Add new -notext option to 'ca', -pubkey option to spkac.

Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.

diff --git a/CHANGES b/CHANGES
index 4e672597abd960320ebecb7b173b5462b5a6f100..d49e01bdb4b7f0e814a23e6449d2c50d99702f06 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 

+  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+     [Steve Henson]
+

   *) Use a less unusual form of the Miller-Rabin primality test (it used
      a binary algorithm for exponentiation integrated into the Miller-Rabin
      loop, our standard modexp algorithms are faster).
   *) Use a less unusual form of the Miller-Rabin primality test (it used
      a binary algorithm for exponentiation integrated into the Miller-Rabin
      loop, our standard modexp algorithms are faster).

diff --git a/apps/ca.c b/apps/ca.c
index ff11c2a05ac6c9d16375bc7031f42d60aba6d17e..55a7ff781604524cd8fa1d8d4e462bfb376ffbbe 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -200,7 +200,7 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
                         char *enddate, int days, char *ext_sect,LHASH *conf,
                                int verbose);
 static int fix_data(int nid, int *type);
                         char *enddate, int days, char *ext_sect,LHASH *conf,
                                int verbose);
 static int fix_data(int nid, int *type);

-static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);

 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
        char *startdate, char *enddate, int days, int batch, int verbose,
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
        char *startdate, char *enddate, int days, int batch, int verbose,


@@ -247,6 +247,7 @@ int MAIN(int argc, char **argv)
        char *enddate=NULL;
        int days=0;
        int batch=0;
        char *enddate=NULL;
        int days=0;
        int batch=0;

+       int notext=0;

        X509 *x509=NULL;
        X509 *x=NULL;
        BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
        X509 *x509=NULL;
        X509 *x=NULL;
        BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;


@@ -357,6 +358,8 @@ EF_ALIGNMENT=0;
                        if (--argc < 1) goto bad;
                        outdir= *(++argv);
                        }
                        if (--argc < 1) goto bad;
                        outdir= *(++argv);
                        }

+               else if (strcmp(*argv,"-notext") == 0)
+                       notext=1;

                else if (strcmp(*argv,"-batch") == 0)
                        batch=1;
                else if (strcmp(*argv,"-preserveDN") == 0)
                else if (strcmp(*argv,"-batch") == 0)
                        batch=1;
                else if (strcmp(*argv,"-preserveDN") == 0)


@@ -984,8 +987,8 @@ bad:
                                perror(buf[2]);
                                goto err;
                                }
                                perror(buf[2]);
                                goto err;
                                }

-                       write_new_certificate(Cout,x, 0);
-                       write_new_certificate(Sout,x, output_der);
+                       write_new_certificate(Cout,x, 0, notext);
+                       write_new_certificate(Sout,x, output_der, notext);

                        }
 
                if (sk_num(cert_sk))
                        }
 
                if (sk_num(cert_sk))


@@ -1893,17 +1896,16 @@ err:
        return(ok);
        }
 
        return(ok);
        }
 

-static void write_new_certificate(BIO *bp, X509 *x, int output_der)
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)

        {
        {

-       char *f;
-       char buf[256];

 
        if (output_der)
                {
                (void)i2d_X509_bio(bp,x);
                return;
                }
 
        if (output_der)
                {
                (void)i2d_X509_bio(bp,x);
                return;
                }

-
+#if 0
+       /* ??? Not needed since X509_print prints all this stuff anyway */

        f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
        BIO_printf(bp,"issuer :%s\n",f);
 
        f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
        BIO_printf(bp,"issuer :%s\n",f);
 


@@ -1913,10 +1915,9 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
        BIO_puts(bp,"serial :");
        i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
        BIO_puts(bp,"\n\n");
        BIO_puts(bp,"serial :");
        i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
        BIO_puts(bp,"\n\n");

-       X509_print(bp,x);
-       BIO_puts(bp,"\n");
+#endif
+       if(!notext)X509_print(bp,x);

        PEM_write_bio_X509(bp,x);
        PEM_write_bio_X509(bp,x);

-       BIO_puts(bp,"\n");

