aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/ssl.h
Commit message (Collapse)AuthorAgeFilesLines
* SSL_get_[rw]fd were documented but not implemented.Richard Levitte2001-07-151-0/+2
|
* Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 inRichard Levitte2001-07-091-1/+5
| | | | | | | | | | | | | | | | SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.
* Avoid assert() in the library.Bodo Möller2001-04-081-0/+1
|
* Consistently use 'void *' for SSL read, peek and write functions.Bodo Möller2001-03-091-4/+4
|
* add ssl23_peekBodo Möller2001-03-081-1/+2
|
* Fix ERR_R_... problems.Bodo Möller2001-03-071-1/+0
|
* Move ec.h to ec2.h because it is not compatible with what we will use.Bodo Möller2001-03-051-1/+1
| | | | | | | Add EC vaporware: change relevant Makefiles and add some empty source files. "make update".
* Fix an oversight - when checking a potential session ID for conflicts withGeoff Thorpe2001-02-231-2/+2
| | | | | | | | | | | | | | an SSL_CTX's session cache, it is necessary to compare the ssl_version at the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a matching id/id_length pair and a matching ssl_version). However, the SSL_SESSION that will result from the current negotiation does not necessarily have the same ssl version as the "SSL_METHOD" in use by the SSL_CTX - part of the work in a handshake is to agree on an ssl version! This is fixed by having the check function accept an SSL pointer rather than the SSL_CTX it belongs to. [Thanks to Lutz for illuminating the full extent of my stupidity]
* Include e_os2.h instead of opensslconf.h.Richard Levitte2001-02-221-7/+8
| | | | | SSL_add_dir_cert_subjects_to_stack is not implemented on WIN32 and VMS, so declare it the same way.
* This change allows a callback to be used to override the generation ofGeoff Thorpe2001-02-211-0/+29
| | | | | | | | | | | | | | | | | | | | SSL/TLS session IDs in a server. According to RFC2246, the session ID is an arbitrary value chosen by the server. It can be useful to have some control over this "arbitrary value" so as to choose it in ways that can aid in things like external session caching and balancing (eg. clustering). The default session ID generation is to fill the ID with random data. The callback used by default is built in to ssl_sess.c, but registering a callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL callbacks will override SSL_CTX callbacks, and a new SSL structure inherits any callback set in its 'parent' SSL_CTX. The header comments describe how this mechanism ticks, and source code comments describe (hopefully) why it ticks the way it does. Man pages are on the way ... [NB: Lutz was also hacking away and helping me to figure out how best to do this.]
* Make all configuration macros available for application by makingRichard Levitte2001-02-191-43/+24
| | | | | | | | | | | | sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
* New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to overrideLutz Jänicke2001-02-091-0/+3
| | | | the clients choice; in SSLv2 the client uses the server's preferences.
* Fix AES code.Dr. Stephen Henson2001-02-071-1/+1
| | | | | | | | | | Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites.
* Rijdael CBC mode and partial undebugged SSL support.Ben Laurie2001-02-061-0/+1
|
* Definition of NO_KRB5 in ssl.h for external applications.Ulf Möller2001-01-221-0/+8
|
* Get rid of unused error code.Bodo Möller2000-12-271-1/+0
|
* First step towards SSL_peek fix.Bodo Möller2000-12-141-0/+1
|
* First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. ↵Richard Levitte2000-11-301-0/+20
| | | | Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
* Disable SSL_peek until it is fixed.Bodo Möller2000-11-281-0/+3
|
* modular arithmeticsBodo Möller2000-11-261-0/+7
| | | | "make update"
* Make non blocking I/O work for accept BIOs.Dr. Stephen Henson2000-10-121-0/+1
|
* Fix SSL_CTX_set_read_ahead macro.Bodo Möller2000-09-261-1/+1
| | | | Submitted by: Anders Gertz <gertz@epact.se>
* Avoid protocol rollback.Bodo Möller2000-09-221-0/+1
|
* New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the defaultBodo Möller2000-09-121-0/+3
| | | | behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
* Avoid abort() throughout the library, except when preprocessorBodo Möller2000-09-041-1/+1
| | | | symbols for debugging are defined.
