Revert "OPENSSL_NO_xxx cleanup: RFC3779"
authorDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 23 Jul 2015 16:30:06 +0000 (17:30 +0100)
committerRich Salz <rsalz@openssl.org>
Thu, 3 Sep 2015 20:31:09 +0000 (16:31 -0400)
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.

In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
12 files changed:
Configure
crypto/asn1/x_x509.c
crypto/x509/x509_vfy.c
crypto/x509v3/ext_dat.h
crypto/x509v3/v3_addr.c
crypto/x509v3/v3_asid.c
crypto/x509v3/v3_purp.c
include/openssl/x509.h
include/openssl/x509v3.h
makevms.com
util/libeay.num
util/mkdef.pl

index fb20e85..f6007c1 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -769,7 +769,7 @@ my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
 my $zlib=1;      # but "no-zlib" is default
-my $no_rfc3779=1; # but "no-rfc3779" is default
+my $no_rfc3779=0;
 my $no_asm=0;
 my $no_dso=0;
 my $no_gmp=0;
@@ -806,7 +806,6 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
                 "jpake"          => "experimental",
                 "md2"            => "default",
                 "rc5"            => "default",
-                "rfc3779"        => "default",
                 "sctp"       => "default",
                 "shared"         => "default",
                 "ssl-trace"      => "default",
@@ -819,7 +818,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
index 17bbb91..6e7850c 100644 (file)
@@ -95,8 +95,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ret->ex_pathlen = -1;
         ret->skid = NULL;
         ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
         ret->rfc3779_addr = NULL;
         ret->rfc3779_asid = NULL;
+#endif
         ret->aux = NULL;
         ret->crldp = NULL;
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@@ -116,8 +118,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         policy_cache_free(ret->policy_cache);
         GENERAL_NAMES_free(ret->altname);
         NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
         sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
         ASIdentifiers_free(ret->rfc3779_asid);
+#endif
         OPENSSL_free(ret->name);
         break;
 
index bc48b8a..6169db1 100644 (file)
@@ -485,6 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     if (!ok)
         goto end;
 
+#ifndef OPENSSL_NO_RFC3779
     /* RFC 3779 path validation, now that CRL check has been done */
     ok = v3_asid_validate_path(ctx);
     if (!ok)
@@ -492,6 +493,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     ok = v3_addr_validate_path(ctx);
     if (!ok)
         goto end;
+#endif
 
     /* If we get this far evaluate policies */
     if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
index d43c86c..9c3529b 100644 (file)
@@ -103,8 +103,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &v3_sxnet,
     &v3_info,
+#ifndef OPENSSL_NO_RFC3779
     &v3_addr,
     &v3_asid,
+#endif
 #ifndef OPENSSL_NO_OCSP
     &v3_ocsp_nonce,
     &v3_ocsp_crlid,
index 5c22c6d..c1c38a0 100644 (file)
@@ -69,6 +69,7 @@
 #include <openssl/buffer.h>
 #include <openssl/x509v3.h>
 
+#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@@ -1339,3 +1340,5 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
         return 0;
     return v3_addr_validate_path_internal(NULL, chain, ext);
 }
+
+#endif                          /* OPENSSL_NO_RFC3779 */
index f390c2d..d40279a 100644 (file)
@@ -69,6 +69,7 @@
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 
+#ifndef OPENSSL_NO_RFC3779
 
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -893,3 +894,5 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
         return 0;
     return v3_asid_validate_path_internal(NULL, chain, ext);
 }
+
+#endif                          /* OPENSSL_NO_RFC3779 */
index b03c323..61d9772 100644 (file)
@@ -322,8 +322,10 @@ int X509_supported_extension(X509_EXTENSION *ex)
         NID_basic_constraints,  /* 87 */
         NID_certificate_policies, /* 89 */
         NID_ext_key_usage,      /* 126 */
+#ifndef OPENSSL_NO_RFC3779
         NID_sbgp_ipAddrBlock,   /* 290 */
         NID_sbgp_autonomousSysNum, /* 291 */
+#endif
         NID_policy_constraints, /* 401 */
         NID_proxyCertInfo,      /* 663 */
         NID_name_constraints,   /* 666 */
@@ -503,9 +505,11 @@ static void x509v3_cache_extensions(X509 *x)
         x->ex_flags |= EXFLAG_INVALID;
     setup_crldp(x);
 