        }
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
        }
 
 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 7d4a12f56256566cb3eb1bf21bb20620ab42f5f6..47d92cc10d7b65507f42ad2f60e2148d3f81cacc 100644 (file)
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -84,7 +84,7 @@
  * -genkey
  */
 
  * -genkey
  */
 

-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);

 int MAIN(int argc, char **argv)
        {
        DSA *dsa=NULL;
 int MAIN(int argc, char **argv)
        {
        DSA *dsa=NULL;


@@ -225,8 +225,7 @@ bad:
                assert(need_rand);
                BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
                BIO_printf(bio_err,"This could take some time\n");
                assert(need_rand);
                BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
                BIO_printf(bio_err,"This could take some time\n");

-               dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
-                       dsa_cb,(char *)bio_err);
+               dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);

                }
        else if (informat == FORMAT_ASN1)
                dsa=d2i_DSAparams_bio(in,NULL);
                }
        else if (informat == FORMAT_ASN1)
                dsa=d2i_DSAparams_bio(in,NULL);


@@ -350,7 +349,7 @@ end:
        EXIT(ret);
        }
 
        EXIT(ret);
        }
 

-static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)

        {
        char c='*';
 
        {
        char c='*';
 


@@ -358,8 +357,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
        if (p == 1) c='+';
        if (p == 2) c='*';
        if (p == 3) c='\n';
        if (p == 1) c='+';
        if (p == 2) c='*';
        if (p == 3) c='\n';

-       BIO_write((BIO *)arg,&c,1);
-       (void)BIO_flush((BIO *)arg);
+       BIO_write(arg,&c,1);
+       (void)BIO_flush(arg);

 #ifdef LINT
        p=n;
 #endif
 #ifdef LINT
        p=n;
 #endif

diff --git a/apps/rsa.c b/apps/rsa.c
index e5726938a9a023936ba72cf26fdc18eabbb9df03..2df3fe374c8211368b9064b8df254b3b3d9e72f3 100644 (file)
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -271,7 +271,7 @@ bad:
                                }
                        }
                p=(unsigned char *)buf->data;
                                }
                        }
                p=(unsigned char *)buf->data;

-               rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+               rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);

                BUF_MEM_free(buf);
                }
 #endif
                BUF_MEM_free(buf);
                }
 #endif

diff --git a/apps/s_client.c b/apps/s_client.c
index c9b52e6a99ce651738f1c3a4eb9843fa0aa0e71a..0e158121c804a5ad7798afade8dda5c98f38146f 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -376,7 +376,7 @@ bad:
                }
 
 
                }
 
 

-       con=(SSL *)SSL_new(ctx);
+       con=SSL_new(ctx);

 /*     SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
 /*     SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:

diff --git a/apps/s_server.c b/apps/s_server.c
index ac86a8ab4dd31b97f6b909c86763bbd98ef4f7ec..87abdfad893ca333444296e0f947b9436c3cbc04 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -782,7 +782,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 #endif
 
        if (con == NULL) {
 #endif
 
        if (con == NULL) {

-               con=(SSL *)SSL_new(ctx);
+               con=SSL_new(ctx);

                if(context)
                      SSL_set_session_id_context(con, context,
                                                 strlen((char *)context));
                if(context)
                      SSL_set_session_id_context(con, context,
                                                 strlen((char *)context));


@@ -1150,7 +1150,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
        /* lets make the output buffer a reasonable size */
        if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
        /* lets make the output buffer a reasonable size */
        if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 

-       if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+       if ((con=SSL_new(ctx)) == NULL) goto err;

        if(context) SSL_set_session_id_context(con, context,
                                               strlen((char *)context));
 
        if(context) SSL_set_session_id_context(con, context,
                                               strlen((char *)context));
 

diff --git a/apps/s_time.c b/apps/s_time.c
index 1653195b3f30af2fbaf6424f4b1e846a80d30195..c17ede4f417340c02d827b58266b9885b5be9e25 100644 (file)
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -632,7 +632,7 @@ static SSL *doConnection(SSL *scon)
        BIO_set_conn_hostname(conn,host);
 
        if (scon == NULL)
        BIO_set_conn_hostname(conn,host);
 
        if (scon == NULL)