* BeautificationRichard Levitte2000-07-051-6/+6
|
* Safe stack reorganisation in terms of function casts.Dr. Stephen Henson2000-06-161-62/+0
| | | | | | | | | | | | After some messing around this seems to work but needs a few more tests. Working out the syntax for sk_set_cmp_func() (cast it to a function that itself returns a function pointer) was painful :-( Needs some testing to see what other compilers think of this syntax. Also needs similar stuff for ASN1_SET_OF etc etc.
* Using checks of the existence of HEADER_{foo}_H in other header filesRichard Levitte2000-06-091-8/+17
| | | | | | | | | | | | | | | | | | | | was a really bad idea. For example, the following: #include <x509.h> #include <bio.h> #include <asn1.h> would make sure that things like ASN1_UTCTIME_print() wasn't defined unless you moved the inclusion of bio.h to above the inclusion of x509.h. The reason is that x509.h includes asn1.h, and the declaration of ASN1_UTCTIME_print() depended on the definition of HEADER_BIO_H. That's what I call an obscure bug. Instead, this change makes sure that whatever header files are needed for the correct process of one header file are included automagically, and that the definitions of, for example, BIO-related things are dependent on the absence of the NO_{foo} macros. This is also consistent with the way parts of OpenSSL can be excluded at will.
* "make update" + stripping the type-specific stack functions out ofGeoff Thorpe2000-06-011-0/+62
| | | | libeay.num and ssleay.num.
* In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,Richard Levitte2000-05-021-2/+18
| | | | | | "Jan Mikkelsen" <janm@transactionsite.com> correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed.
* Use correct function names in SSLerr macros.Bodo Möller2000-03-141-0/+1
|
* Let's not lie to the people.Richard Levitte2000-03-061-3/+2
|
* Some time in history, SSL_CTX_sessions() disappeared. It is nowRichard Levitte2000-02-251-0/+1
| | | | restored, but not as a macro this time...
* Allow code which calls RSA temp key callback to copeDr. Stephen Henson2000-02-251-0/+1
| | | | | | with a failure. Fix typos in some error codes.
* Add missing prototypes for new functionsRalf S. Engelschall2000-02-241-0/+2
|
* make updateRichard Levitte2000-02-231-0/+1
|
* Allow ADH to be used but not present in the default cipherDr. Stephen Henson2000-02-231-5/+0
| | | | | | | list. Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures: some CAs do this.
* Move the registration of callback functions to special functionsRichard Levitte2000-02-201-0/+2
| | | | | | | | | | designed for that. This removes the potential error to mix data and function pointers. Please note that I'm a little unsure how incorrect calls to the old ctrl functions should be handled, in som cases. I currently return 0 and that's it, but it may be more correct to generate a genuine error in those cases.
* Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.Bodo Möller2000-02-201-2/+3
|
* Rename SSLeay_add_all_algorithms() et al toDr. Stephen Henson2000-02-041-0/+1
| | | | | OpenSSL_add_all_algorithms(). Move these into separate files so they work properly.
* ispell (and minor modifications)Ulf Möller2000-02-031-10/+10
|
* Source code cleanups: Use void * rather than char * in lhash,Ulf Möller2000-01-301-1/+1
| | | | eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
* Some comments added, and slight code clean-ups.Bodo Möller2000-01-261-1/+3
|
* Tidy up CRYPTO_EX_DATA structures.Dr. Stephen Henson2000-01-231-6/+6
|
* Apply Lutz Behnke's 56 bit cipher patch with a fewDr. Stephen Henson2000-01-221-5/+13
| | | | | | | minor changes. Docs haven't been added at this stage. They are probably best included in the 'ciphers' program docs.
* Some more ifdefs for no-xxx options.Ulf Möller2000-01-211-1/+1
|
* Add missing #ifndefs that caused missing symbols when building libsslUlf Möller2000-01-161-0/+4
| | | | | | | | as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. Submitted by: Kris Kennaway <kris@hub.freebsd.org> Modified by Ulf Möller
* Precautions against using the PRNG uninitialized: RAND_bytes() nowUlf Möller2000-01-131-1/+1
| | | | | | returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
* Clean up some of the SSL server code.Bodo Möller2000-01-111-3/+4
|
* New functions SSL_get_finished, SSL_get_peer_finished.Bodo Möller2000-01-061-0/+7
| | | | Add short state string for MS SGC.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-26 19:55:24 +0000