- Feb 26, 1999
-
-
Dr. Stephen Henson authored
now change it to BN_RECURSION_MONT so it isn't compiled in.
-
- Feb 25, 1999
-
-
Ralf S. Engelschall authored
private keys and/or callback functions which directly correspond to their SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed for applications which have to configure certificates on a per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g. s_server). For the RSA certificate situation is makes no difference, but for the DSA certificate situation this fixes the "no shared cipher" problem where the OpenSSL cipher selection procedure failed because the temporary keys were not overtaken from the context and the API provided no way to reconfigure them. The new functions now let applications reconfigure the stuff and they are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new non-public-API function ssl_cert_instantiate() is used as a helper function and also to reduce code redundancy inside ssl_rsa.c. Submitted by: Ralf S. Engelschall Reviewed by: Ben Laurie
-
Ralf S. Engelschall authored
because they are useful for the DSA situation and should be recognized by the users. Thanks to Steve for the original hint.
-
Ralf S. Engelschall authored
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the original variable has to be used instead of the already masked variable. Submitted by: Richard Levitte <levitte@stacken.kth.se> Reviewed by: Ralf S. Engelschall
-
Ralf S. Engelschall authored
Submitted by: Richard Levitte <levitte@stacken.kth.se> Reviewed by: Ralf S. Engelschall
-
Ralf S. Engelschall authored
from `int' to `unsigned int' because it's a length and initialized by EVP_DigestFinal() which expects an `unsigned int *'. Submitted by: Richard Levitte <levitte@stacken.kth.se> Reviewed by: Ralf S. Engelschall
-
Ralf S. Engelschall authored
script. Instead use the usual Shell->Perl transition trick.
-
- Feb 24, 1999
-
-
Ralf S. Engelschall authored
addition to RSA certificates) to match the behaviour of `openssl dsa -noout -modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by `openssl dsa -modulus' in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too.
-
- Feb 23, 1999
-
-
Ben Laurie authored
-
Dr. Stephen Henson authored
-
- Feb 22, 1999
-
-
Ben Laurie authored
-
- Feb 21, 1999
-
-
Ben Laurie authored
-
Dr. Stephen Henson authored
info will come later... Feel free to reformat and tidy this up...
-
Dr. Stephen Henson authored
Submitted by: Ulf Moeller <ulf@fitug.de>
-
- Feb 20, 1999
-
-
Ben Laurie authored
-
- Feb 19, 1999
-
-
Dr. Stephen Henson authored
to support CRL extensions.
-
- Feb 17, 1999
-
-
Dr. Stephen Henson authored
and really fix the ASN.1 IMPLICIT bug this time :-)
-
Ben Laurie authored
-
- Feb 16, 1999
-
-
Mark J. Cox authored
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Fix so that the version number in the master secret, when passed via RSA, checks that if TLS was proposed, but we roll back to SSLv3 (because the server will not accept higher), that the version number is 0x03,0x01, not 0x03,0x00 [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Submitted by: Reviewed by: PR:
-
- Feb 15, 1999
-
-
Dr. Stephen Henson authored
-
- Feb 14, 1999
-
-
Dr. Stephen Henson authored
of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension.
-
Ralf S. Engelschall authored
array code in the crypto/err/err_genc.pl script. Submitted by: Lars Weber <3weber@informatik.uni-hamburg.de> Reviewed by: Ralf s. Engelschall
-
Dr. Stephen Henson authored
-
- Feb 13, 1999
-
-
Dr. Stephen Henson authored
-
Ben Laurie authored
-
Dr. Stephen Henson authored
perl script. It failed if the OID had any zeros in it.
-
Ben Laurie authored
-
Ben Laurie authored
wrong keylength with export null ciphers.
-
- Feb 11, 1999
-
-
Dr. Stephen Henson authored
also add an 'update' option to automatically append any new functions to the ssleay.num and libeay.num files.
-
- Feb 10, 1999
-
-
Ralf S. Engelschall authored
- ported BN stuff to OpenSSL's different BN library - made the perl/ source tree CVS-aware - renamed the package from SSLeay to OpenSSL (the files still contain their history because I've copied them in the repository) - removed obsolete files (the test scripts will be replaced by better Test::Harness variants in the future)
-
Ralf S. Engelschall authored
-
Dr. Stephen Henson authored
name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
-
- Feb 09, 1999
-
-
Dr. Stephen Henson authored
code and adds support to ASN1_TYPE and asn1parse.
-
- Jan 31, 1999
-
-
Mark J. Cox authored
Submitted by: Eric A Young - from changes to C2Net SSLeay Reviewed by: Mark Cox PR:
-
Ralf S. Engelschall authored
-
- Jan 30, 1999
-
-
Ben Laurie authored
-
Ralf S. Engelschall authored
Submitted by: Alan Batie <batie@aahz.jf.intel.com>
-
Ralf S. Engelschall authored
Submitted by: Rainer W. Gerling <gerling@mpg-gv.mpg.de> Reviewed by: Ralf S. Engelschall
-
- Jan 29, 1999
-
-
Dr. Stephen Henson authored
be pulled apart and built.
-
Dr. Stephen Henson authored
Also fix typos in the usage messages: "inout" instead of "input".
-