-               serverCon=(SSL *)SSL_new(tm_ctx);
+               serverCon=SSL_new(tm_ctx);

        else
                {
                serverCon=scon;
        else
                {
                serverCon=scon;

diff --git a/apps/spkac.c b/apps/spkac.c
index f25f4ce9a2df123035e4d4a0bc20621863c0b2fb..34b0026e01078e90b8defd5319af47a022f893d7 100644 (file)
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -79,11 +79,11 @@ int MAIN(int argc, char **argv)
        {
        int i,badops=0, ret = 1;
        BIO *in = NULL,*out = NULL, *key = NULL;
        {
        int i,badops=0, ret = 1;
        BIO *in = NULL,*out = NULL, *key = NULL;

-       int verify=0,noout=0;
+       int verify=0,noout=0,pubkey=0;

        char *infile = NULL,*outfile = NULL,*prog;
        char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
        char *challenge = NULL, *keyfile = NULL;
        char *infile = NULL,*outfile = NULL,*prog;
        char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
        char *challenge = NULL, *keyfile = NULL;

-       LHASH *conf;
+       LHASH *conf = NULL;

        NETSCAPE_SPKI *spki = NULL;
        EVP_PKEY *pkey = NULL;
 
        NETSCAPE_SPKI *spki = NULL;
        EVP_PKEY *pkey = NULL;
 


@@ -128,6 +128,8 @@ int MAIN(int argc, char **argv)
                        }
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
                        }
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;

+               else if (strcmp(*argv,"-pubkey") == 0)
+                       pubkey=1;

                else if (strcmp(*argv,"-verify") == 0)
                        verify=1;
                else badops = 1;
                else if (strcmp(*argv,"-verify") == 0)
                        verify=1;
                else badops = 1;


@@ -138,13 +140,16 @@ int MAIN(int argc, char **argv)
        if (badops)
                {
 bad:
        if (badops)
                {
 bad:

-               BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+               BIO_printf(bio_err,"%s [options]\n",prog);

                BIO_printf(bio_err,"where options are\n");
                BIO_printf(bio_err,"where options are\n");

-               BIO_printf(bio_err," -in arg       input file\n");
-               BIO_printf(bio_err," -out arg      output file\n");
-               BIO_printf(bio_err," -spkac arg    alternative SPKAC name\n");
-               BIO_printf(bio_err," -noout        don't print SPKAC\n");
-               BIO_printf(bio_err," -verify       verify SPKAC signature\n");
+               BIO_printf(bio_err," -in arg        input file\n");
+               BIO_printf(bio_err," -out arg       output file\n");
+               BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
+               BIO_printf(bio_err," -challenge arg challenge string\n");
+               BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
+               BIO_printf(bio_err," -noout         don't print SPKAC\n");
+               BIO_printf(bio_err," -pubkey        output public key\n");
+               BIO_printf(bio_err," -verify        verify SPKAC signature\n");

                goto end;
                }
 
                goto end;
                }
 


@@ -180,6 +185,7 @@ bad:
                        goto end;
                }
                BIO_printf(out, "SPKAC=%s\n", spkstr);
                        goto end;
                }
                BIO_printf(out, "SPKAC=%s\n", spkstr);

+               Free(spkstr);

                ret = 0;
                goto end;
        }
                ret = 0;
                goto end;
        }


@@ -212,6 +218,7 @@ bad:
        }
 
        spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
        }
 
        spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);

+       

        if(!spki) {
                BIO_printf(bio_err, "Error loading SPKAC\n");
                ERR_print_errors(bio_err);
        if(!spki) {
                BIO_printf(bio_err, "Error loading SPKAC\n");
                ERR_print_errors(bio_err);


@@ -228,11 +235,9 @@ bad:
        }
 
        if(!noout) NETSCAPE_SPKI_print(out, spki);
        }
 
        if(!noout) NETSCAPE_SPKI_print(out, spki);

+       pkey = NETSCAPE_SPKI_get_pubkey(spki);

        if(verify) {
        if(verify) {

-               EVP_PKEY *pktmp;
-               pktmp = NETSCAPE_SPKI_get_pubkey(spki);
-               i = NETSCAPE_SPKI_verify(spki, pktmp);
-               EVP_PKEY_free(pktmp);
+               i = NETSCAPE_SPKI_verify(spki, pkey);

                if(i) BIO_printf(bio_err, "Signature OK\n");
                else {
                        BIO_printf(bio_err, "Signature Failure\n");
                if(i) BIO_printf(bio_err, "Signature OK\n");
                else {
                        BIO_printf(bio_err, "Signature Failure\n");


