This commit was manufactured by cvs2svn to create branch 'OpenSSL-engine-

subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority

notBefore=941109235417Z

notAfter =991231235417Z

-----BEGIN X509 CERTIFICATE-----

MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw

HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl

IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda

Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0

YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp

Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB

roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12

aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc

HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A

iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7

suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h

cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=

-----END X509 CERTIFICATE-----

/* crypto/uid.c */

/* ====================================================================

 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer. 

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    licensing@OpenSSL.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

#include <openssl/crypto.h>

#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)

#include <unistd.h>

int OPENSSL_issetugid(void)

	{

	return issetugid();

	}

#elif defined(OPENSSL_SYS_WIN32)

int OPENSSL_issetugid(void)

	{

	return 0;

	}

#else

#include <unistd.h>

#include <sys/types.h>

int OPENSSL_issetugid(void)

	{

	if (getuid() != geteuid()) return 1;

	if (getgid() != getegid()) return 1;

	return 0;

	}

#endif

=pod

=head1 NAME

SSL_CTX_add_extra_chain_cert - add certificate to chain

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)

=head1 DESCRIPTION

SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate

chain presented together with the certificate. Several certificates

can be added one after the other.

=head1 NOTES

When constructing the certificate chain, the chain will be formed from

these certificates explicitly specified. If no chain is specified,

the library will try to complete the chain from the available CA

certificates in the trusted CA storage, see

L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.

=head1 RETURN VALUES

SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the

error stack to find out the reason for failure otherwise.

=head1 SEE ALSO

L<ssl(3)|ssl(3)>,

L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,

L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>

=cut

=pod

=head1 NAME

SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);

 int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);

 int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);

 int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);

=head1 DESCRIPTION

SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The

reference count for session B<c> is incremented by 1. If a session with

the same session id already exists, the old session is removed by calling

L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.

SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>.

L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> is called once for B<c>.

SSL_add_session() and SSL_remove_session() are synonyms for their

SSL_CTX_*() counterparts.

=head1 NOTES

When adding a new session to the internal session cache, it is examined

whether a session with the same session id already exists. In this case

it is assumed that both sessions are identical. If the same session is

stored in a different SSL_SESSION object, The old session is

removed and replaced by the new session. If the session is actually

identical (the SSL_SESSION object is identical), SSL_CTX_add_session()

is a no-op, and the return value is 0.

=head1 RETURN VALUES

The following values are returned by all functions:

=over 4

=item 0

 The operation failed. In case of the add operation, it was tried to add

 the same (identical) session twice. In case of the remove operation, the

 session was not found in the cache.

=item 1

 The operation succeeded.

=back

=head1 SEE ALSO

L<ssl(3)|ssl(3)>,

L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,

L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>

=cut

=pod

=head1 NAME

SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);

 void SSL_flush_sessions(SSL_CTX *ctx, long tm);

=head1 DESCRIPTION

SSL_CTX_flush_sessions() causes a run through the session cache of

B<ctx> to remove sessions expired at time B<tm>.

SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions().

=head1 NOTES

If enabled, the internal session cache will collect all sessions established

up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).

As sessions will not be reused ones they are expired, they should be

removed from the cache to save resources. This can either be done

 automatically whenever 255 new sessions were established (see

L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)

or manually by calling SSL_CTX_flush_sessions(). 

The parameter B<tm> specifies the time which should be used for the

expiration test, in most cases the actual time given by time(0)

will be used.

SSL_CTX_flush_sessions() will only check sessions stored in the internal

cache. When a session is found and removed, the remove_session_cb is however

called to synchronize with the external cache (see

L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).

=head1 RETURN VALUES

=head1 SEE ALSO

L<ssl(3)|ssl(3)>,

L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,

L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,

L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>

=cut