Loading CHANGES +17 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,23 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller] *) Fix initialization code race conditions in SSLv23_client_method(), SSLv23_server_method(), SSLv2_client_method(), SSLv2_server_method(), SSLv3_client_method(), SSLv3_server_method(), TLSv1_client_method(), TLSv1_server_method(). [Patrick McCormick <patrick@tellme.com>, Bodo Moeller] *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after the cached sessions are flushed, as the remove_cb() might use ex_data contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com> (see [openssl.org #212]). [Geoff Thorpe, Lutz Jaenicke] *) Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. [Steve Henson] Loading FAQ +12 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ OpenSSL - Frequently Asked Questions * Why does the linker complain about undefined symbols? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? * Why does the OpenSSL test fail with "bc: stack empty"? * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? * Why does the OpenSSL compilation fail on Win32 with VC++? Loading Loading @@ -392,6 +393,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used, for example. * Why does the OpenSSL test fail with "bc: stack empty"? On some DG/ux versions, bc seems to have a too small stack for calculations that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc and compile/install it. GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used, for example. * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? On some Alpha installations running Tru64 Unix and Compaq C, the compilation Loading Makefile.org +4 −6 Original line number Diff line number Diff line Loading @@ -270,9 +270,7 @@ do_gnu-shared: done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ collect2=`gcc -print-prog-name=collect2 2>&1` && \ [ -n "$$collect2" ] && \ my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ my_ld=`gcc -print-prog-name=ld 2>&1` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 Loading Loading @@ -687,13 +685,13 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 @pod2man=`cd util; ./pod2mantest ignore`; \ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$(PERL) $$pod2man \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ Loading @@ -703,7 +701,7 @@ install_docs: if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$(PERL) $$pod2man \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ Loading apps/makeapps.com +1 −1 Original line number Diff line number Diff line Loading @@ -1077,7 +1077,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! $! Special Threads For OpenVMS v7.1 Or Later $! Loading apps/pkcs12.c +4 −6 Original line number Diff line number Diff line Loading @@ -503,9 +503,10 @@ int MAIN(int argc, char **argv) /* Exclude verified certificate */ for (i = 1; i < sk_X509_num (chain2) ; i++) sk_X509_push(certs, sk_X509_value (chain2, i)); } /* Free first certificate */ X509_free(sk_X509_value(chain2, 0)); sk_X509_free(chain2); if (vret) { } else { BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); goto export_end; Loading @@ -532,8 +533,6 @@ int MAIN(int argc, char **argv) } sk_X509_pop_free(certs, X509_free); certs = NULL; /* ucert is part of certs so it is already freed */ ucert = NULL; #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); Loading Loading @@ -621,7 +620,6 @@ int MAIN(int argc, char **argv) if (certs) sk_X509_pop_free(certs, X509_free); if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); Loading Loading
CHANGES +17 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,23 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller] *) Fix initialization code race conditions in SSLv23_client_method(), SSLv23_server_method(), SSLv2_client_method(), SSLv2_server_method(), SSLv3_client_method(), SSLv3_server_method(), TLSv1_client_method(), TLSv1_server_method(). [Patrick McCormick <patrick@tellme.com>, Bodo Moeller] *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after the cached sessions are flushed, as the remove_cb() might use ex_data contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com> (see [openssl.org #212]). [Geoff Thorpe, Lutz Jaenicke] *) Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. [Steve Henson] Loading
FAQ +12 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ OpenSSL - Frequently Asked Questions * Why does the linker complain about undefined symbols? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? * Why does the OpenSSL test fail with "bc: stack empty"? * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? * Why does the OpenSSL compilation fail on Win32 with VC++? Loading Loading @@ -392,6 +393,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used, for example. * Why does the OpenSSL test fail with "bc: stack empty"? On some DG/ux versions, bc seems to have a too small stack for calculations that the OpenSSL bntest throws at it. This gets triggered when you run the test suite (using "make test"). The message returned is "bc: stack empty". The best way to deal with this is to find another implementation of bc and compile/install it. GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used, for example. * Why does the OpenSSL compilation fail on Alpha Tru64 Unix? On some Alpha installations running Tru64 Unix and Compaq C, the compilation Loading
Makefile.org +4 −6 Original line number Diff line number Diff line Loading @@ -270,9 +270,7 @@ do_gnu-shared: done DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ collect2=`gcc -print-prog-name=collect2 2>&1` && \ [ -n "$$collect2" ] && \ my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ my_ld=`gcc -print-prog-name=ld 2>&1` && \ [ -n "$$my_ld" ] && \ $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 Loading Loading @@ -687,13 +685,13 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 @pod2man=`cd util; ./pod2mantest ignore`; \ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$(PERL) $$pod2man \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ Loading @@ -703,7 +701,7 @@ install_docs: if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$(PERL) $$pod2man \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ Loading
apps/makeapps.com +1 −1 Original line number Diff line number Diff line Loading @@ -1077,7 +1077,7 @@ $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS $! $! Show user the result $! $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC $ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC $! $! Special Threads For OpenVMS v7.1 Or Later $! Loading
apps/pkcs12.c +4 −6 Original line number Diff line number Diff line Loading @@ -503,9 +503,10 @@ int MAIN(int argc, char **argv) /* Exclude verified certificate */ for (i = 1; i < sk_X509_num (chain2) ; i++) sk_X509_push(certs, sk_X509_value (chain2, i)); } /* Free first certificate */ X509_free(sk_X509_value(chain2, 0)); sk_X509_free(chain2); if (vret) { } else { BIO_printf (bio_err, "Error %s getting chain.\n", X509_verify_cert_error_string(vret)); goto export_end; Loading @@ -532,8 +533,6 @@ int MAIN(int argc, char **argv) } sk_X509_pop_free(certs, X509_free); certs = NULL; /* ucert is part of certs so it is already freed */ ucert = NULL; #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); Loading Loading @@ -621,7 +620,6 @@ int MAIN(int argc, char **argv) if (certs) sk_X509_pop_free(certs, X509_free); if (safes) sk_PKCS7_pop_free(safes, PKCS7_free); if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); if (ucert) X509_free(ucert); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); Loading
