Commit c0b8eb60 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add SHA2 algorithms to SSL_library_init(). Although these aren't used 

directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
parent d4a45bf3

CHANGES

+7 −0
Original line number Diff line number Diff line
@@ -940,6 +940,13 @@ 
  *) Change 'Configure' script to enable Camellia by default.

     [NTT]

  

 Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]



  *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more

     common in certificates and some applications which only call

     SSL_library_init and not OpenSSL_add_all_algorithms() will fail.

     [Steve Henson]



 Changes between 0.9.8m and 0.9.8n [24 Mar 2010]



  *) When rejecting SSL/TLS records due to an incorrect version number, never

doc/ssl/SSL_library_init.pod

+9 −6
Original line number Diff line number Diff line
@@ -27,25 +27,28 @@ SSL_library_init() is not reentrant. 


=head1 WARNING



SSL_library_init() mainly adds ciphers and digests used directly by SSL/TLS.

In some cases this is not sufficient and errors about unknown algorithms

will occur: for example when an attempt is made to use a certificate using

SHA256. This can be resolved by also calling OpenSSL_add_all_algorithms().

SSL_library_init() adds ciphers and digests used directly and indirectly by

SSL/TLS.



=head1 EXAMPLES



A typical TLS/SSL application will start with the library initialization,

will provide readable error messages and will seed the PRNG.

and provide readable error messages.



 SSL_load_error_strings();                /* readable error messages */

 SSL_library_init();                      /* initialize library */

 actions_to_seed_PRNG(); 



=head1 RETURN VALUES



SSL_library_init() always returns "1", so it is safe to discard the return

value.



=head1 NOTES



OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().

Applications which need to use SHA2 in earlier versions of OpenSSL should call

OpenSSL_add_all_algorithms() as well.



=head1 SEE ALSO



L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,

ssl/ssl_algs.c

+8 −0
Original line number Diff line number Diff line
@@ -105,6 +105,14 @@ int SSL_library_init(void) 
	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");

	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);

#endif

#ifndef OPENSSL_NO_SHA256

	EVP_add_digest(EVP_sha224());

	EVP_add_digest(EVP_sha256());

#endif

#ifndef OPENSSL_NO_SHA512

	EVP_add_digest(EVP_sha384());

	EVP_add_digest(EVP_sha512());

#endif

#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)

	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */

	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);