+#ifndef OPENSSL_NO_RFC3779
     x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
     x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
                                        NULL, NULL);
+#endif
     for (i = 0; i < X509_get_ext_count(x); i++) {
         ex = X509_get_ext(x, i);
         if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
index 708a695..02138cb 100644 (file)
@@ -201,8 +201,10 @@ struct x509_st {
     STACK_OF(DIST_POINT) *crldp;
     STACK_OF(GENERAL_NAME) *altname;
     NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
     STACK_OF(IPAddressFamily) *rfc3779_addr;
     struct ASIdentifiers_st *rfc3779_asid;
+# endif
     unsigned char sha1_hash[SHA_DIGEST_LENGTH];
     X509_CERT_AUX *aux;
 } /* X509 */ ;
index 19fcb39..280b9c1 100644 (file)
@@ -756,6 +756,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)
 
+#ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {
     ASN1_INTEGER *min, *max;
 } ASRange;
@@ -898,6 +899,7 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
 int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
                                   IPAddrBlocks *ext, int allow_inheritance);
 
+#endif                         /* OPENSSL_NO_RFC3779 */
 /* BEGIN ERROR CODES */
 /*
  * The following lines are auto generated by the script mkerr.pl. Any changes
index c1c3060..35c44ec 100755 (executable)
@@ -292,6 +292,7 @@ $ CONFIG_LOGICALS := AES,-
                     RC2,-
                     RC4,-
                     RC5,-
+                    RFC3779,-
                     RMD160,-
                     RSA,-
                     SCTP,-
index fd8375d..d7d4049 100755 (executable)
@@ -3412,106 +3412,106 @@ EVP_camellia_256_cfb8                   3810  EXIST::FUNCTION:CAMELLIA
 EVP_camellia_256_ecb                    3811   EXIST::FUNCTION:CAMELLIA
 EVP_camellia_256_ofb                    3812   EXIST::FUNCTION:CAMELLIA
 a2i_ipadd                               3813   EXIST::FUNCTION:
-ASIdentifiers_free                      3814   EXIST::FUNCTION:
-i2d_ASIdOrRange                         3815   EXIST::FUNCTION:
+ASIdentifiers_free                      3814   EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange                         3815   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_block_size                   3816   EXIST::FUNCTION:
-v3_asid_is_canonical                    3817   EXIST::FUNCTION:
-IPAddressChoice_free                    3818   EXIST::FUNCTION:
+v3_asid_is_canonical                    3817   EXIST::FUNCTION:RFC3779
+IPAddressChoice_free                    3818   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_set_app_data             3819   EXIST::FUNCTION:
 BIO_set_callback_arg                    3820   EXIST::FUNCTION:
-v3_addr_add_prefix                      3821   EXIST::FUNCTION:
-IPAddressOrRange_it                     3822   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressOrRange_it                     3822   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_add_prefix                      3821   EXIST::FUNCTION:RFC3779
+IPAddressOrRange_it                     3822   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it                     3822   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 BIO_set_flags                           3823   EXIST::FUNCTION:
-ASIdentifiers_it                        3824   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdentifiers_it                        3824   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-v3_addr_get_range                       3825   EXIST::FUNCTION:
+ASIdentifiers_it                        3824   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it                        3824   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_get_range                       3825   EXIST::FUNCTION:RFC3779
 BIO_method_type                         3826   EXIST::FUNCTION:
-v3_addr_inherits                        3827   EXIST::FUNCTION:
-IPAddressChoice_it                      3828   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressChoice_it                      3828   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_inherits                        3827   EXIST::FUNCTION:RFC3779
+IPAddressChoice_it                      3828   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it                      3828   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 AES_ige_encrypt                         3829   EXIST::FUNCTION:AES
-v3_addr_add_range                       3830   EXIST::FUNCTION:
+v3_addr_add_range                       3830   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_nid                      3831   EXIST::FUNCTION:
-d2i_ASRange                             3832   EXIST::FUNCTION:
-v3_addr_add_inherit                     3833   EXIST::FUNCTION:
-v3_asid_add_id_or_range                 3834   EXIST::FUNCTION:
-v3_addr_validate_resource_set           3835   EXIST::FUNCTION:
+d2i_ASRange                             3832   EXIST::FUNCTION:RFC3779
+v3_addr_add_inherit                     3833   EXIST::FUNCTION:RFC3779
+v3_asid_add_id_or_range                 3834   EXIST::FUNCTION:RFC3779
+v3_addr_validate_resource_set           3835   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_iv_length                    3836   EXIST::FUNCTION:
 EVP_MD_type                             3837   EXIST::FUNCTION:
