[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Sep 20 16:24:27 UTC 2016
The branch master has been updated
via 6e836806add140fa9e56d1226d7514fdfa2c803a (commit)
via 8c88c88b5ad43bbdf1f6e7602b6ac56c9031b153 (commit)
via f4566dff06d2539dd01f54c817e2b952b64452e4 (commit)
via ccf11f7ee49a0825caa407ed481c21b4b5933023 (commit)
via 54d72ef0f019db383f8e98342b9b77c5da8541e5 (commit)
via 3656ea1c2217f38d44f3f34253e7c16f1b40ba77 (commit)
via 16c6deed2c42d4cf4a7676a32b718d6a867f482a (commit)
from 08029dfa03c0ee3a50f373017143aaae5f87d17f (commit)
- Log -----------------------------------------------------------------
commit 6e836806add140fa9e56d1226d7514fdfa2c803a
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Sep 18 23:52:30 2016 +0200
Documentation fixup; no more ECDHParameters
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 8c88c88b5ad43bbdf1f6e7602b6ac56c9031b153
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 01:53:38 2016 +0200
Crude VMS build files for demos/bio/
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit f4566dff06d2539dd01f54c817e2b952b64452e4
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 01:01:30 2016 +0200
Crude Makefile for demos/bio/
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit ccf11f7ee49a0825caa407ed481c21b4b5933023
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 01:01:15 2016 +0200
Don't ignore Makefiles in demos/
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 54d72ef0f019db383f8e98342b9b77c5da8541e5
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 09:32:00 2016 +0200
Fixup BIO demos for OpenSSL 1.1.x
Call SSL_CTX_new() before doing any configuration.
(or call OPENSSL_ssl_init())
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 3656ea1c2217f38d44f3f34253e7c16f1b40ba77
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 00:59:00 2016 +0200
Fixup BIO demos for OpenSSL 1.1.x
'ECDHParameters = Automatic' isn't accepted.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 16c6deed2c42d4cf4a7676a32b718d6a867f482a
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 00:58:21 2016 +0200
Fixup BIO demos for OpenSSL 1.1.x
Note: server-cmod doesn't seem to do things right... from loading
cmod.cnf, it tries to load libssl_conf.so.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 ++
demos/bio/Makefile | 30 ++++++++++++++++++++++++++++++
demos/bio/accept.cnf | 2 --
demos/bio/client-arg.c | 4 ----
demos/bio/client-conf.c | 4 ----
demos/bio/descrip.mms | 47 +++++++++++++++++++++++++++++++++++++++++++++++
demos/bio/saccept.c | 7 +------
demos/bio/sconnect.c | 5 -----
demos/bio/server-arg.c | 6 +-----
demos/bio/server-cmod.c | 7 +------
demos/bio/server-conf.c | 7 ++-----
demos/bio/shared.opt | 2 ++
demos/bio/static.opt | 2 ++
doc/ssl/SSL_CONF_cmd.pod | 10 ----------
14 files changed, 88 insertions(+), 47 deletions(-)
create mode 100644 demos/bio/Makefile
create mode 100644 demos/bio/descrip.mms
create mode 100644 demos/bio/shared.opt
create mode 100644 demos/bio/static.opt
diff --git a/.gitignore b/.gitignore
index 730731f..23c48be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,8 @@
# *all* Makefiles
Makefile
+# ... except in demos
+!/demos/*/Makefile
# Links under apps
/apps/CA.pl
diff --git a/demos/bio/Makefile b/demos/bio/Makefile
new file mode 100644
index 0000000..493e8a5
--- /dev/null
+++ b/demos/bio/Makefile
@@ -0,0 +1,30 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+# LD_LIBRARY_PATH=../.. ./server-arg
+# LD_LIBRARY_PATH=../.. ./server-cmod
+# LD_LIBRARY_PATH=../.. ./server-conf
+# LD_LIBRARY_PATH=../.. ./client-arg
+# LD_LIBRARY_PATH=../.. ./client-conf
+# LD_LIBRARY_PATH=../.. ./saccept
+# LD_LIBRARY_PATH=../.. ./sconnect
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
+
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
+
+client-arg: client-arg.o
+client-conf: client-conf.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf
index 5a2ef45..eb69658 100644
--- a/demos/bio/accept.cnf
+++ b/demos/bio/accept.cnf
@@ -5,8 +5,6 @@ Port = 4433
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
-# Automatic curve selection
-ECDHParameters = Automatic
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c
index 9e136e5..e8d5e46 100644
--- a/demos/bio/client-arg.c
+++ b/demos/bio/client-arg.c
@@ -23,10 +23,6 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
int nargs = argc - 1;
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- SSL_library_init();
