aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Constification.Ben Laurie2005-03-3012-120/+130
|
* Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server andDr. Stephen Henson2005-03-222-2/+2
| | | | client random values.
* some const fixesNils Larsch2005-03-202-5/+5
|
* Apparently, at least with my VMS C environment, defining _XOPEN_SOURCERichard Levitte2005-01-191-3/+4
| | | | | | gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from being defined, and that breaks havock into the rest of the standard headers... *sigh*
* Small thing. It seems like we have to defined _XOPEN_SOURCE to getRichard Levitte2005-01-181-0/+2
| | | | isascii() on DEC/Compaq/HP C for VMS.
* Changes concering RFC 3820 (proxy certificates) integration:Richard Levitte2005-01-171-21/+468
| | | | | | | | | | | | | | | | | - Enforce that there should be no policy settings when the language is one of id-ppl-independent or id-ppl-inheritAll. - Add functionality to ssltest.c so that it can process proxy rights and check that they are set correctly. Rights consist of ASCII letters, and the condition is a boolean expression that includes letters, parenthesis, &, | and ^. - Change the proxy certificate configurations so they get proxy rights that are understood by ssltest.c. - Add a script that tests proxy certificates with SSL operations. Other changes: - Change the copyright end year in mkerr.pl. - make update.
* Small typo, `mask' got the same value ORed to it twice instead ofRichard Levitte2005-01-121-1/+1
| | | | | | `mask' and `emask' getting that operation done once each. Patch supplied by Nils Larsch <nils.larsch@cybertrust.com>
* Don't use $(EXHEADER) directly in for loops, as most shells will breakRichard Levitte2004-11-021-1/+1
| | | | | | if $(EXHEADER) is empty. Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
* Fix race condition when SSL ciphers are initialized.Dr. Stephen Henson2004-10-251-1/+1
|
* New X509_VERIFY_PARAM structure and associated functionality.Dr. Stephen Henson2004-09-063-18/+47
| | | | | | | | | | This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.
* make updateRichard Levitte2004-07-101-20/+20
|
* Use the new directory reading functions.Richard Levitte2004-07-101-109/+18
|
* Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMPRichard Levitte2004-05-201-6/+7
| | | | | wrapping preprocessor directive. This also removes a duplicate declaration.
* After the latest round of header-hacking, regenerate the dependencies inGeoff Thorpe2004-05-171-572/+556
| | | | | the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.
* Deprecate quite a few recursive includes from the ssl.h API header andGeoff Thorpe2004-05-176-8/+11
| | | | | remove some unnecessary includes from the internal header ssl_locl.h. This then requires adding includes for bn.h in four C files.
* Fixes so alerts are sent properly in s3_pkt.cDr. Stephen Henson2004-05-151-4/+4
| | | | PR: 851
* Allow RSA key-generation to specify an arbitrary public exponent. JelteGeoff Thorpe2004-04-261-2/+5
| | | | | | | | | proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. PR: 867 Submitted by: Jelte Jansen Reviewed by: Geoff Thorpe
* make updateGeoff Thorpe2004-04-191-461/+441
|
* (oops) Apologies all, that last header-cleanup commit was from the wrongGeoff Thorpe2004-04-198-1/+10
| | | | | tree. This further reduces header interdependencies, and makes some associated cleanups.
* SSL_COMP_get_compression_method is a typo (a missing 's' at the end ofRichard Levitte2004-03-252-8/+2
| | | | the symbol name).
* Avoid warnings.Dr. Stephen Henson2004-03-161-2/+2
|
* Constify d2i, s2i, c2i and r2i functions and other associatedRichard Levitte2004-03-157-22/+27
| | | | | | | | functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
* make updateRichard Levitte2004-01-281-199/+193
|
* unintptr_t and <inttypes.h> are not strictly portable with respect toLutz Jänicke2004-01-041-2/+1
| | | | | ANSI C 89. Undo change to maintain compatibility.
* Avoid including cryptlib.h, it's not really needed.Richard Levitte2003-12-2713-11/+14
| | | | | Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
* Use sh explicitely to run point.shRichard Levitte2003-12-271-1/+1
| | | | This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
* Restructure make targets to allow parallel make.Lutz Jänicke2003-12-031-2/+2
| | | | | | Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl> PR: #513
* We're getting a clash with C++ because it has a type called 'list'.Richard Levitte2003-11-293-41/+42
| | | | | | | Therefore, change all instances of the symbol 'list' to something else. PR: 758 Submitted by: Frédéric Giudicelli <groups@newpki.org>
* RSA_size() and DH_size() return the amount of bytes in a key, and weRichard Levitte2003-11-281-2/+2
| | | | | | compared it to the amount of bits required... PR: 770 Submitted by: c zhang <czhang2005@hotmail.com>
* Netware-specific changes,Richard Levitte2003-11-281-0/+3
| | | | | | PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte
* Avoid some shadowed variable names.Geoff Thorpe2003-11-042-9/+9
| | | | Submitted by: Nils Larsch
* A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.Geoff Thorpe2003-10-2910-23/+25
| | | | | | | | | | I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
* Avoid warnings: add missing prototype, don't shadow.Dr. Stephen Henson2003-10-102-3/+4
|
* Add functionality to get information on compression methods (not quite ↵Richard Levitte2003-10-064-0/+32
| | | | complete).
* Make sure int SSL_COMP_add_compression_method() checks if a certainRichard Levitte2003-10-064-5/+31
| | | | | | | | | | | | | | | | | | | | compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods().
* Check for errors from SSL_COMP_add_compression_method().Richard Levitte2003-10-021-1/+8
| | | | Notified by Andrew Marlow <AMARLOW1@bloomberg.net>
* Correct a mixup of return valuesRichard Levitte2003-10-021-2/+2
|
* Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.Richard Levitte2003-09-271-0/+1
| | | | PR: 679
* Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.Richard Levitte2003-09-271-0/+1
| | | | PR: 680
* Include the instance in the Kerberos ticket information.Richard Levitte2003-09-272-10/+27
| | | | | In s_server, print the received Kerberos information. PR: 693
* Free the Kerberos context upon freeing the SSL.Richard Levitte2003-09-271-0/+5
| | | | Contributed by Andrew Mann <amann@tccgi.com>
* These should be write-locks, not read-locks.Geoff Thorpe2003-09-081-2/+2
|
* Only accept a client certificate if the server requestsDr. Stephen Henson2003-09-031-4/+5
| | | | one, as required by SSL/TLS specs.
* fix out-of-bounds check in lock_dbg_cb (was too lose to detect allBodo Möller2003-08-141-1/+1
| | | | | | invalid cases) PR: 674
* make sure no error is left in the queue that is intentionally ignoredBodo Möller2003-08-111-1/+3
|
* updates for draft-ietf-tls-ecc-03.txtBodo Möller2003-07-223-4/+40
| | | | | Submitted by: Douglas Stebila Reviewed by: Bodo Moeller
* tolerate extra data at end of client hello for SSL 3.0Bodo Möller2003-07-211-0/+4
| | | | PR: 659
* Fix ordering of compare functions: strncmp() must be used first, aLutz Jänicke2003-04-081-3/+4
| | | | | | | the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
* Correct a lot of printing calls. Remove extra arguments...Richard Levitte2003-04-031-1/+1
|
* Let's limit the extent of the definition of _XOPEN_SOURCE.Richard Levitte2003-03-251-0/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-06 06:30:33 +0000