-v3_asid_canonize                        3838   EXIST::FUNCTION:
-IPAddressRange_free                     3839   EXIST::FUNCTION:
-v3_asid_add_inherit                     3840   EXIST::FUNCTION:
+v3_asid_canonize                        3838   EXIST::FUNCTION:RFC3779
+IPAddressRange_free                     3839   EXIST::FUNCTION:RFC3779
+v3_asid_add_inherit                     3840   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_key_length               3841   EXIST::FUNCTION:
-IPAddressRange_new                      3842   EXIST::FUNCTION:
-ASIdOrRange_new                         3843   EXIST::FUNCTION:
+IPAddressRange_new                      3842   EXIST::FUNCTION:RFC3779
+ASIdOrRange_new                         3843   EXIST::FUNCTION:RFC3779
 EVP_MD_size                             3844   EXIST::FUNCTION:
 EVP_MD_CTX_test_flags                   3845   EXIST::FUNCTION:
 BIO_clear_flags                         3846   EXIST::FUNCTION:
-i2d_ASRange                             3847   EXIST::FUNCTION:
-IPAddressRange_it                       3848   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressRange_it                       3848   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-IPAddressChoice_new                     3849   EXIST::FUNCTION:
-ASIdentifierChoice_new                  3850   EXIST::FUNCTION:
-ASRange_free                            3851   EXIST::FUNCTION:
+i2d_ASRange                             3847   EXIST::FUNCTION:RFC3779
+IPAddressRange_it                       3848   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it                       3848   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+IPAddressChoice_new                     3849   EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_new                  3850   EXIST::FUNCTION:RFC3779
+ASRange_free                            3851   EXIST::FUNCTION:RFC3779
 EVP_MD_pkey_type                        3852   EXIST::FUNCTION:
 EVP_MD_CTX_clear_flags                  3853   EXIST::FUNCTION:
-IPAddressFamily_free                    3854   EXIST::FUNCTION:
-i2d_IPAddressFamily                     3855   EXIST::FUNCTION:
-IPAddressOrRange_new                    3856   EXIST::FUNCTION:
+IPAddressFamily_free                    3854   EXIST::FUNCTION:RFC3779
+i2d_IPAddressFamily                     3855   EXIST::FUNCTION:RFC3779
+IPAddressOrRange_new                    3856   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_flags                        3857   EXIST::FUNCTION:
-v3_asid_validate_resource_set           3858   EXIST::FUNCTION:
-d2i_IPAddressRange                      3859   EXIST::FUNCTION:
+v3_asid_validate_resource_set           3858   EXIST::FUNCTION:RFC3779
+d2i_IPAddressRange                      3859   EXIST::FUNCTION:RFC3779
 AES_bi_ige_encrypt                      3860   EXIST::FUNCTION:AES
 BIO_get_callback                        3861   EXIST::FUNCTION:
-IPAddressOrRange_free                   3862   EXIST::FUNCTION:
-v3_addr_subset                          3863   EXIST::FUNCTION:
-d2i_IPAddressFamily                     3864   EXIST::FUNCTION:
-v3_asid_subset                          3865   EXIST::FUNCTION:
+IPAddressOrRange_free                   3862   EXIST::FUNCTION:RFC3779
+v3_addr_subset                          3863   EXIST::FUNCTION:RFC3779
+d2i_IPAddressFamily                     3864   EXIST::FUNCTION:RFC3779
+v3_asid_subset                          3865   EXIST::FUNCTION:RFC3779
 BIO_test_flags                          3866   EXIST::FUNCTION:
-i2d_ASIdentifierChoice                  3867   EXIST::FUNCTION:
-ASRange_it                              3868   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASRange_it                              3868   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_ASIdentifiers                       3869   EXIST::FUNCTION:
-ASRange_new                             3870   EXIST::FUNCTION:
-d2i_IPAddressChoice                     3871   EXIST::FUNCTION:
-v3_addr_get_afi                         3872   EXIST::FUNCTION:
+i2d_ASIdentifierChoice                  3867   EXIST::FUNCTION:RFC3779
+ASRange_it                              3868   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it                              3868   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+d2i_ASIdentifiers                       3869   EXIST::FUNCTION:RFC3779
+ASRange_new                             3870   EXIST::FUNCTION:RFC3779
+d2i_IPAddressChoice                     3871   EXIST::FUNCTION:RFC3779
+v3_addr_get_afi                         3872   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_key_length                   3873   EXIST::FUNCTION:
 EVP_Cipher                              3874   EXIST::FUNCTION:
-i2d_IPAddressOrRange                    3875   EXIST::FUNCTION:
-ASIdOrRange_it                          3876   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdOrRange_it                          3876   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_IPAddressOrRange                    3875   EXIST::FUNCTION:RFC3779
+ASIdOrRange_it                          3876   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it                          3876   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 EVP_CIPHER_nid                          3877   EXIST::FUNCTION:
-i2d_IPAddressChoice                     3878   EXIST::FUNCTION:
