19 years agoGeneral improvements to the ec_asn1.c code. This squashes at least one bug
Geoff Thorpe [Mon, 10 Nov 2003 18:09:18 +0000 (18:09 +0000)]
General improvements to the ec_asn1.c code. This squashes at least one bug
(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

19 years agoAvoid possible memory leaks in error-handling.
Geoff Thorpe [Mon, 10 Nov 2003 18:05:22 +0000 (18:05 +0000)]
Avoid possible memory leaks in error-handling.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

19 years agoPrint out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
Dr. Stephen Henson [Mon, 10 Nov 2003 01:37:23 +0000 (01:37 +0000)]
Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().

19 years agoGeoff suggested a more succinct description for "top".
Ulf Möller [Fri, 7 Nov 2003 01:33:00 +0000 (01:33 +0000)]
Geoff suggested a more succinct description for "top".

19 years agooops... the description of ->top was inaccurate (the example is correct though)
Ulf Möller [Fri, 7 Nov 2003 00:07:28 +0000 (00:07 +0000)]
oops... the description of ->top was inaccurate (the example is correct though)

19 years agoThis extends the debugging macros to use "pollution" during
Geoff Thorpe [Thu, 6 Nov 2003 23:24:44 +0000 (23:24 +0000)]
This extends the debugging macros to use "pollution" during
bn_correct_top(), previously only bn_check_top() did this.

19 years agoAdd debug-screening of input parameters to some functions I'd missed
Geoff Thorpe [Thu, 6 Nov 2003 23:13:04 +0000 (23:13 +0000)]
Add debug-screening of input parameters to some functions I'd missed

19 years agoPut more debug screening in BN_div() and correct a comment.
Geoff Thorpe [Thu, 6 Nov 2003 23:11:07 +0000 (23:11 +0000)]
Put more debug screening in BN_div() and correct a comment.

19 years agoThis is a revert of my previous commit to "improve" the declaration of
Geoff Thorpe [Wed, 5 Nov 2003 19:30:29 +0000 (19:30 +0000)]
This is a revert of my previous commit to "improve" the declaration of
constant BIGNUMs. It turns out that this trips up different but equally
useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness
it created. (Thanks to Ulf for the forehead-slap.)

19 years agotypo in comment
Ulf Möller [Wed, 5 Nov 2003 17:28:59 +0000 (17:28 +0000)]
typo in comment

19 years agocleanup as discussed with Geoff
Ulf Möller [Wed, 5 Nov 2003 17:28:25 +0000 (17:28 +0000)]
cleanup as discussed with Geoff

19 years agoCygwin debugging
Ulf Möller [Wed, 5 Nov 2003 17:27:13 +0000 (17:27 +0000)]
Cygwin debugging

19 years agoPut the first stage of my bignum debugging adventures into CVS. This code
Geoff Thorpe [Tue, 4 Nov 2003 22:54:49 +0000 (22:54 +0000)]
Put the first stage of my bignum debugging adventures into CVS. This code
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least

19 years agoAvoid some shadowed variable names.
Geoff Thorpe [Tue, 4 Nov 2003 00:51:32 +0000 (00:51 +0000)]
Avoid some shadowed variable names.
Submitted by: Nils Larsch

19 years agoThis is the least unacceptable way I've found for declaring the bignum data
Geoff Thorpe [Tue, 4 Nov 2003 00:29:09 +0000 (00:29 +0000)]
This is the least unacceptable way I've found for declaring the bignum data
and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.

19 years agoEngines are usually binary, and should therefore be in INSTALLTOP
Richard Levitte [Fri, 31 Oct 2003 10:48:48 +0000 (10:48 +0000)]
Engines are usually binary, and should therefore be in INSTALLTOP
rather than OPENSSLDIR.

19 years agoLet exit codes propagate from within for loops.
Richard Levitte [Fri, 31 Oct 2003 06:58:24 +0000 (06:58 +0000)]
Let exit codes propagate from within for loops.