-
ctx = SSL_CTX_new(TLS_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c
index 66b5cac..e819030 100644
--- a/demos/bio/client-conf.c
+++ b/demos/bio/client-conf.c
@@ -26,10 +26,6 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
long errline = -1;
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- SSL_library_init();
-
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms
new file mode 100644
index 0000000..8e127b0
--- /dev/null
+++ b/demos/bio/descrip.mms
@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+ IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+ IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+ DEASSIGN OPT
+
+.DEFAULT :
+ @ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe :
+ $(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+ server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 106a089..66c5c61 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -26,7 +26,7 @@
static int done = 0;
-void interrupt()
+void interrupt(int sig)
{
done = 1;
}
@@ -58,11 +58,6 @@ int main(int argc, char *argv[])
else
port = argv[1];
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
ctx = SSL_CTX_new(TLS_server_method());
if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
goto err;
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index 284bc30..664a1e0 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -55,11 +55,6 @@ char *argv[];
sock_init();
#endif
- /* Lets get nice error messages */
- SSL_load_error_strings();
-
- /* Setup all the global SSL stuff */
- OpenSSL_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(TLS_client_method());
/* Enable trust chain verification */
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
index 4e9b7bd..6056969 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -14,6 +14,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -30,11 +31,6 @@ int main(int argc, char *argv[])
char **args = argv + 1;
int nargs = argc - 1;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
ctx = SSL_CTX_new(TLS_server_method());
cctx = SSL_CONF_CTX_new();
diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c
index 77b456a..9cb2463 100644
--- a/demos/bio/server-cmod.c
+++ b/demos/bio/server-cmod.c
@@ -27,18 +27,13 @@ int main(int argc, char *argv[])
SSL_CTX *ctx;
int ret = 1, i;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
+ ctx = SSL_CTX_new(TLS_server_method());
if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
fprintf(stderr, "Error processing config file\n");
goto err;
}
- ctx = SSL_CTX_new(TLS_server_method());
-
if (SSL_CTX_config(ctx, "server") == 0) {
fprintf(stderr, "Error configuring server.\n");
goto err;
diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c
index 32abefd..41b1308 100644
--- a/demos/bio/server-conf.c
+++ b/demos/bio/server-conf.c
@@ -14,6 +14,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -33,10 +34,7 @@ int main(int argc, char *argv[])
char buf[512];
int ret = 1, i;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
+ ctx = SSL_CTX_new(TLS_server_method());
conf = NCONF_new(NULL);
@@ -55,7 +53,6 @@ int main(int argc, char *argv[])
goto err;
}
- ctx = SSL_CTX_new(TLS_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
diff --git a/demos/bio/shared.opt b/demos/bio/shared.opt
new file mode 100644
index 0000000..4141b93
--- /dev/null
+++ b/demos/bio/shared.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE
diff --git a/demos/bio/static.opt b/demos/bio/static.opt
new file mode 100644
index 0000000..9ca1588
--- /dev/null
+++ b/demos/bio/static.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 7b38489..d8c0e9b 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -263,16 +263,6 @@ The B<value> argument is a colon separated list of curves. The curve can be
either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
B<prime256v1>). Curve names are case sensitive.
-=item B<ECDHParameters>
-
-This sets the temporary curve used for ephemeral ECDH modes. Only used by
-servers
-
-The B<value> argument is a curve name or the special value B<Automatic> which
-picks an appropriate curve based on client and server preferences. The curve
-can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
-(e.g B<prime256v1>). Curve names are case sensitive.
-
=item B<MinProtocol>
This sets the minimum supported SSL, TLS or DTLS version.
More information about the openssl-commits
mailing list