| Age | Commit message (Collapse) | Author |
|---|
|
Submitted by: Douglas Stebila
|
|
Submitted by: Douglas Stebila
|
|
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
|
|
Submitted by: Peter Sylvester
|
|
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
|
|
Submitted by: Peter Sylvester
|
|
remove the need for a lock
|
|
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
|
|
|
|
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
|
|
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
|
|
with the SSL_OP_NO_SSLv2 option.
|
|
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
|
|
|
|
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
|
|
|
|
|
|
|
|
|
|
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
|
|
tree. This further reduces header interdependencies, and makes some
associated cleanups.
|
|
the symbol name).
|
|
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
|
|
|
|
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
|
|
|
|
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
|
|
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
|
|
|
|
and make all files the depend on it include it without prefixing it
with openssl/.
This means that all Makefiles will have $(TOP) as one of the include
directories.
|
|
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
|
|
the clients choice; in SSLv2 the client uses the server's preferences.
|
|
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
|
|
|
|
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
|
|
|
|
Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
|
|
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;
X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).
Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
|
|
|
|
designed for that. This removes the potential error to mix data and
function pointers.
Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases. I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
|
|
|
|
|
|
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
|
|
|
|
|
|
|
|
Pointed out by: Janez Jere <jj@void.si>
|
|
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers. So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes. Argh.
|
|
include file.
|
|
|