19 years agobn_div() does some pretty nasty things with temporary variables,
Geoff Thorpe [Fri, 31 Oct 2003 01:35:16 +0000 (01:35 +0000)]
bn_div() does some pretty nasty things with temporary variables,
constructing BIGNUM structures with pointers offset into other bignums
(among other things). This corrects some of it that is too plainly insane,
and tries to ensure that bignums are normalised when passed to other

19 years agoWhen a BN_CTX is used for temporary workspace, the variables are sometimes
Geoff Thorpe [Thu, 30 Oct 2003 01:07:56 +0000 (01:07 +0000)]
When a BN_CTX is used for temporary workspace, the variables are sometimes
left in an inconsistent state when they are released for later reuse. This
change resets the BIGNUMs when they are released back to the context.

19 years agoThis fixes a couple of cases where an inconsistent BIGNUM could be passed as
Geoff Thorpe [Thu, 30 Oct 2003 01:03:31 +0000 (01:03 +0000)]
This fixes a couple of cases where an inconsistent BIGNUM could be passed as
input to a function.

19 years agomake update
Geoff Thorpe [Wed, 29 Oct 2003 23:25:52 +0000 (23:25 +0000)]
make update

19 years agoTighten up my compiler settings.
Geoff Thorpe [Wed, 29 Oct 2003 23:25:34 +0000 (23:25 +0000)]
Tighten up my compiler settings.

19 years agoRemove a line that was causing redundant declarations.
Geoff Thorpe [Wed, 29 Oct 2003 22:55:19 +0000 (22:55 +0000)]
Remove a line that was causing redundant declarations.
Obtained from: Stephen Henson <>

19 years agoCopy-n-paste bug (don't mix variable declarations and code). This sets the
Geoff Thorpe [Wed, 29 Oct 2003 22:30:45 +0000 (22:30 +0000)]
Copy-n-paste bug (don't mix variable declarations and code). This sets the
callback structure just before it is needed.

19 years agoOops, this file already had the "empty source file" workaround but it
Geoff Thorpe [Wed, 29 Oct 2003 22:25:04 +0000 (22:25 +0000)]
Oops, this file already had the "empty source file" workaround but it
requires -DPEDANTIC and was hidden at the bottom of the file. This moves it
to the top and removes the redundant declaration.

19 years agoMake md32_common.h friendlier to compiler warnings.
Geoff Thorpe [Wed, 29 Oct 2003 20:55:03 +0000 (20:55 +0000)]
Make md32_common.h friendlier to compiler warnings.
Obtained from: Andy Polyakov <>

19 years agoSome provisional bignum debugging has begun to detect inconsistent BIGNUM
Geoff Thorpe [Wed, 29 Oct 2003 20:47:49 +0000 (20:47 +0000)]
Some provisional bignum debugging has begun to detect inconsistent BIGNUM
structures being passed in to or out of API functions, and this corrects a
couple of cases found so far.

Also, lop off a couple of bytes of white-space.

19 years agoA general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
Geoff Thorpe [Wed, 29 Oct 2003 20:24:15 +0000 (20:24 +0000)]
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

19 years agoBN_CTX is opaque and the static initialiser BN_CTX_init() is not used
Geoff Thorpe [Wed, 29 Oct 2003 18:04:37 +0000 (18:04 +0000)]
BN_CTX is opaque and the static initialiser BN_CTX_init() is not used
except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.

19 years agoRemoving those memcpy()s also took away the possibility for in and out to
Richard Levitte [Wed, 29 Oct 2003 06:21:22 +0000 (06:21 +0000)]
Removing those memcpy()s also took away the possibility for in and out to
be the same.  Therefore, the removed memcpy()s need to be restored.

19 years agoremove accidentally committed debugging cruft.
Geoff Thorpe [Wed, 29 Oct 2003 05:35:31 +0000 (05:35 +0000)]
remove accidentally committed debugging cruft.

19 years agoRemove an unnecessary cast that causes certain compilers (eg. mine) some
Geoff Thorpe [Wed, 29 Oct 2003 05:00:57 +0000 (05:00 +0000)]
Remove an unnecessary cast that causes certain compilers (eg. mine) some
confusion. Also silence a couple of signed/unsigned warnings.

19 years agoRemove redundant declaration.
Geoff Thorpe [Wed, 29 Oct 2003 04:58:23 +0000 (04:58 +0000)]
Remove redundant declaration.

