Skip to content
  1. Mar 11, 1999
  2. Mar 10, 1999
  3. Mar 09, 1999
  4. Mar 08, 1999
  5. Mar 07, 1999
  6. Mar 06, 1999
  7. Mar 05, 1999
  8. Mar 04, 1999
  9. Mar 03, 1999
  10. Feb 28, 1999
  11. Feb 27, 1999
  12. Feb 26, 1999
  13. Feb 25, 1999
    • Ralf S. Engelschall's avatar
      Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH · 15d21c2d
      Ralf S. Engelschall authored
      private keys and/or callback functions which directly correspond to their
      SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
      for applications which have to configure certificates on a per-connection
      basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
      s_server).
      
      For the RSA certificate situation is makes no difference, but for the DSA
      certificate situation this fixes the "no shared cipher" problem where the
      OpenSSL cipher selection procedure failed because the temporary keys were not
      overtaken from the context and the API provided no way to reconfigure them.
      
      The new functions now let applications reconfigure the stuff and they are in
      detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
      SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
      non-public-API function ssl_cert_instantiate() is used as a helper function
      and also to reduce code redundancy inside ssl_rsa.c.
      
      Submitted by: Ralf S. Engelschall
      Reviewed by: Ben Laurie
      15d21c2d
    • Ralf S. Engelschall's avatar
      Move s_server -dcert and -dkey options out of the undocumented feature area · ea14a91f
      Ralf S. Engelschall authored
      because they are useful for the DSA situation and should be recognized by the
      users. Thanks to Steve for the original hint.
      ea14a91f
    • Ralf S. Engelschall's avatar
      Fix the cipher decision scheme for export ciphers: the export bits are *not* · 90a52cec
      Ralf S. Engelschall authored
      within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
      original variable has to be used instead of the already masked variable.
      
      Submitted by: Richard Levitte <levitte@stacken.kth.se>
      Reviewed by: Ralf S. Engelschall
      90a52cec
    • Ralf S. Engelschall's avatar
      Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c · def9f431
      Ralf S. Engelschall authored
      Submitted by: Richard Levitte <levitte@stacken.kth.se>
      Reviewed by: Ralf S. Engelschall
      def9f431
    • Ralf S. Engelschall's avatar
      Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() · 8aef252b
      Ralf S. Engelschall authored
      from `int' to `unsigned int' because it's a length and initialized by
      EVP_DigestFinal() which expects an `unsigned int *'.
      
      Submitted by: Richard Levitte <levitte@stacken.kth.se>
      Reviewed by: Ralf S. Engelschall
      8aef252b