- Feb 20, 2001
-
-
Ulf Möller authored
-
Ulf Möller authored
-
Ulf Möller authored
-
- Feb 19, 2001
-
-
Ulf Möller authored
-
Ulf Möller authored
It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
-
Richard Levitte authored
-
Richard Levitte authored
-
Richard Levitte authored
-
Dr. Stephen Henson authored
Remove the old broken bio read of serial numbers in the 'ca' index file. This would choke if a revoked certificate was specified with a negative serial number. Fix typo in uid.c
-
Richard Levitte authored
files. Instead, insert proper information in the $def string, which will be properly munged later on.
-
Richard Levitte authored
-
Richard Levitte authored
-
Bodo Möller authored
-
Bodo Möller authored
-
Richard Levitte authored
His own words are: The patch adds no new functionality (other than a simple test package) to the libraries, but it allows them to be compiled with Perl5.6.0. It has only been tested under "Red Hat Linux release 7.0 (Guinness)" with the unpatched verion of OpenSSL 0.9.6 released last September.
-
- Feb 16, 2001
-
-
Richard Levitte authored
-
Ulf Möller authored
-
Ulf Möller authored
-
Dr. Stephen Henson authored
Add revelant new X509V3 extensions. Add OIDs. Fix ASN1 memory leak code to pop info if external allocation used.
-
- Feb 15, 2001
-
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
Lutz Jänicke authored
-
- Feb 14, 2001
-
-
Ulf Möller authored
-
Richard Levitte authored
-
Dr. Stephen Henson authored
Add -nopad option to enc command. Update docs.
-
Ulf Möller authored
-
Dr. Stephen Henson authored
-
Ulf Möller authored
-
- Feb 13, 2001
-
-
Lutz Jänicke authored
-
Richard Levitte authored
<t-matsuu@protein.osaka-u.ac.jp>
-
Lutz Jänicke authored
-
Dr. Stephen Henson authored
Doesn't handle SSL URLs yet.
-
- Feb 12, 2001
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Geoff Thorpe authored
gets rid of gcc warnings.
-
Geoff Thorpe authored
well (and is a good demonstration of how encapsulating the SSL in a memory-based state machine can make it easier to apply to different situations). The change implements a new command-line switch "-flipped <0|1>" which, if set to 1, reverses the usual interpretation of a client and server for SSL tunneling. Normally, an ssl client (ie. "-server 0") accepts "cleartext" connections and conducts SSL/TLS over a proxied connection acting as an SSL client. Likewise, an ssl server (ie. "-server 1") accepts connections and conducts SSL/TLS (as an SSL server) over them and passes "cleartext" over the proxied connection. With "-flipped 1", an SSL client (specified with "-server 0") in fact accepts SSL connections and proxies clear, whereas an SSL server ("-server 1") accepts clear and proxies SSL. NB: most of this diff is command-line handling, the actual meat of the change is simply the line or two that plugs "clean" and "dirty" file descriptors into the item that holds the state-machine - reverse them and you get the desired behaviour. This allows a network server to be an SSL client, and a network client to be an SSL server. Apart from curiosity value, there's a couple of possibly interesting applications - SSL/TLS is inherently vulnerable to trivial DoS attacks, because the SSL server usually has to perform a private key operation first, even if the client is authenticated. With this scenario, the network client is the SSL server and performs the first private key operation, whereas the network server serves as the SSL client. Another possible application is when client-only authentication is required (ie. the underlying protocol handles (or doesn't care about) authenticating the server). Eg. an SSL/TLS version of 'ssh' could be concocted where the client's signed certificate is used to validate login to a server system - whether or not the client needs to validate who the server is can be configured at the client end rather than at the server end (ie. a complete inversion of what happens in normal SSL/TLS). NB: This is just an experiment/play-thing, using "-flipped 1" probably creates something that is interoperable with exactly nothing. :-)
-