19 years agoRelax some over-zealous constification that gave some lhash-based code no
Geoff Thorpe [Wed, 29 Oct 2003 04:57:05 +0000 (04:57 +0000)]
Relax some over-zealous constification that gave some lhash-based code no
choice but to have to cast away "const" qualifiers from their prototypes.
This does not remove constification restrictions from hash/compare
callbacks, but allows destructor commands to be run over a tables' elements
without bad casts.

19 years agoComments out some unimplemented functions instead of redeclaring them.
Geoff Thorpe [Wed, 29 Oct 2003 04:42:29 +0000 (04:42 +0000)]
Comments out some unimplemented functions instead of redeclaring them.

19 years agoAvoid "empty source file" warnings.
Geoff Thorpe [Wed, 29 Oct 2003 04:41:19 +0000 (04:41 +0000)]
Avoid "empty source file" warnings.

19 years agoFor whatever reason (compiler or header bugs), at least one commonly-used
Geoff Thorpe [Wed, 29 Oct 2003 04:40:13 +0000 (04:40 +0000)]
For whatever reason (compiler or header bugs), at least one commonly-used
linux system (namely mine) chokes on our definitions and uses of the "HZ"
symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast"
(when in fact there is no function casting involved at all). In both cases,
it is easily worked around by not defining a cast into the macro and
jiggling the expressions slightly.

In addition - this highlights some cruft in openssl that needs sorting out.
The tmdiff.h header is exported as part of the openssl API despite the fact
that it is ugly as the driven sludge and not used anywhere in the library,
applications, or utilities. More weird still, almost identical code exists
in apps/speed.c though it looks to be slightly tweaked - so either tmdiff
should be updated and used by speed.c, or it should be dumped because it's
obviously not useful enough.

Rather than removing it for now, I've changed the API for tmdiff to at
least make sense. This involves taking the object type (MS_TM) from the
implementation and using it in the header rather than using "char *" in the
API and casting mercilessly in the code (ugh). If someone doesn't like
"MS_TM" and the "ms_time_***" naming, by all means change it. This should
be a harmless improvement, because the existing API is clearly not very
useful (eg. we reimplement it rather than using it in our own utils).

However, someone still needs to take a hack at consolidating speed.c and
tmdiff.[ch] somehow.

19 years agoUpdate any code that was using deprecated functions so that everything builds
Geoff Thorpe [Wed, 29 Oct 2003 04:14:08 +0000 (04:14 +0000)]
Update any code that was using deprecated functions so that everything builds
and links with OPENSSL_NO_DEPRECATED defined.

19 years agoWhen OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should
Geoff Thorpe [Wed, 29 Oct 2003 04:06:50 +0000 (04:06 +0000)]
When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should
be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either.

19 years agoThe "cryptodev" engine preprocessor logic used undefined symbols in
Geoff Thorpe [Wed, 29 Oct 2003 04:00:14 +0000 (04:00 +0000)]
The "cryptodev" engine preprocessor logic used undefined symbols in
comparisons. It's better not to allow this, because it gives false
positives when using compiler warnings that detect mistyped symbols.

19 years agoAdd my own debug config target.
Geoff Thorpe [Tue, 28 Oct 2003 22:57:18 +0000 (22:57 +0000)]
Add my own debug config target.

19 years agomake update
Geoff Thorpe [Tue, 28 Oct 2003 22:10:47 +0000 (22:10 +0000)]
make update

19 years agoIgnore derived file.
Geoff Thorpe [Tue, 28 Oct 2003 17:26:46 +0000 (17:26 +0000)]
Ignore derived file.

19 years agocrypto/evp/evptests.txt is copied to tests/ rather than symlinked because
Geoff Thorpe [Tue, 28 Oct 2003 17:24:29 +0000 (17:24 +0000)]
crypto/evp/evptests.txt is copied to tests/ rather than symlinked because
of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs
noise for the copied version.

19 years agoRemove duplicate prototypes have already been (correctly) added to rsa.h,
Geoff Thorpe [Fri, 24 Oct 2003 16:17:11 +0000 (16:17 +0000)]
Remove duplicate prototypes have already been (correctly) added to rsa.h,
as this is already included by x509.h anyway.

19 years agoCorrect serious bug in AES-CBC decryption when the message length isn't
Richard Levitte [Wed, 15 Oct 2003 09:00:14 +0000 (09:00 +0000)]
Correct serious bug in AES-CBC decryption when the message length isn't
a multiple of AES_BLOCK_SIZE.
Optimize decryption of all complete blocks in AES-CBC by removing an
unnecessary memcpy().

