mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Updates from 1.0.0-stable
This commit is contained in:
parent
71fca64d96
commit
06ddf8eb08
14
apps/apps.c
14
apps/apps.c
@ -259,13 +259,6 @@ int str2fmt(char *s)
|
|||||||
return(FORMAT_ASN1);
|
return(FORMAT_ASN1);
|
||||||
else if ((*s == 'T') || (*s == 't'))
|
else if ((*s == 'T') || (*s == 't'))
|
||||||
return(FORMAT_TEXT);
|
return(FORMAT_TEXT);
|
||||||
else if ((*s == 'P') || (*s == 'p'))
|
|
||||||
{
|
|
||||||
if (s[1] == 'V' || s[1] == 'v')
|
|
||||||
return FORMAT_PVK;
|
|
||||||
else
|
|
||||||
return(FORMAT_PEM);
|
|
||||||
}
|
|
||||||
else if ((*s == 'N') || (*s == 'n'))
|
else if ((*s == 'N') || (*s == 'n'))
|
||||||
return(FORMAT_NETSCAPE);
|
return(FORMAT_NETSCAPE);
|
||||||
else if ((*s == 'S') || (*s == 's'))
|
else if ((*s == 'S') || (*s == 's'))
|
||||||
@ -278,6 +271,13 @@ int str2fmt(char *s)
|
|||||||
return(FORMAT_PKCS12);
|
return(FORMAT_PKCS12);
|
||||||
else if ((*s == 'E') || (*s == 'e'))
|
else if ((*s == 'E') || (*s == 'e'))
|
||||||
return(FORMAT_ENGINE);
|
return(FORMAT_ENGINE);
|
||||||
|
else if ((*s == 'P') || (*s == 'p'))
|
||||||
|
{
|
||||||
|
if (s[1] == 'V' || s[1] == 'v')
|
||||||
|
return FORMAT_PVK;
|
||||||
|
else
|
||||||
|
return(FORMAT_PEM);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
return(FORMAT_UNDEF);
|
return(FORMAT_UNDEF);
|
||||||
}
|
}
|
||||||
|
@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|||||||
|
|
||||||
subjectKeyIdentifier=hash
|
subjectKeyIdentifier=hash
|
||||||
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
authorityKeyIdentifier=keyid:always,issuer
|
||||||
|
|
||||||
# This is what PKIX recommends but some broken software chokes on critical
|
# This is what PKIX recommends but some broken software chokes on critical
|
||||||
# extensions.
|
# extensions.
|
||||||
@ -264,7 +264,7 @@ basicConstraints = CA:true
|
|||||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
# issuerAltName=issuer:copy
|
||||||
authorityKeyIdentifier=keyid:always,issuer:always
|
authorityKeyIdentifier=keyid:always
|
||||||
|
|
||||||
[ proxy_cert_ext ]
|
[ proxy_cert_ext ]
|
||||||
# These extensions should be added when creating a proxy certificate
|
# These extensions should be added when creating a proxy certificate
|
||||||
@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate"
