mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,689 Commits 34 Branches 390 Tags 491 MiB
4a26329b4c
Commit Graph

239 Commits

Author SHA1 Message Date
Bodo Möller
9535f8c165 Delete NO_PROTO section (which apparently was just a typo for NOPROTO -- 
if anyone had actually ever needed that they should have fixed this typo)
 1999-12-29 14:27:35 +00:00
Bodo Möller
891e465607 fix comment 1999-12-29 14:25:35 +00:00
Dr. Stephen Henson
dd4134101f Change the trust and purpose code so it doesn't need init 
either and has a static and dynamic mix.
 1999-12-02 02:33:56 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in 
SSL_CTX and SSL, functions to set them and defaults if no values set.
 1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca Add part of chain verify SSL support code: not complete or doing anything 
yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
 1999-11-29 01:09:25 +00:00
Bodo Möller
1088e27ca8 Restore traditional SSL_get_session behaviour so that s_client and s_server 
don't leak tons of memory.
 1999-11-17 21:36:13 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Mark J. Cox
b7cfcfb7f8 This corrects the reference count handling in SSL_get_session. 
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>
 1999-11-15 16:31:31 +00:00
Richard Levitte
c96ab5101a Make sure installed files are world readable 1999-11-12 01:42:59 +00:00
Bodo Möller
798757762a Improve support for running everything as a monolithic application. 
Submitted by: Lennart Bång, Bodo Möller
 1999-10-25 19:36:01 +00:00
Ulf Möller
de808df47b Cosmetic changes. 1999-09-29 22:14:47 +00:00
Ben Laurie
ca7fea9656 Fix warnings. 1999-09-24 19:10:57 +00:00
Dr. Stephen Henson
1c80019a2c Add new sign and verify members to RSA_METHOD and change SSL code to use sign 
and verify rather than direct encrypt/decrypt.
 1999-09-18 22:37:44 +00:00
Bodo Möller
0d3118bed3 Update dependencies. 1999-09-14 15:07:22 +00:00
Bodo Möller
4dd60b3b96 typo in a comment 1999-09-14 15:06:25 +00:00
Bodo Möller
ac7da00048 Set s->version correctly for "natural" SSL 3.0 client hello 1999-09-13 13:02:07 +00:00
Andy Polyakov
17f389bbbf Initial support for MacOS. 
This will soon be complemented with MacOS specific source code files and
INSTALL.MacOS.

I (Andy) have decided to get rid of a number of #include <sys/types.h>.
I've verified it's ok (both by examining /usr/include/*.h and compiling)
on a number of Unix platforms. Unfortunately I don't have Windows box
to verify this on. I really appreciate if somebody could try to compile
it and contact me a.s.a.p. in case a problem occurs.

