aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
Commit message (Collapse)AuthorAgeFilesLines
* SSL_new() may potentially add a certfificate. Therefore, wenRichard Levitte2000-12-121-0/+4
| | | | | | duplicating the certificate that is in the original SSL, remove the one that SSL_new() provided, if any. Spotted by: Mike Zeoli <zeoli@roguewave.com>
* Next step in tidying up the LHASH code.Geoff Thorpe2000-12-081-0/+4
| | | | | | | | | | | | | | | | DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe wrapper functions that avoid the use of function pointer casting yet retain type-safety for type-specific callbacks. However, most of the usage within OpenSSL itself doesn't really require the extra function because the hash and compare callbacks are internal functions declared only for use by the hash table. So this change catches all those cases and reimplements the functions using the base-level LHASH prototypes and does per-variable casting inside those functions to convert to the appropriate item type. The exception so far is in ssl_lib.c where the hash and compare callbacks are not static - they're exposed in ssl.h so their prototypes should not be changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left intact.
* It's completely unnecessary to add a compression algorithm that isRichard Levitte2000-12-041-0/+3
| | | | | really undefined. Spotted by Jeffrey Altman <jaltman@columbia.edu>
* Make the remaining LHASH macro changes. This should leave no remainingGeoff Thorpe2000-12-041-2/+5
| | | | | cases of function pointer casting in lh_new() calls - and leave only the lh_doall and lh_doall_arg cases to be finished.
* Fix warnings.Ben Laurie2000-12-031-1/+7
|
* remove unused static functionUlf Möller2000-12-021-0/+2
|
* First step in tidying up the LHASH code. The callback prototypes (andGeoff Thorpe2000-12-012-2/+3
| | | | | | | | | | | | | | | | casts) used in the lhash code are about as horrible and evil as they can be. For starters, the callback prototypes contain empty parameter lists. Yuck. This first change defines clearer prototypes - including "typedef"'d function pointer types to use as "hash" and "compare" callbacks, as well as the callbacks passed to the lh_doall and lh_doall_arg iteration functions. Now at least more explicit (and clear) casting is required in all of the dependant code - and that should be included in this commit. The next step will be to hunt down and obliterate some of the function pointer casting being used when it's not necessary - a particularly evil variant exists in the implementation of lh_doall.
* Typo corrected.Richard Levitte2000-12-011-1/+1
|
* "make depend"Bodo Möller2000-12-011-579/+558
|
* COMP_zlib should always be declared, even if it is not functional.Bodo Möller2000-11-301-1/+1
| | | | Don't dump core in ssltest.
* First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. ↵Richard Levitte2000-11-3013-623/+1560
| | | | Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
* The compression method may be undefined for some reason that hasRichard Levitte2000-11-301-0/+3
| | | | generated errors. Therefore, print whatever error there may be...
* Simplify and provide the possibility to clean a compression method.Richard Levitte2000-11-301-12/+10
|
* comp_methods in a SSL_CTX points at an internal database. Do *not*Richard Levitte2000-11-301-0/+4
| | | | free that, since it's shared by all SSL_CTX's, present and future.
* Turn off memory checking when loading new compression algorithms.Richard Levitte2000-11-301-1/+5
|
* Make it possible to test SSL compressionRichard Levitte2000-11-301-0/+33
|
* mark a bugBodo Möller2000-11-291-0/+1
|
* Store verify_result with sessions to avoid potential security hole.Lutz Jänicke2000-11-293-0/+3
| | | | For the server side this was already done one year ago :-(
* Comments on SSL_peek deficienciesBodo Möller2000-11-283-2/+12
|
* Disable SSL_peek until it is fixed.Bodo Möller2000-11-284-2/+16
|
* modular arithmeticsBodo Möller2000-11-262-0/+14
| | | | "make update"
* Increase permissible ClientKeyExchange message length.Bodo Möller2000-11-171-1/+1
|
* include 'err' label only when it is actually usedBodo Möller2000-11-171-0/+2
|
* tag SSL_peek bugsBodo Möller2000-11-172-0/+2
|
* I've checked again and again. There really is no need to expand a toRichard Levitte2000-11-162-0/+733
| | | | | 4 times it's size when bn_sqr_recursive() won't look farther than the original length. Thereby, constification is no longer a problem.
* in some new file names the first 8 characters were not uniqueUlf Möller2000-11-121-35/+35
|
* Remove references to RSAref. The glue library is but a memory to fadeRichard Levitte2000-11-081-0/+1
| | | | away now...
* The consequence of constification is that to pass the address to aRichard Levitte2000-11-061-2/+2
| | | | | pointer to a const double pointe parameter, the pointer must point to const data as well.