@@ -240,15 +245,16 @@ bad:
                        goto end;
                }
        }
                        goto end;
                }
        }

+       if(pubkey) PEM_write_bio_PUBKEY(out, pkey);

 
        ret = 0;
 
 end:
 
        ret = 0;
 
 end:

+       CONF_free(conf);

        NETSCAPE_SPKI_free(spki);
        BIO_free(in);
        BIO_free(out);
        BIO_free(key);
        EVP_PKEY_free(pkey);
        NETSCAPE_SPKI_free(spki);
        BIO_free(in);
        BIO_free(out);
        BIO_free(key);
        EVP_PKEY_free(pkey);

-       if(spkstr) Free(spkstr);

        EXIT(ret);
        }
        EXIT(ret);
        }

diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index e59c7d293fe5367c8a6d3dfaf42ef2e15fb9c75a..68d9912cbc513c299bc4f92c8b051aa66d3928ad 100644 (file)
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -182,7 +182,7 @@ DSA *       d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
 DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
 DSA *  DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
                int *counter_ret, unsigned long *h_ret,void
 DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
 DSA *  DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
                int *counter_ret, unsigned long *h_ret,void

-               (*callback)(),void *cb_arg);
+               (*callback)(int, int, void *),void *cb_arg);

 int    DSA_generate_key(DSA *a);
 int    i2d_DSAPublicKey(DSA *a, unsigned char **pp);
 int    i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
 int    DSA_generate_key(DSA *a);
 int    i2d_DSAPublicKey(DSA *a, unsigned char **pp);
 int    i2d_DSAPrivateKey(DSA *a, unsigned char **pp);

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 248a70be4a3424f885d8510d1dba0982f900ad4d..65602dda77a399d314a8b86bde68fb392304c01f 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -80,7 +80,8 @@
 #include <openssl/rand.h>
 
 DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
 #include <openssl/rand.h>
 
 DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,

-               int *counter_ret, unsigned long *h_ret, void (*callback)(),
+               int *counter_ret, unsigned long *h_ret,
+               void (*callback)(int, int, void *),

                void *cb_arg)
        {
        int ok=0;
                void *cb_arg)
        {
        int ok=0;

diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index f096ed0688f96295eee4fde4afa1f550dbbc7881..07050600710a99d1579b335f7ec28f9e2c5031a2 100644 (file)
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -84,7 +84,7 @@ int main(int argc, char *argv[])
 #define MS_CALLBACK
 #endif
 
 #define MS_CALLBACK
 #endif
 

-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);

 
 /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
  * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
 
 /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
  * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */


@@ -145,7 +145,7 @@ int main(int argc, char **argv)
 
        BIO_printf(bio_err,"test generation of DSA parameters\n");
 
 
        BIO_printf(bio_err,"test generation of DSA parameters\n");
 

-       dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,(char *)bio_err);
+       dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);

 
        BIO_printf(bio_err,"seed\n");
        for (i=0; i<20; i+=4)
 
        BIO_printf(bio_err,"seed\n");
        for (i=0; i<20; i+=4)


@@ -209,7 +209,7 @@ end:
        return(0);
        }
 
        return(0);
        }
 

-static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)

        {
        char c='*';
        static int ok=0,num=0;
        {
        char c='*';
        static int ok=0,num=0;


@@ -218,8 +218,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
        if (p == 1) c='+';
        if (p == 2) { c='*'; ok++; }
        if (p == 3) c='\n';
        if (p == 1) c='+';
        if (p == 2) { c='*'; ok++; }
        if (p == 3) c='\n';