Submitted by: Roy Wood <roy@centricsystems.ca>
Reviewed by: Andy Polyakov <appro@fy.chalmers.se>
 1999-09-11 17:54:18 +00:00
Bodo Möller
5bdae1675c Fix yet another bug for client hello handling. 1999-09-11 10:36:41 +00:00
Bodo Möller
cb0369d885 Repair another bug in s23_get_client_hello: 
tls1 did not survive to restarts, so get rid of it.
 1999-09-10 16:41:01 +00:00
Bodo Möller
6f7af1524e Use non-copying BIO interface in ssltest.c. 1999-09-10 14:03:21 +00:00
Bodo Möller
396f631458 some more patches for avoiding problems with non-automatic variables 1999-09-08 21:58:13 +00:00
Bodo Möller
c1082a90bb Non-copying interface to BIO pairs. 
It's still totally untested ...
 1999-09-07 21:37:09 +00:00
Bodo Möller
ba3a6e7262 use explicit constant 11 just once 1999-09-03 22:37:38 +00:00
Bodo Möller
f70df1b887 Make previous bugfix actually work 1999-09-03 16:49:11 +00:00
Bodo Möller
074309b7ee Fix server behaviour when facing backwards-compatible client hellos. 1999-09-03 16:33:11 +00:00
Bodo Möller
77fa04a9bc -no_dhe option for ssltest.c 1999-09-03 16:31:36 +00:00
Bodo Möller
de1915e48c Fix horrible (and hard to track down) bug in ssl23_get_client_hello: 
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
 1999-08-18 17:14:42 +00:00
Bodo Möller
29159a42d2 BIO_write and BIO_read could, in theory, return -2. 1999-08-09 16:33:34 +00:00
Bodo Möller
385be6eb20 Provide fixed seed for parameter generation to speed up -dhe1024. 1999-08-09 12:59:10 +00:00
Bodo Möller
204cf1abb0 Comments. 1999-08-08 14:21:04 +00:00
Bodo Möller
5e63691972 add comments 1999-08-08 14:07:30 +00:00
Ralf S. Engelschall
b1816a0408 typo while I poke around... 1999-08-05 13:31:42 +00:00
Bodo Möller
48c843c367 New function DSA_dup_DH, and fixes for bugs that were found 
while implementing and using it.
 1999-08-05 11:50:18 +00:00
Bodo Möller
2b8e4959fb generate error message 1999-08-02 21:41:46 +00:00
Bodo Möller
f3e67ac1bc fix previous modification -- if ssl->cert is NULL, don't follow the pointer. 1999-08-02 20:09:23 +00:00
Bodo Möller
a63a3f58fd The SSL_CTX's cert structure is not relevant for the SSL 
(because now SSL_new makes a copy).
 1999-08-02 18:40:36 +00:00
Bodo Möller
a40f6dce87 correct error signalling for opendir() failure 1999-07-30 10:43:34 +00:00
Ulf Möller
8c197cc55e VMS updates. 
Submitted by: Richard Levitte <levitte@stacken.kth.se>
 1999-07-28 23:25:59 +00:00
Bodo Möller
74678cc2f8 Additional user data argument to pem_password_cb function type 
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
 1999-07-21 20:57:16 +00:00
Bodo Möller
7eea36bb48 cosmetic changes 1999-07-12 18:50:34 +00:00
Bodo Möller
5059658219 fix memory leak in s3_clnt.c 1999-07-12 17:15:42 +00:00
Bodo Möller
6b521df33c Looks like another memory leak ... 1999-07-12 15:20:08 +00:00
Bodo Möller
777ab7e611 Fix memory checking. 1999-07-09 16:27:30 +00:00
Bodo Möller
11b1adadbd typo 1999-07-02 17:52:21 +00:00
Bodo Möller
1afd8b3942 typo 1999-07-02 14:23:33 +00:00
Bodo Möller
e105643595 New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is 
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
 1999-07-02 13:55:32 +00:00
Bodo Möller
a14d1a03ec Fix comments. 
Submitted by: Anonymous
 1999-06-28 12:14:06 +00:00
Bodo Möller
9c729e0a6d Memory leak checks. 1999-06-25 14:04:10 +00:00
Bodo Möller
d486601f41 Obsolete. 1999-06-14 15:52:31 +00:00
Bodo Möller
31b4896209 Comment adjusted to reality. 1999-06-14 15:48:04 +00:00
Bodo Möller
d7fcc7f6c6 Bugfix. 1999-06-12 11:07:52 +00:00
Bodo Möller
95d29597b7 BIO pairs. 1999-06-12 01:03:40 +00:00
Bodo Möller
d58d092bc9 Avoid warnings. 1999-06-10 16:29:32 +00:00
Ulf Möller
df63a389a5 "extern" is a C++ reserved word. 
Pointed out by: Janez Jere <jj@void.si>
 1999-06-09 16:33:18 +00:00
Bodo Möller
b1c4fe3625 Don't mix real tabs with tabs expanded as 8 spaces -- that's 
a pain to read when using 4-space tabs.
 1999-06-07 20:26:51 +00:00
Bodo Möller
3a66e306e4 Comments added. 1999-06-07 12:49:47 +00:00
Ulf Möller
ca570cfdbc Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress). 
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
 1999-06-04 21:54:13 +00:00
Ben Laurie
838d25a1ec More safe stack. 1999-05-30 14:13:19 +00:00
Bodo Möller
bdc98ffba9 Don't use NULL-pointer :-/ 1999-05-23 16:19:08 +00:00
Bodo Möller
1dfad80565 Comment about bug. 1999-05-23 13:15:35 +00:00
Bodo Möller
8876bc0548 Let ssl_get_prev_session reliably work in multi-threaded settings. 1999-05-23 13:07:03 +00:00
Bodo Möller
9a193d8825 Avoid memory hole when we don't like the session proposed by the client 1999-05-23 10:43:46 +00:00
Bodo Möller
470df4b905 We need e_os.h here. 1999-05-21 11:46:29 +00:00
Bodo Möller
7e70181723 It was a very bad idea to use #include "../e_os.h" -- when this occurs 
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers.  So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes.  Argh.
 1999-05-21 11:16:48 +00:00
Bodo Möller
17e3dd1c62 Don't install e_os.h in include/openssl, use it only as a local 
include file.
 1999-05-20 21:59:20 +00:00
Ulf Möller
1444ba8d78 NeXT doesn't have dirent. 
Pointed out by Juergen Moellenhoff <jurgen@oic.de>
 1999-05-20 17:58:42 +00:00
Bodo Möller
673eadec2c Additional, more descriptive error message for rejection of a session ID 
because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).
 1999-05-17 11:15:49 +00:00
Dr. Stephen Henson
a74c55cd8f Various Win32 fixes. Change args in do_ms.bat to put platform last. Fix 
unsigned/signed cmp error in asn1parse. Change various pem_all.c args to
use pem_password_cb.
 1999-05-15 20:33:15 +00:00
Bodo Möller
3398f6cc21 OPENSSL_EXTERN 1999-05-15 14:30:31 +00:00
Bodo Möller
7f0dae3276 OPENSSL_EXTERN, OPENSSL_GLOBAL 1999-05-15 14:23:29 +00:00
Bodo Möller
127640b449 Update dependencies. 1999-05-15 13:38:48 +00:00
Ben Laurie
531b2cf7e9 Get rid of the cast. 1999-05-15 11:54:21 +00:00
Bodo Möller
d3407350d8 Comment. 1999-05-15 10:40:02 +00:00
Bodo Möller
e2e3d5ce0c A comment. 1999-05-15 00:00:28 +00:00
Bodo Möller
2a82c7cf25 Various bugfixes: Uses locking for some more of the stuff that is not 
thread-safe (where thread-safe counterparts are not available on all
platforms), and don't memcpy to NULL-pointers
Submitted by: Anonymous
Reviewed by: Bodo Moeller