|
|||||||
|
|
||||||
# PKIX recommendations harmless if included in all certificates.
|
# PKIX recommendations harmless if included in all certificates.
|
||||||
subjectKeyIdentifier=hash
|
subjectKeyIdentifier=hash
|
||||||
authorityKeyIdentifier=keyid,issuer:always
|
authorityKeyIdentifier=keyid,issuer
|
||||||
|
|
||||||
# This stuff is for subjectAltName and issuerAltname.
|
# This stuff is for subjectAltName and issuerAltname.
|
||||||
# Import the email address.
|
# Import the email address.
|
||||||
|
@ -810,7 +810,7 @@ int BIO_accept(int sock, char **addr)
|
|||||||
#ifdef EAI_FAMILY
|
#ifdef EAI_FAMILY
|
||||||
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_BEOS_BONE) || defined(OPENSSL_SYS_MSDOS)
|
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_BEOS_BONE) || defined(OPENSSL_SYS_MSDOS)
|
||||||
# define SOCKLEN_T size_t
|
# define SOCKLEN_T size_t
|
||||||
# else
|
# elif !defined(SOCKLEN_T)
|
||||||
# define SOCKLEN_T socklen_t
|
# define SOCKLEN_T socklen_t
|
||||||
#endif
|
#endif
|
||||||
do {
|
do {
|
||||||
|
@ -1054,24 +1054,34 @@ const void * OBJ_bsearch_ex_(const void *key,const void *base,int num,
|
|||||||
* the non-constness means a lot of complication, and in practice
|
* the non-constness means a lot of complication, and in practice
|
||||||
* comparison routines do always not touch their arguments.
|
* comparison routines do always not touch their arguments.
|
||||||
*/
|
*/
|
||||||
#define _IMPLEMENT_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \
|
|
||||||
|
#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \
|
||||||
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
|
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
|
||||||
{ \
|
{ \
|
||||||
type1 const *a = a_; \
|
type1 const *a = a_; \
|
||||||
type2 const *b = b_; \
|
type2 const *b = b_; \
|
||||||
return nm##_cmp(a,b); \
|
return nm##_cmp(a,b); \
|
||||||
} \
|
} \
|
||||||
scope type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
|
static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
|
||||||
{ \
|
{ \
|
||||||
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
|
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
|
||||||
nm##_cmp_BSEARCH_CMP_FN); \
|
nm##_cmp_BSEARCH_CMP_FN); \
|
||||||
} \
|
} \
|
||||||
extern void dummy_prototype(void)
|
extern void dummy_prototype(void)
|
||||||
|
|
||||||
#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \
|
#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \
|
||||||
_IMPLEMENT_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
|
static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \
|
||||||
#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, cmp) \
|
{ \
|
||||||
_IMPLEMENT_OBJ_BSEARCH_CMP_FN(, type1, type2, cmp)
|
type1 const *a = a_; \
|
||||||
|
type2 const *b = b_; \
|
||||||
|
return nm##_cmp(a,b); \
|
||||||
|
} \
|
||||||
|
type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
|
||||||
|
{ \
|
||||||
|
return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
|
||||||
|
nm##_cmp_BSEARCH_CMP_FN); \
|
||||||
|
} \
|
||||||
|
extern void dummy_prototype(void)
|
||||||
|
|
||||||
#define OBJ_bsearch(type1,key,type2,base,num,cmp) \
|
#define OBJ_bsearch(type1,key,type2,base,num,cmp) \
|
||||||
((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
|
((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
|
||||||
|
@ -81,7 +81,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
|||||||
STACK_OF(X509) **ca)
|
STACK_OF(X509) **ca)
|
||||||
{
|
{
|
||||||
STACK_OF(X509) *ocerts = NULL;
|
STACK_OF(X509) *ocerts = NULL;
|
||||||
X509 *x;
|
X509 *x = NULL;
|
||||||
/* Check for NULL PKCS12 structure */
|
/* Check for NULL PKCS12 structure */
|
||||||
|
|
||||||
if(!p12)
|
if(!p12)
|
||||||
|
@ -116,6 +116,7 @@ extern "C" {
|
|||||||
/* Under Win32 these are defined in wincrypt.h */
|
/* Under Win32 these are defined in wincrypt.h */
|
||||||
#undef X509_NAME
|
#undef X509_NAME
|
||||||
#undef X509_CERT_PAIR
|
#undef X509_CERT_PAIR
|
||||||
|
#undef X509_EXTENSIONS
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define X509_FILETYPE_PEM 1
|
#define X509_FILETYPE_PEM 1
|
||||||
|
@ -605,6 +605,7 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
|||||||
if (!ret)
|
if (!ret)
|
||||||
X509_NAME_free(nm);
|
X509_NAME_free(nm);
|
||||||
gen->d.dirn = nm;
|
gen->d.dirn = nm;
|
||||||
|
X509V3_section_free(ctx, sk);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -412,9 +412,6 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
|
|||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