-       BIO_write((BIO *)arg,&c,1);
-       (void)BIO_flush((BIO *)arg);
+       BIO_write(arg,&c,1);
+       (void)BIO_flush(arg);

 
        if (!ok && (p == 0) && (num > 1))
                {
 
        if (!ok && (p == 0) && (num > 1))
                {

diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c
index 1f69b0cc1ade72bd669ab670902d7a4b96b74fa0..31397b2add7756a2e803e9f612e74cd5cf40ab4f 100644 (file)
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@@ -210,4 +210,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
     return dest;
 }
 
     return dest;
 }
 

-#endif /*CHARSET_EBCDIC*/
+#else /*CHARSET_EBCDIC*/
+#ifdef PEDANTIC
+static void *dummy=&dummy;
+#endif
+#endif

diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index d36c7e5dd762fac3130357b25cc57c5159775ee2..02769121d33cebc83a4a962d7b68ec671dabd273 100644 (file)
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -26,6 +26,7 @@ B<openssl> B<ca>
 [B<-cert file>]
 [B<-in file>]
 [B<-out file>]
 [B<-cert file>]
 [B<-in file>]
 [B<-out file>]

+[B<-notext>]

 [B<-outdir dir>]
 [B<-infiles>]
 [B<-spkac file>]
 [B<-outdir dir>]
 [B<-infiles>]
 [B<-spkac file>]


@@ -102,6 +103,10 @@ the 'ps' utility) this option should be used with caution.
 
 this prints extra details about the operations being performed.
 
 
 this prints extra details about the operations being performed.
 

+=item B<-notext>
+
+don't output the text form of a certificate to the output file.
+

 =item B<-startdate date>
 
 this allows the start date to be explicitly set. The format of the
 =item B<-startdate date>
 
 this allows the start date to be explicitly set. The format of the

diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod
index 2151d3f69fb0a5332ac9090e557237466efe1132..c58768e8b33d9024a81fa2189cbc4bb07847ff33 100644 (file)
--- a/doc/apps/spkac.pod
+++ b/doc/apps/spkac.pod
@@ -11,6 +11,7 @@ B<openssl> B<spkac>
 [B<-out filename>]
 [B<-key keyfile>]
 [B<-challenge string>]
 [B<-out filename>]
 [B<-key keyfile>]
 [B<-challenge string>]

+[B<-pubkey>]

 [B<-spkac spkacname>]
 [B<-spksect section>]
 [B<-noout>]
 [B<-spkac spkacname>]
 [B<-spksect section>]
 [B<-noout>]


@@ -63,6 +64,11 @@ SPKAC. The default is the default section.
 don't output the text version of the SPKAC (not used if an
 SPKAC is being created).
 
 don't output the text version of the SPKAC (not used if an
 SPKAC is being created).
 

+=item B<-pubkey>
+
+output the public key of an SPKAC (not used if an SPKAC is
+being created).
+

 =item B<-verify>
 
 verifies the digital signature on the supplied SPKAC.
 =item B<-verify>
 
 verifies the digital signature on the supplied SPKAC.

diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
index e639dbd81eb7b216b8642cf7717a0094cc2eb95e..6273a62e1567c684afa0c18255519378326b907d 100644 (file)
--- a/doc/crypto/err.pod
+++ b/doc/crypto/err.pod
@@ -84,14 +84,23 @@ descriptions. For example, the function ssl23_read() reports a
 
  SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
 
 
  SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
 

+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as "SSL23_READ" in the above example.
+
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and and underscores changed to spaces.
+

 When you are using new function or reason codes, run B<make errors>.
 The necessary B<#define>s will then automatically be added to the
 sub-library's header file.
 
 Although a library will normally report errors using its own specific
 When you are using new function or reason codes, run B<make errors>.
 The necessary B<#define>s will then automatically be added to the
 sub-library's header file.
 
 Although a library will normally report errors using its own specific

-macro, a different macro is used. This is normally only done when a
-library wants to include ASN1 code which must user the ASN1 libraries
-error macro.
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
+the ASN1err() macro.

 
 =head2 Adding new libraries
 
 
 =head2 Adding new libraries
 

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 12b02a8d7ce647cbc6ec1ff67cb61cce536d0995..04294e2f865811cb6baadc629d7a0a9da9d480d7 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -313,7 +313,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
                int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {

-       unsigned int i, list_num;
+       int i, list_num;

        SSL_CIPHER *c;
 
        /*
        SSL_CIPHER *c;
 
        /*