The error was notified by James Fernandes <>.
The unnecessary memcpy() was found as an effect of investigating that error.

19 years agoThe object file is o_str.o, not o_str.c.
Richard Levitte [Mon, 13 Oct 2003 11:34:40 +0000 (11:34 +0000)]
The object file is o_str.o, not o_str.c.

Thanks to Peter Sylvester <> for the notification.

19 years agoAdd support for digested data PKCS#7 type.
Dr. Stephen Henson [Sat, 11 Oct 2003 22:11:45 +0000 (22:11 +0000)]
Add support for digested data PKCS#7 type.

19 years agoSimplify cipher and digest lookup in PKCS#7 code.
Dr. Stephen Henson [Sat, 11 Oct 2003 16:46:40 +0000 (16:46 +0000)]
Simplify cipher and digest lookup in PKCS#7 code.

19 years agoNew function to initialize a PKCS7 structure of type other.
Dr. Stephen Henson [Fri, 10 Oct 2003 23:40:47 +0000 (23:40 +0000)]
New function to initialize a PKCS7 structure of type other.

19 years agoInitialize digested data type in PKCS7_set_type().
Dr. Stephen Henson [Fri, 10 Oct 2003 23:31:53 +0000 (23:31 +0000)]
Initialize digested data type in PKCS7_set_type().

19 years agoRetrieve correct content to sign when the
Dr. Stephen Henson [Fri, 10 Oct 2003 23:25:43 +0000 (23:25 +0000)]
Retrieve correct content to sign when the
type is "other".

19 years agoAvoid warnings: add missing prototype, don't shadow.
Dr. Stephen Henson [Fri, 10 Oct 2003 23:07:24 +0000 (23:07 +0000)]
Avoid warnings: add missing prototype, don't shadow.

19 years agoIn realloc, don't destroy the old memory area if a new one couldn't be
Richard Levitte [Tue, 7 Oct 2003 12:09:39 +0000 (12:09 +0000)]
In realloc, don't destroy the old memory area if a new one couldn't be
Notified by Daniel Lucq <>

19 years agomake update
Richard Levitte [Mon, 6 Oct 2003 12:22:42 +0000 (12:22 +0000)]
make update

19 years agos_client should inform the user of any compression/expansion methods used.
Richard Levitte [Mon, 6 Oct 2003 12:19:38 +0000 (12:19 +0000)]
s_client should inform the user of any compression/expansion methods used.

19 years agoAdd functionality to get information on compression methods (not quite complete).
Richard Levitte [Mon, 6 Oct 2003 12:18:39 +0000 (12:18 +0000)]
Add functionality to get information on compression methods (not quite complete).

19 years agoMake sure int SSL_COMP_add_compression_method() checks if a certain
Richard Levitte [Mon, 6 Oct 2003 11:00:15 +0000 (11:00 +0000)]
Make sure int SSL_COMP_add_compression_method() checks if a certain
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or

19 years agoSetting the ex_data index is unsafe in a threaded environment, so
Richard Levitte [Mon, 6 Oct 2003 09:09:44 +0000 (09:09 +0000)]
Setting the ex_data index is unsafe in a threaded environment, so
let's wrap it with a lock.

19 years agoRemove unused code, don't use zlib functions that are really macros
Richard Levitte [Sat, 4 Oct 2003 09:09:19 +0000 (09:09 +0000)]
Remove unused code, don't use zlib functions that are really macros
and provide missing prototypes.

19 years agoCheck for errors from SSL_COMP_add_compression_method().
Richard Levitte [Thu, 2 Oct 2003 10:41:48 +0000 (10:41 +0000)]
Check for errors from SSL_COMP_add_compression_method().
Notified by Andrew Marlow <>

19 years agoCorrect a mixup of return values
Richard Levitte [Thu, 2 Oct 2003 10:38:44 +0000 (10:38 +0000)]
Correct a mixup of return values

19 years agoInclude e_os.h to get a proper definition of memmove on the platforms
Richard Levitte [Wed, 1 Oct 2003 20:43:03 +0000 (20:43 +0000)]
Include e_os.h to get a proper definition of memmove on the platforms
that do not have it.