|
|
||||||
ssl_cipher_id);
|
|
||||||
|
|
||||||
/* This function needs to check if the ciphers required are actually
|
/* This function needs to check if the ciphers required are actually
|
||||||
* available */
|
* available */
|
||||||
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
|
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
|
||||||
|
@ -1595,9 +1595,11 @@ const char *SSL_get_version(const SSL *s);
|
|||||||
/* This sets the 'default' SSL version that SSL_new() will create */
|
/* This sets the 'default' SSL version that SSL_new() will create */
|
||||||
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_SSL2
|
||||||
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
|
const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
|
||||||
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
|
const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
|
||||||
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
|
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
|
||||||
|
#endif
|
||||||
|
|
||||||
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
|
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
|
||||||
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
|
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
|
||||||
|
@ -2986,3 +2986,6 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
|
|||||||
|
|
||||||
IMPLEMENT_STACK_OF(SSL_CIPHER)
|
IMPLEMENT_STACK_OF(SSL_CIPHER)
|
||||||
IMPLEMENT_STACK_OF(SSL_COMP)
|
IMPLEMENT_STACK_OF(SSL_COMP)
|
||||||
|
IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
|
||||||
|
ssl_cipher_id);
|
||||||
|
|
||||||
|
@ -736,8 +736,8 @@ sub var_add
|
|||||||
@a=grep(!/^e_camellia$/,@a) if $no_camellia;
|
@a=grep(!/^e_camellia$/,@a) if $no_camellia;
|
||||||
@a=grep(!/^e_seed$/,@a) if $no_seed;
|
@a=grep(!/^e_seed$/,@a) if $no_seed;
|
||||||
|
|
||||||
@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
|
#@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
|
||||||
@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
|
#@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
|
||||||
|
|
||||||
@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
|
@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
|
||||||
|
|
||||||
|
@ -103,6 +103,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
|
|||||||
"CMS",
|
"CMS",
|
||||||
# CryptoAPI Engine
|
# CryptoAPI Engine
|
||||||
"CAPIENG",
|
"CAPIENG",
|
||||||
|
# SSL v2
|
||||||
|
"SSL2",
|
||||||
# JPAKE
|
# JPAKE
|
||||||
"JPAKE",
|
"JPAKE",
|
||||||
# Deprecated functions
|
# Deprecated functions
|
||||||
@ -125,7 +127,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
|
|||||||
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
|
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
|
||||||
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
|
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
|
||||||
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
|
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
|
||||||
my $no_jpake;
|
my $no_jpake; my $no_ssl2;
|
||||||
|
|
||||||
my $zlib;
|
my $zlib;
|
||||||
|
|
||||||
@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
|
|||||||
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
|
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
|
||||||
elsif (/^no-tlsext$/) { $no_tlsext=1; }
|
elsif (/^no-tlsext$/) { $no_tlsext=1; }
|
||||||
elsif (/^no-cms$/) { $no_cms=1; }
|
elsif (/^no-cms$/) { $no_cms=1; }
|
||||||
|
elsif (/^no-ssl2$/) { $no_ssl2=1; }
|
||||||
elsif (/^no-capieng$/) { $no_capieng=1; }
|
elsif (/^no-capieng$/) { $no_capieng=1; }
|
||||||
elsif (/^no-jpake$/) { $no_jpake=1; }
|
elsif (/^no-jpake$/) { $no_jpake=1; }
|
||||||
}
|
}
|
||||||
@ -1145,6 +1148,7 @@ sub is_valid
|
|||||||
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
|
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
|
||||||
if ($keyword eq "PSK" && $no_psk) { return 0; }
|
if ($keyword eq "PSK" && $no_psk) { return 0; }
|
||||||
if ($keyword eq "CMS" && $no_cms) { return 0; }
|
if ($keyword eq "CMS" && $no_cms) { return 0; }
|
||||||
|
if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
|
||||||
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
|
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
|
||||||
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
|
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
|
||||||
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
|
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
|
||||||
|
Loading…
Reference in New Issue
Block a user