Also, clean up htons vs. ntohs confusions.
 1999-05-14 12:40:39 +00:00
Bodo Möller
3ae76679c7 Introduce and use function typedef pem_password_cb so that we don't call 
those functions without having a parameter list declaration.
(There are various similar cases left ...)
 1999-05-14 11:52:49 +00:00
Ben Laurie
2adca9cdc6 Update dependencies. 1999-05-13 17:33:27 +00:00
Bodo Möller
224551f732 Some tiny clean-ups related to the cert_st / sess_cert_st change. 1999-05-13 15:27:45 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION. 
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
 1999-05-13 15:09:38 +00:00
Ulf Möller
7d7d2cbcb0 VMS support. 
Submitted by: Richard Levitte <richard@levitte.org>
 1999-05-13 11:37:32 +00:00
Bodo Möller
8d111f4a47 Spacing in comment corrected. 1999-05-13 10:36:29 +00:00
Bodo Möller
8a41eb70cc First tiny changes in preparation of changing of "sess_cert" handling. 
Also I've subsituted real tabs for 8-spaces sequences in some lines so that
things don't look that weird with a tab-width of 4.
 1999-05-13 10:32:04 +00:00
Bodo Möller
fa2b248f23 Clarify comment. 
Submitted by:
Reviewed by:
PR:
 1999-05-11 14:26:14 +00:00
Bodo Möller
ff71222024 And I thought I could spell ... but in caps really everything looks the same. 
Submitted by:
Reviewed by:
PR:
 1999-05-11 07:54:38 +00:00
Bodo Möller
b31b04d951 Make SSL library a little more fool-proof by not requiring any longer 
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
 1999-05-11 07:43:16 +00:00
Bodo Möller
1c3e0a1976 Changed a comment. 
Submitted by:
Reviewed by:
PR:
 1999-05-10 15:10:11 +00:00
Bodo Möller
9d5cceac6f No actual change, but the cert_st member of struct ssl_session_st is now 
called sess_cert instead of just cert.  This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
 1999-05-09 21:22:45 +00:00
Bodo Möller
ca8e5b9b8a Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying 
pointers.  The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
 1999-05-09 20:12:44 +00:00
Bodo Möller
8d1157c71c One comment was in the wrong line ... some others are new. 
Submitted by:
Reviewed by:
PR:
 1999-05-09 16:41:00 +00:00
Bodo Möller
8450bddfaf Some tiny changes to the source code to make future diffs smaller 
when restructuring the cert_st handling (removed unnused parts,
and the like).
Submitted by:
Reviewed by:
PR:
 1999-05-09 15:45:38 +00:00
Bodo Möller
303c002898 Use "const char *" instead of "char *" for filenames passed to functions. 
Submitted by:
Reviewed by:
PR:
 1999-05-09 10:12:10 +00:00
Dr. Stephen Henson
a5ab0532ca Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a 
Win32 version of rename() ). There isn't a precise rename() equivalent under
Win95: the standard rename() complains if the destination already exists so
replaced with a combination of unlink() and MoveFile().
 1999-05-08 22:46:51 +00:00
Ulf Möller
c2eb65ba7c Remove unreachable return statements. 1999-05-05 22:06:44 +00:00
Ben Laurie
661b361b4b Some more stack stuff. 1999-05-03 19:55:00 +00:00
Bodo Möller
8051996a5b Annotate a bug. 
Submitted by:
Reviewed by:
PR:
 1999-05-02 04:03:22 +00:00
Bodo Möller
b3ca645f47 New function SSL_CTX_use_certificate_chain_file. 
Submitted by:
Reviewed by:
PR:
 1999-05-01 17:43:52 +00:00
Bodo Möller
7f89714e64 Support verify_depth from the SSL API without need for user-defined 
callbacks.

Submitted by:
Reviewed by:
PR:
 1999-05-01 03:20:40 +00:00
Bodo Möller
0fda2e3788 Add "static" to function definition 
Submitted by: Anonymous
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
 1999-05-01 00:18:54 +00:00
Bodo Möller
4eb77b2679 New function SSL_CTX_set_session_id_context. 
Submitted by:
Reviewed by:
PR:
 1999-04-30 17:15:56 +00:00
Dr. Stephen Henson
801294f873 Fix a couple of cases where an attempt is made to lock an already locked 
mutex.
 1999-04-29 22:25:52 +00:00