Loading CHANGES +11 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,17 @@ Changes between 0.9.8d and 0.9.9 [xx XXX xxxx] *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so new CRLs added to a directory can be used. New command line option -verify_return_error to s_client and s_server. This causes real errors to be returned by the verify callback instead of carrying on no matter what. This reflects the way a "real world" verify callback would behave. [Steve Henson] *) GOST engine, supporting several GOST algorithms and public key formats. Kindly donated by Cryptocom. [Cryptocom] *) Partial support for Issuing Distribution Point CRL extension. CRLs partitioned by DP are handled but no indirect CRL or reason partitioning (yet). Complete overhaul of CRL handling: now the most suitable CRL is Loading apps/s_cb.c +3 −1 Original line number Diff line number Diff line Loading @@ -123,6 +123,7 @@ int verify_depth=0; int verify_error=X509_V_OK; int verify_return_error=0; int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { Loading @@ -142,6 +143,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) X509_verify_cert_error_string(err)); if (verify_depth >= depth) { if (!verify_return_error) ok=1; verify_error=X509_V_OK; } Loading apps/s_client.c +3 −0 Original line number Diff line number Diff line Loading @@ -187,6 +187,7 @@ typedef unsigned int u_int; extern int verify_depth; extern int verify_error; extern int verify_return_error; #ifdef FIONBIO static int c_nbio=0; Loading Loading @@ -478,6 +479,8 @@ int MAIN(int argc, char **argv) vflags |= X509_V_FLAG_CRL_CHECK; else if (strcmp(*argv,"-crl_check_all") == 0) vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-verify_return_error") == 0) verify_return_error = 1; else if (strcmp(*argv,"-prexit") == 0) prexit=1; else if (strcmp(*argv,"-crlf") == 0) Loading apps/s_server.c +3 −1 Original line number Diff line number Diff line Loading @@ -258,7 +258,7 @@ static int accept_socket= -1; #undef PROG #define PROG s_server_main extern int verify_depth; extern int verify_depth, verify_return_error; static char *cipher=NULL; static int s_server_verify=SSL_VERIFY_NONE; Loading Loading @@ -842,6 +842,8 @@ int MAIN(int argc, char *argv[]) { vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; } else if (strcmp(*argv,"-verify_return_error") == 0) verify_return_error = 1; else if (strcmp(*argv,"-serverpref") == 0) { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) Loading crypto/stack/safestack.h +44 −0 Original line number Diff line number Diff line Loading @@ -410,6 +410,50 @@ STACK_OF(type) \ #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) #define sk_BY_DIR_ENTRY_new(st) SKM_sk_new(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) #define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) #define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) #define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) #define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) #define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) #define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) #define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) #define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) #define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_HASH_new(st) SKM_sk_new(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) #define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) #define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) #define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) #define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) #define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) #define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) #define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) #define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) #define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) Loading Loading
CHANGES +11 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,17 @@ Changes between 0.9.8d and 0.9.9 [xx XXX xxxx] *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so new CRLs added to a directory can be used. New command line option -verify_return_error to s_client and s_server. This causes real errors to be returned by the verify callback instead of carrying on no matter what. This reflects the way a "real world" verify callback would behave. [Steve Henson] *) GOST engine, supporting several GOST algorithms and public key formats. Kindly donated by Cryptocom. [Cryptocom] *) Partial support for Issuing Distribution Point CRL extension. CRLs partitioned by DP are handled but no indirect CRL or reason partitioning (yet). Complete overhaul of CRL handling: now the most suitable CRL is Loading
apps/s_cb.c +3 −1 Original line number Diff line number Diff line Loading @@ -123,6 +123,7 @@ int verify_depth=0; int verify_error=X509_V_OK; int verify_return_error=0; int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { Loading @@ -142,6 +143,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) X509_verify_cert_error_string(err)); if (verify_depth >= depth) { if (!verify_return_error) ok=1; verify_error=X509_V_OK; } Loading
apps/s_client.c +3 −0 Original line number Diff line number Diff line Loading @@ -187,6 +187,7 @@ typedef unsigned int u_int; extern int verify_depth; extern int verify_error; extern int verify_return_error; #ifdef FIONBIO static int c_nbio=0; Loading Loading @@ -478,6 +479,8 @@ int MAIN(int argc, char **argv) vflags |= X509_V_FLAG_CRL_CHECK; else if (strcmp(*argv,"-crl_check_all") == 0) vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; else if (strcmp(*argv,"-verify_return_error") == 0) verify_return_error = 1; else if (strcmp(*argv,"-prexit") == 0) prexit=1; else if (strcmp(*argv,"-crlf") == 0) Loading
apps/s_server.c +3 −1 Original line number Diff line number Diff line Loading @@ -258,7 +258,7 @@ static int accept_socket= -1; #undef PROG #define PROG s_server_main extern int verify_depth; extern int verify_depth, verify_return_error; static char *cipher=NULL; static int s_server_verify=SSL_VERIFY_NONE; Loading Loading @@ -842,6 +842,8 @@ int MAIN(int argc, char *argv[]) { vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; } else if (strcmp(*argv,"-verify_return_error") == 0) verify_return_error = 1; else if (strcmp(*argv,"-serverpref") == 0) { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) Loading
crypto/stack/safestack.h +44 −0 Original line number Diff line number Diff line Loading @@ -410,6 +410,50 @@ STACK_OF(type) \ #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) #define sk_BY_DIR_ENTRY_new(st) SKM_sk_new(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) #define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) #define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) #define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) #define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) #define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) #define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) #define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) #define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) #define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) #define sk_BY_DIR_HASH_new(st) SKM_sk_new(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) #define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) #define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) #define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) #define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) #define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) #define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) #define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) #define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) #define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) #define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) Loading
