Commit Graph

59 Commits

Author SHA1 Message Date
Bodo Möller
adbfb08354 Tiny comment to improve code comprehensibility.
Submitted by:
Reviewed by:
PR:
1999-04-09 07:12:17 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
bc37a6b81c Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation
kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12
code. It might compile under Win32 now ...
1999-03-29 22:18:54 +00:00
Ralf S. Engelschall
72e442a3a6 function names recently changed - consistency. 1999-03-22 15:50:34 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Dr. Stephen Henson
199d59e5a1 Remove some references which called malloc and free instead of Malloc and Free. 1999-03-14 01:16:45 +00:00
Dr. Stephen Henson
bc420ac592 Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that
NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.
1999-03-12 01:43:28 +00:00
Ben Laurie
bc3482442a Disable new TLS1 ciphersuites. 1999-03-06 15:21:02 +00:00
Ben Laurie
a49034aba9 Fix names of cert stack functions. 1999-03-06 14:49:11 +00:00
Ben Laurie
6242bb9c63 Put the dependencies back. 1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
63493c7b06 Move the SSL_CTX_xxx defines at the top of ssl.h to the location of other
SSL_CTX_xxx defines. What was the reason to move them to the top, even before
the copyright and #ifdef HEADER_SSL_H? Hmmm...  when there was and still is a
good reason feel free to reverse this patch, but please document why it is
needed this way.
1999-03-06 14:24:54 +00:00
Ben Laurie
f415fa3243 Fix export ciphersuites, again. 1999-03-06 14:09:36 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
988788f697 Permit null ciphers. 1999-03-06 12:09:36 +00:00
Ralf S. Engelschall
a06c602e6f Remove confusing variables in function signatures in files
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.

Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-03-04 07:54:01 +00:00
Dr. Stephen Henson
06c6849124 Fix the Win32 compile environment and add various changes so it will now compile
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
eb90a483ad Add functions to add certs to stacks, used for CA file/path stuff in servers. 1999-02-28 17:41:55 +00:00
Ben Laurie
49bc262459 More truth in declarations. 1999-02-28 14:39:18 +00:00
Ben Laurie
4f43d0e71f Experiment with doxygen documentation. 1999-02-28 12:41:50 +00:00
Ralf S. Engelschall
c707fb2741 Ops, the logic of the second argument has to be coupled with the != test to
work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes
again fine.
1999-02-26 22:31:54 +00:00
Ralf S. Engelschall
15d21c2df4 Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
90a52cecaf Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Dr. Stephen Henson
e527ba09a6 Various changes to make this stuff compile under Win32 and VC++ with and
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe
1999-02-22 01:26:40 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Ben Laurie
a040ea8251 Undo a couple of kludges. 1999-02-21 20:07:41 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Ben Laurie
4004dbb7f6 Generate errors when public/private key check is done. 1999-02-20 11:50:07 +00:00
Mark J. Cox
413c4f45ed Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Ben Laurie
436d318c80 In the absence of feedback either way, commit the fix that looks right for
wrong keylength with export null ciphers.
1999-02-13 12:39:50 +00:00
Ralf S. Engelschall
4a16967b45 Remove one more totally bogus source file.
This one is exactly the same as ssl_sess.c.
Thanks to Adam Goodman <adam@a-domain.com> for hint.
1999-02-10 12:44:27 +00:00
Ralf S. Engelschall
155d7a0e1d First cut for a very conservative source tree cleanup:
1. merge various obsolete readme texts into doc/ssleay.txt
   where we collect the old documents and readme texts.

2. remove the first part of files where I'm already sure that we no longer need
   them because of three reasons: either they are just temporary files which
   were left by Eric or they are preserved original files where I've verified
   that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b"
   or they were renamed (as it was definitely the case for the crypto/md/
   stuff).

We've still a horrible mess under crypto/bn/asm/.  There for a lot of files
I'm sure whether we need them or not. So, when someone knows it better, feel
free to cleanup there.
1999-02-10 08:26:08 +00:00
Ben Laurie
bf5dcd135f More exactitude with function arguments. 1999-02-09 23:01:08 +00:00
Dr. Stephen Henson
9b3086fe38 Fix various stuff: that VC++ 5.0 chokes on:
1. Add *lots* of missing prototypes for static ssl functions.
2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org
3. Add a few missing prototypes in pem.org
Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95.
Fix mkdef.pl so it doesn't truncate longer names.
1999-01-31 17:30:18 +00:00
Dr. Stephen Henson
679ab7c39e Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and
add x509v3.h to mkdef.pl list of include files.
1999-01-30 17:35:01 +00:00
Ben Laurie
59ff713462 Break circular dependency between pem and err. 1999-01-30 13:40:34 +00:00
Ben Laurie
6f93539970 This time, get it right. 1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc Finally lay dependencies to rest (I hope!). 1999-01-19 21:36:31 +00:00
Dr. Stephen Henson
6c8abdd744 New err_code.pl script to retain old error codes. This should allow the use
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ben Laurie
f06b01eb62 More prototypes. 1999-01-16 17:56:00 +00:00
Ben Laurie
da10692aa2 More prototypes. 1999-01-16 17:49:12 +00:00
Ben Laurie
f7ba298480 More prototypes. 1999-01-16 17:40:04 +00:00
Ben Laurie
207ccf628d More prototypes. 1999-01-16 17:28:15 +00:00
Ben Laurie
cd3916c40f More prototypes. 1999-01-16 17:12:36 +00:00
Ben Laurie
1933485b60 Fix comment. 1999-01-10 19:41:33 +00:00
Ben Laurie
e03ddfae7e Accept NULL in *_free. 1999-01-07 19:15:59 +00:00
Ben Laurie
6fa89f94c4 Fix DH key generation.
Contributed by: Anonymous <nobody@replay.com>
1999-01-07 00:37:01 +00:00
Ben Laurie
5b00115ab0 Fix export tests. 1999-01-06 23:18:08 +00:00
Ben Laurie
f8c3c05db9 Make the world a safer place (if people object to this kind of change, speak up
soon - I intend to do a lot of it!).
1999-01-06 22:53:34 +00:00