19 years agoCorrected misplacement of one of the greps...
Richard Levitte [Wed, 1 Oct 2003 15:06:36 +0000 (15:06 +0000)]
Corrected misplacement of one of the greps...

19 years agoRemove leading and trailing spaces and tabs
Richard Levitte [Wed, 1 Oct 2003 15:04:13 +0000 (15:04 +0000)]
Remove leading and trailing spaces and tabs

19 years agoAvoid 'file names' with spaces
Richard Levitte [Wed, 1 Oct 2003 15:03:15 +0000 (15:03 +0000)]
Avoid 'file names' with spaces

19 years agoUse correct case for manual page references
Richard Levitte [Wed, 1 Oct 2003 15:02:45 +0000 (15:02 +0000)]
Use correct case for manual page references

19 years agoCorrect incorrect mode bits change.
Richard Levitte [Tue, 30 Sep 2003 17:31:48 +0000 (17:31 +0000)]
Correct incorrect mode bits change.

19 years agoCorrect buggy PODs (missing commas and a prepended space).
Richard Levitte [Tue, 30 Sep 2003 17:22:19 +0000 (17:22 +0000)]
Correct buggy PODs (missing commas and a prepended space).

19 years agoASN1 parse fix and release file changes.
Dr. Stephen Henson [Tue, 30 Sep 2003 16:47:33 +0000 (16:47 +0000)]
ASN1 parse fix and release file changes.

19 years agoFurther VxWorks changes from Bob Bradley <>, this
Richard Levitte [Sun, 28 Sep 2003 14:06:57 +0000 (14:06 +0000)]
Further VxWorks changes from Bob Bradley <>, this
time involving VxWorks on MIPS

19 years agoSynchronise util/libeay.num with the 0.9.7-stable one.
Richard Levitte [Sun, 28 Sep 2003 09:34:50 +0000 (09:34 +0000)]
Synchronise util/libeay.num with the 0.9.7-stable one.
make update

19 years agoUhmm, It seem to have forgotten one file when I committed the MSDOS
Richard Levitte [Sun, 28 Sep 2003 07:11:33 +0000 (07:11 +0000)]
Uhmm, It seem to have forgotten one file when I committed the MSDOS
change yesterday.
PR: 669

19 years agoChange the indentation from 12 to indent+4.
Richard Levitte [Sat, 27 Sep 2003 22:48:33 +0000 (22:48 +0000)]
Change the indentation from 12 to indent+4.
PR: 657

19 years agoMake MD5 assembler code able to handle messages larger than 2GB on 32-bit
Richard Levitte [Sat, 27 Sep 2003 22:14:39 +0000 (22:14 +0000)]
Make MD5 assembler code able to handle messages larger than 2GB on 32-bit
systems and above.
PR: 664

19 years agoSelected changes for MSDOS, contributed by Gisle Vanem <>.
Richard Levitte [Sat, 27 Sep 2003 21:56:08 +0000 (21:56 +0000)]
Selected changes for MSDOS, contributed by Gisle Vanem <>.
PR: 669

19 years agoAdd reference counting around the thread state hash table.
Richard Levitte [Sat, 27 Sep 2003 20:29:05 +0000 (20:29 +0000)]
Add reference counting around the thread state hash table.
Unfortunately, this means that the dynamic ENGINE version just went up, and
isn't backward compatible.
PR: 678

19 years agoHave ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
Richard Levitte [Sat, 27 Sep 2003 19:32:06 +0000 (19:32 +0000)]
Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
PR: 679

19 years agoHave ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
Richard Levitte [Sat, 27 Sep 2003 19:27:06 +0000 (19:27 +0000)]
Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
PR: 680

19 years agoInclude the instance in the Kerberos ticket information.
Richard Levitte [Sat, 27 Sep 2003 17:55:13 +0000 (17:55 +0000)]
Include the instance in the Kerberos ticket information.
In s_server, print the received Kerberos information.
PR: 693

19 years agoCorrect small documentation error.
Richard Levitte [Sat, 27 Sep 2003 10:39:16 +0000 (10:39 +0000)]
Correct small documentation error.
PR: 698

