Bodo Möller
52732b38da
Some comments added, and slight code clean-ups.
2000-01-26 22:36:55 +00:00
Bodo Möller
2557eaeac8
Avoid a race condition.
2000-01-24 17:57:56 +00:00
Dr. Stephen Henson
dd9d233e2a
Tidy up CRYPTO_EX_DATA structures.
2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
64287002ce
Minor patch: check only match @STRENGTH and remove eNULL
...
comment.
Add documentation for the ciphers command including a full
description of cipher lists.
2000-01-22 23:34:44 +00:00
Dr. Stephen Henson
018e57c74d
Apply Lutz Behnke's 56 bit cipher patch with a few
...
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Bodo Möller
af6f388180
Don't "goto err" in client_master_key because no such label exists;
...
just return -1 as in other error cases.
2000-01-21 11:20:22 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Ulf Möller
731d9c5fb5
Some more ifdefs for no-xxx options.
2000-01-21 00:03:51 +00:00
Richard Levitte
a9188d4e17
Compaq C 6.2 for VMS will complain when we want to convert
...
non-function pointers to function pointers and vice versa.
The current solution is to have unions that describe the
conversion we want to do, and gives us the ability to extract
the type of data we want.
The current solution is a quick fix, and can probably be made
in a more general or elegant way.
2000-01-18 09:30:51 +00:00
Richard Levitte
9c86df6a98
Prepare for a possible disabling of certain messages that DEC C spews out.
2000-01-17 00:58:09 +00:00
Richard Levitte
b058a08085
It doesn't make sense to try see if these variables are negative, since they're unsigned.
2000-01-17 00:49:52 +00:00
Bodo Möller
cef80e8c14
SSL_R_UNSUPPORTED_PROTOCOL (as in s23_clnt.c) for SSL 2 when
...
NO_SSL2 is defined, not SSL_R_UNKNOWN_PROTOCOL.
2000-01-16 21:29:57 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Bodo Möller
e1798f856d
In ssl3_read_n, set rwstate to SSL_NOTHING when the requested
...
number of bytes could be read.
2000-01-16 14:21:00 +00:00
Ulf Möller
b9d82f4735
RAND_seed
2000-01-16 12:21:22 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Bodo Möller
cc96f6b7a4
add check for internal error
2000-01-11 08:18:55 +00:00
Bodo Möller
3cc6cdea0f
The buffer in ss3_read_n cannot actually occur because it is never
...
called with max > n when extend is set.
2000-01-11 08:09:27 +00:00
Bodo Möller
c51ae173a6
Clean up some of the SSL server code.
2000-01-11 01:07:26 +00:00
Dr. Stephen Henson
25f923ddd1
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.
...
Remove references to 'TXT' in -inform and -outform switches.
2000-01-09 14:21:40 +00:00
Ben Laurie
752d706aaf
Make NO_RSA compile with pedantic.
2000-01-08 21:06:24 +00:00
Bodo Möller
ca03109c3a
New functions SSL_get_finished, SSL_get_peer_finished.
...
Add short state string for MS SGC.
2000-01-06 01:19:17 +00:00
Bodo Möller
9fb617e252
Use less complicated arrangement for data strutures related to Finished
...
messages.
2000-01-06 00:41:22 +00:00
Bodo Möller
f2d9a32cf4
Use separate arrays for certificate verify and for finished hashes.
2000-01-06 00:24:24 +00:00
Bodo Möller
245206eadd
Use prototypes.
2000-01-05 23:31:47 +00:00
Bodo Möller
c44f754047
Slight code cleanup for handling finished labels.
2000-01-05 23:11:51 +00:00
Andy Polyakov
37b0d5d05d
Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least
...
passes 'make test' now:-)
2000-01-04 03:33:18 +00:00
Dr. Stephen Henson
3d14b9d04a
Add support for MS "fast SGC".
2000-01-02 18:52:58 +00:00
Bodo Möller
47134b7864
Don't request client certificate in anonymous ciphersuites
...
except when following the specs is bound to fail.
1999-12-29 17:43:03 +00:00
Bodo Möller
45fd4dbb84
Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
...
they can sometimes be different memory structures.
1999-12-29 14:29:32 +00:00
Bodo Möller
9535f8c165
Delete NO_PROTO section (which apparently was just a typo for NOPROTO --
...
if anyone had actually ever needed that they should have fixed this typo)
1999-12-29 14:27:35 +00:00
Bodo Möller
891e465607
fix comment
1999-12-29 14:25:35 +00:00
Dr. Stephen Henson
dd4134101f
Change the trust and purpose code so it doesn't need init
...
either and has a static and dynamic mix.
1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
bb7cd4e3eb
Remainder of SSL purpose and trust code: trust and purpose setting in
...
SSL_CTX and SSL, functions to set them and defaults if no values set.
1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca
Add part of chain verify SSL support code: not complete or doing anything
...
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
1999-11-29 01:09:25 +00:00
Bodo Möller
1088e27ca8
Restore traditional SSL_get_session behaviour so that s_client and s_server
...
don't leak tons of memory.
1999-11-17 21:36:13 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Mark J. Cox
b7cfcfb7f8
This corrects the reference count handling in SSL_get_session.
...
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).
Submitted By: Geoff Thorpe <geoff@eu.c2.net>
1999-11-15 16:31:31 +00:00
Richard Levitte
c96ab5101a
Make sure installed files are world readable
1999-11-12 01:42:59 +00:00
Bodo Möller
798757762a
Improve support for running everything as a monolithic application.
...
Submitted by: Lennart Bång, Bodo Möller
1999-10-25 19:36:01 +00:00
Ulf Möller
de808df47b
Cosmetic changes.
1999-09-29 22:14:47 +00:00
Ben Laurie
ca7fea9656
Fix warnings.
1999-09-24 19:10:57 +00:00
Dr. Stephen Henson
1c80019a2c
Add new sign and verify members to RSA_METHOD and change SSL code to use sign
...
and verify rather than direct encrypt/decrypt.
1999-09-18 22:37:44 +00:00
Bodo Möller
0d3118bed3
Update dependencies.
1999-09-14 15:07:22 +00:00
Bodo Möller
4dd60b3b96
typo in a comment
1999-09-14 15:06:25 +00:00
Bodo Möller
ac7da00048
Set s->version correctly for "natural" SSL 3.0 client hello
1999-09-13 13:02:07 +00:00
Andy Polyakov
17f389bbbf
Initial support for MacOS.
...
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.
I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.
Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
1999-09-11 17:54:18 +00:00
Bodo Möller
5bdae1675c
Fix yet another bug for client hello handling.
1999-09-11 10:36:41 +00:00
Bodo Möller
cb0369d885
Repair another bug in s23_get_client_hello:
...
tls1 did not survive to restarts, so get rid of it.
1999-09-10 16:41:01 +00:00
Bodo Möller
6f7af1524e
Use non-copying BIO interface in ssltest.c.
1999-09-10 14:03:21 +00:00