SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
arbitrary value chosen by the server. It can be useful to have some control
over this "arbitrary value" so as to choose it in ways that can aid in
things like external session caching and balancing (eg. clustering). The
default session ID generation is to fill the ID with random data.
The callback used by default is built in to ssl_sess.c, but registering a
callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL
callbacks will override SSL_CTX callbacks, and a new SSL structure inherits
any callback set in its 'parent' SSL_CTX. The header comments describe how
this mechanism ticks, and source code comments describe (hopefully) why it
ticks the way it does.
Man pages are on the way ...
[NB: Lutz was also hacking away and helping me to figure out how best to do
this.]
form '#if defined(...) || defined(...) || ...' and '#if !defined(...)
&& !defined(...) && ...'. This also avoids the growing number of
special cases it was previously handling (some of them wrongly).
example) are declared with some extra linkage information. This
generates a warning when using the function name as a value to a
regular function pointer with the "correct" definition of the
function. Therefore, use a macro to cast the appropriate function on
VMS.
callbacks, and their prototypes were consistent as they were. These casts
need reversing.
Also, I personally find line breaks during parameter lists (ie a line
ending in a comma) easier to read at a glance than line breaks at the end
of a function call and before a dereference on the return value (ie a line
ending in a closed-bracket followed by a line starting with "->").
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
Remove the old broken bio read of serial numbers in the 'ca' index
file. This would choke if a revoked certificate was specified with
a negative serial number.
Fix typo in uid.c