* If the functions get_dh*() are declared static, they should be defined the ↵Richard Levitte2000-10-221-3/+3
| | | | same way
* The experimental Rijndael code moved to the main trunk.Richard Levitte2000-10-141-19/+54
| | | | make update done.
* Make non blocking I/O work for accept BIOs.Dr. Stephen Henson2000-10-123-0/+9
|
* Set s->read_ahead in SSL_new because SSL_clear no longer modifies it.Bodo Möller2000-09-261-0/+1
|
* Don't modify s->read_ahead in SSL_clear, which is called fromBodo Möller2000-09-261-0/+2
| | | | | accept/connect functions; those should not change the read_ahead setting of the SSL structure.
* Fix SSL_CTX_set_read_ahead macro.Bodo Möller2000-09-261-1/+1
| | | | Submitted by: Anders Gertz <gertz@epact.se>
* 'ranlib' doesn't always run on some systems. That's actuallyRichard Levitte2000-09-251-1/+2
| | | | | acceptable, since all that happens if it fails is a library with an index, which makes linking slower, but still working correctly.
* Avoid protocol rollback.Bodo Möller2000-09-223-8/+15
|
* Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby@hp.com>Richard Levitte2000-09-211-0/+4
|
* Use sk_*_new_null() instead of sk_*_new(NULL), since that takes careRichard Levitte2000-09-173-3/+3
| | | | | of complaints from the compiler about data pointers and function pointers not being compatible with each other.
* New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the defaultBodo Möller2000-09-122-24/+31
| | | | behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
* 'make update'Richard Levitte2000-09-071-71/+88
|
* Keep a not of original encoding in certificate requests.Dr. Stephen Henson2000-09-051-2/+0
| | | | Add new option to PKCS7_sign to exclude S/MIME capabilities.
* Avoid abort() throughout the library, except when preprocessorBodo Möller2000-09-044-9/+18
| | | | symbols for debugging are defined.
* MD4 implemented. Assar Westerlund provided the digest code itself and the ↵Richard Levitte2000-08-141-438/+456
| | | | test utility, I added the bits to get a EVP interface, the command line utility and the speed test
* Document rollback issues.Bodo Möller2000-07-292-0/+3
|
* Fix SSL 2.0 rollback checking: The previous implementation of theBodo Möller2000-07-292-2/+4
| | | | | | | | | test was never triggered due to an off-by-one error. In s23_clnt.c, don't use special rollback-attack detection padding (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the client; similarly, in s23_srvr.c, don't do the rollback check if SSL 2.0 is the only protocol enabled in the server.
* I got sick and tired of having to keep track of NIDs when such a thingRichard Levitte2000-07-051-386/+403
| | | | | | | | | | | | | | | | | | could be done automagically, much like the numbering in libeay.num and ssleay.num. The solution works as follows: - New object identifiers are inserted in objects.txt, following the syntax given in objects.README. - objects.pl is used to process obj_mac.num and create a new obj_mac.h. - obj_dat.pl is used to create a new obj_dat.h, using the data in obj_mac.h. This is currently kind of a hack, and the perl code in objects.pl isn't very elegant, but it works as I intended. The simplest way to check that it worked correctly is to look in obj_dat.h and check the array nid_objs and make sure the objects haven't moved around (this is important!). Additions are OK, as well as consistent name changes.
* BeautificationRichard Levitte2000-07-051-6/+6
|
* Fix code structure (if ... else if ... where both partsBodo Möller2000-07-021-5/+9
| | | | may be disabled by preprocessor symbols)
* Fixes for Win32 build.Dr. Stephen Henson2000-06-213-4/+4
| | | | | | | | | | | | | | | | | This is mostly a work around for the old VC++ problem that it treats func() as func(void). Various prototypes had been added to 'compare' function pointers that triggered this. This could be fixed by removing the prototype, adding function pointer casts to every call or changing the passed function to use the expected arguments. I mostly did the latter. The mkdef.pl script was modified to remove the typesafe functions which no longer exist. Oh and some functions called OPENSSL_freeLibrary() were changed back to FreeLibrary(), wonder how that happened :-)
* Safe stack reorganisation in terms of function casts.Dr. Stephen Henson2000-06-161-62/+0
| | | | | | | | | | | | After some messing around this seems to work but needs a few more tests. Working out the syntax for sk_set_cmp_func() (cast it to a function that itself returns a function pointer) was painful :-( Needs some testing to see what other compilers think of this syntax. Also needs similar stuff for ASN1_SET_OF etc etc.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 13:47:49 +0000