+i2d_IPAddressChoice                     3878   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_block_size               3879   EXIST::FUNCTION:
-ASIdentifiers_new                       3880   EXIST::FUNCTION:
-v3_addr_validate_path                   3881   EXIST::FUNCTION:
-IPAddressFamily_new                     3882   EXIST::FUNCTION:
+ASIdentifiers_new                       3880   EXIST::FUNCTION:RFC3779
+v3_addr_validate_path                   3881   EXIST::FUNCTION:RFC3779
+IPAddressFamily_new                     3882   EXIST::FUNCTION:RFC3779
 EVP_MD_CTX_set_flags                    3883   EXIST::FUNCTION:
-v3_addr_is_canonical                    3884   EXIST::FUNCTION:
-i2d_IPAddressRange                      3885   EXIST::FUNCTION:
-IPAddressFamily_it                      3886   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-IPAddressFamily_it                      3886   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-v3_asid_inherits                        3887   EXIST::FUNCTION:
+v3_addr_is_canonical                    3884   EXIST::FUNCTION:RFC3779
+i2d_IPAddressRange                      3885   EXIST::FUNCTION:RFC3779
+IPAddressFamily_it                      3886   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it                      3886   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_inherits                        3887   EXIST::FUNCTION:RFC3779
 EVP_CIPHER_CTX_cipher                   3888   EXIST::FUNCTION:
 EVP_CIPHER_CTX_get_app_data             3889   EXIST::FUNCTION:
 EVP_MD_block_size                       3890   EXIST::FUNCTION:
 EVP_CIPHER_CTX_flags                    3891   EXIST::FUNCTION:
-v3_asid_validate_path                   3892   EXIST::FUNCTION:
-d2i_IPAddressOrRange                    3893   EXIST::FUNCTION:
-v3_addr_canonize                        3894   EXIST::FUNCTION:
-ASIdentifierChoice_it                   3895   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASIdentifierChoice_it                   3895   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_asid_validate_path                   3892   EXIST::FUNCTION:RFC3779
+d2i_IPAddressOrRange                    3893   EXIST::FUNCTION:RFC3779
+v3_addr_canonize                        3894   EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_it                   3895   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it                   3895   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
 EVP_MD_CTX_md                           3896   EXIST::FUNCTION:
-d2i_ASIdentifierChoice                  3897   EXIST::FUNCTION:
+d2i_ASIdentifierChoice                  3897   EXIST::FUNCTION:RFC3779
 BIO_method_name                         3898   EXIST::FUNCTION:
 EVP_CIPHER_CTX_iv_length                3899   EXIST::FUNCTION:
-ASIdOrRange_free                        3900   EXIST::FUNCTION:
-ASIdentifierChoice_free                 3901   EXIST::FUNCTION:
+ASIdOrRange_free                        3900   EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_free                 3901   EXIST::FUNCTION:RFC3779
 BIO_get_callback_arg                    3902   EXIST::FUNCTION:
 BIO_set_callback                        3903   EXIST::FUNCTION:
-d2i_ASIdOrRange                         3904   EXIST::FUNCTION:
-i2d_ASIdentifiers                       3905   EXIST::FUNCTION:
+d2i_ASIdOrRange                         3904   EXIST::FUNCTION:RFC3779
+i2d_ASIdentifiers                       3905   EXIST::FUNCTION:RFC3779
 CRYPTO_memcmp                           3906   EXIST::FUNCTION:
 BN_consttime_swap                       3907   EXIST::FUNCTION:
 SEED_decrypt                            3908   EXIST::FUNCTION:SEED
index b21d03b..26fa209 100755 (executable)
@@ -80,6 +80,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "FP_API", "STDIO", "SOCK", "DGRAM",
                         # Engines
                         "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+                        # RFC3779
+                        "RFC3779",
                         # TLS
                         "PSK", "SRP", "HEARTBEATS",
                         # CMS
@@ -124,7 +126,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
 my $no_rsa; my $no_dsa; my $no_dh; my $no_aes;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_psk; my $no_cms; my $no_capieng;
+my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
 my $no_unit_test; my $no_ssl3_method; my $no_ocb;
@@ -213,6 +215,7 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-engine$/)   { $no_engine=1; }
        elsif (/^no-hw$/)       { $no_hw=1; }
        elsif (/^no-gmp$/)      { $no_gmp=1; }
+       elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
        elsif (/^no-cms$/)      { $no_cms=1; }
        elsif (/^no-ec2m$/)     { $no_ec2m=1; }
        elsif (/^no-ec-nistp224-64-gcc-128$/)   { $no_nistp_gcc=1; }
@@ -1197,6 +1200,7 @@ sub is_valid
                        if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
                        if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
                        if ($keyword eq "GMP" && $no_gmp) { return 0; }
+                       if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
                        if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "CMS" && $no_cms) { return 0; }
                        if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)