all to use SHA256.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
|
Continuing from the previous commit this changes the way we do client side
version negotiation. Similarly all of the s23* "up front" state machine code
has been avoided and again things now work much the same way as they already
did for DTLS, i.e. we just do most of the work in the
ssl3_get_server_hello() function.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.
The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.
Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.
Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
There were a dozen-plus instances of this construct:
if (0) { label: ..... }
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Avoid checking for NULL before calling free functions. This gets
ssl.*free:
ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free
SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
crypto/dsa/dsa_vrf.c
crypto/ec/ec2_smpl.c
crypto/ec/ecp_smpl.c
Conflicts:
demos/bio/saccept.c
ssl/d1_clnt.c
Conflicts:
bugs/dggccbug.c
demos/tunala/cb.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Undo unapproved commit that removed DJGPP and WATT32
|
|
DJGPP is no longer a supported platform. Remove all #ifdef, etc.,
cases that refer to it. DJGPP also #define'd WATT32, so that
is now removed as well.
|
|
New ctrl sets current certificate based on certain criteria. Currently
two options: set the first valid certificate as current and set the
next valid certificate as current. Using these an application can
iterate over all certificates in an SSL_CTX or SSL structure.
|
|
|
|
|
|
|
|
|
|
|
|
Two example programs one for command line argument processing and
one for configuration file processing.
|
|
|
|
PR: 338
Here's the description, submitted by Gisle Vanem <giva@bgnett.no>:
1. sock_init() renamed to ssl_sock_init() in ./apps/s_socket.c due
to name-clash with Watt-32.
2. rand() renamed to Rand() in ./crypto/bn/divtest.c due to name-clash
with <stdlib.h>
3. Added calls to dbug_init()/sock_init() in some demo programs.
4. Changed cflags/lflags in configure. Watt-32 install root now taken
from $WATT_ROOT.
|
|
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
|
|
Submitted by: Sean O Riordain <Sean.ORiordain@cyrona.com>
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
|
|
|