19 years agoFree the Kerberos context upon freeing the SSL.
Richard Levitte [Sat, 27 Sep 2003 07:35:07 +0000 (07:35 +0000)]
Free the Kerberos context upon freeing the SSL.
Contributed by Andrew Mann <>

19 years agoAdd necessary changes to be able to build on VxWorks for PPC860.
Richard Levitte [Sat, 27 Sep 2003 07:34:49 +0000 (07:34 +0000)]
Add necessary changes to be able to build on VxWorks for PPC860.
Contributed by Bob Bradley <>

19 years agoFix prime generation loop in crypto/bn/ by making
Ralf S. Engelschall [Thu, 25 Sep 2003 13:57:58 +0000 (13:57 +0000)]
Fix prime generation loop in crypto/bn/ by making
sure the loop does correctly stop and breaking ("division by zero")
modulus operations are not performed. The (pre-generated) prime
table crypto/bn/bn_prime.h was already correct, but it could not be
re-generated on some platforms because of the "division by zero"
situation in the script.

19 years agoAdd -passin support to rsautl
Dr. Stephen Henson [Sun, 21 Sep 2003 02:20:02 +0000 (02:20 +0000)]
Add -passin support to rsautl

19 years agoIn order to get the expected self signed error when
Dr. Stephen Henson [Sun, 21 Sep 2003 02:18:15 +0000 (02:18 +0000)]
In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.

19 years agoTypos.
Dr. Stephen Henson [Tue, 9 Sep 2003 23:44:39 +0000 (23:44 +0000)]

19 years agoGeneralise the definition of strcasecmp() and strncasecmp() for
Richard Levitte [Tue, 9 Sep 2003 14:48:36 +0000 (14:48 +0000)]
Generalise the definition of strcasecmp() and strncasecmp() for
platforms that don't (necessarely) have it.  In the case of VMS, this
means moving a couple of functions from apps/ to crypto/ and make them
general (although only used privately).

19 years agoThese should be write-locks, not read-locks.
Geoff Thorpe [Mon, 8 Sep 2003 15:47:55 +0000 (15:47 +0000)]
These should be write-locks, not read-locks.

19 years agocertain changes have to be listed twice in this file because OpenSSL
Bodo Möller [Thu, 4 Sep 2003 12:52:56 +0000 (12:52 +0000)]
certain changes have to be listed twice in this file because OpenSSL
0.9.6h forked into 0.9.6i and 0.9.7 ...

19 years agoNew -ignore_err option in ocsp application to stop the server
Dr. Stephen Henson [Wed, 3 Sep 2003 23:56:01 +0000 (23:56 +0000)]
New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.

19 years agoOnly accept a client certificate if the server requests
Dr. Stephen Henson [Wed, 3 Sep 2003 23:47:34 +0000 (23:47 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.

19 years agooutlen should be int * in out_utf8.
Dr. Stephen Henson [Thu, 21 Aug 2003 12:32:12 +0000 (12:32 +0000)]
outlen should be int * in out_utf8.

19 years agofix out-of-bounds check in lock_dbg_cb (was too lose to detect all
Bodo Möller [Thu, 14 Aug 2003 10:33:56 +0000 (10:33 +0000)]
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)

PR: 674

19 years agomake sure no error is left in the queue that is intentionally ignored
Bodo Möller [Mon, 11 Aug 2003 18:56:22 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored

19 years agoCorrect two problems, found by Martin Kochanski <>:
Richard Levitte [Thu, 7 Aug 2003 11:57:42 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

19 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:36:25 +0000 (10:36 +0000)]
add OpenSSL license

fix typo

19 years agoInclusion of openssl/engine.h should always be wrapped with a check that
Richard Levitte [Mon, 4 Aug 2003 10:12:36 +0000 (10:12 +0000)]
Inclusion of openssl/engine.h should always be wrapped with a check that
OPENSSL_NO_ENGINE is not defined.

19 years agoAvoid clashes with Win32 names in WinCrypt.h
Dr. Stephen Henson [Wed, 23 Jul 2003 00:10:43 +0000 (00:10 +0000)]
Avoid clashes with Win32 names in WinCrypt.h

19 years agoupdates for draft-ietf-tls-ecc-03.txt
Bodo Möller [Tue, 22 Jul 2003 12:34:21 +0000 (12:34 +0000)]
updates for draft-ietf-tls-ecc-03.txt

Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller