[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Tue Sep 20 16:25:21 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 435972c17211df1bc6bb5276385f2223aafe3848 (commit)
via 9c067c8991ac450c508d04d2387d6d5f41a41a92 (commit)
via 0430efa62fbae715a8cee56e9b2498b8a3c0fe0d (commit)
via 3ed2d8a4b85fd361c733316883174309275f5e29 (commit)
via b90348c7c57f2a6ba129fd2cb9a5889401fe3f91 (commit)
via d57569388379c72271a0703e68a5eaffa7ffebca (commit)
via f506d8247709f82ec1b123819ea975afe45a55c5 (commit)
from 3fd181a8b5b85a1f7383e82438da494a08f7d843 (commit)
- Log -----------------------------------------------------------------
commit 435972c17211df1bc6bb5276385f2223aafe3848
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Sep 18 23:52:30 2016 +0200
Documentation fixup; no more ECDHParameters
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 6e836806add140fa9e56d1226d7514fdfa2c803a)
commit 9c067c8991ac450c508d04d2387d6d5f41a41a92
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 01:53:38 2016 +0200
Crude VMS build files for demos/bio/
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 8c88c88b5ad43bbdf1f6e7602b6ac56c9031b153)
commit 0430efa62fbae715a8cee56e9b2498b8a3c0fe0d
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 01:01:30 2016 +0200
Crude Makefile for demos/bio/
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit f4566dff06d2539dd01f54c817e2b952b64452e4)
commit 3ed2d8a4b85fd361c733316883174309275f5e29
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 01:01:15 2016 +0200
Don't ignore Makefiles in demos/
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit ccf11f7ee49a0825caa407ed481c21b4b5933023)
commit b90348c7c57f2a6ba129fd2cb9a5889401fe3f91
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 09:32:00 2016 +0200
Fixup BIO demos for OpenSSL 1.1.x
Call SSL_CTX_new() before doing any configuration.
(or call OPENSSL_ssl_init())
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 54d72ef0f019db383f8e98342b9b77c5da8541e5)
commit d57569388379c72271a0703e68a5eaffa7ffebca
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 00:59:00 2016 +0200
Fixup BIO demos for OpenSSL 1.1.x
'ECDHParameters = Automatic' isn't accepted.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 3656ea1c2217f38d44f3f34253e7c16f1b40ba77)
commit f506d8247709f82ec1b123819ea975afe45a55c5
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Sep 9 00:58:21 2016 +0200
Fixup BIO demos for OpenSSL 1.1.x
Note: server-cmod doesn't seem to do things right... from loading
cmod.cnf, it tries to load libssl_conf.so.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 16c6deed2c42d4cf4a7676a32b718d6a867f482a)
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 ++
demos/bio/Makefile | 30 ++++++++++++++++++++++++++++++
demos/bio/accept.cnf | 2 --
demos/bio/client-arg.c | 4 ----
demos/bio/client-conf.c | 4 ----
demos/bio/descrip.mms | 47 +++++++++++++++++++++++++++++++++++++++++++++++
demos/bio/saccept.c | 7 +------
demos/bio/sconnect.c | 5 -----
demos/bio/server-arg.c | 6 +-----
demos/bio/server-cmod.c | 7 +------
demos/bio/server-conf.c | 7 ++-----
demos/bio/shared.opt | 2 ++
demos/bio/static.opt | 2 ++
doc/ssl/SSL_CONF_cmd.pod | 10 ----------
14 files changed, 88 insertions(+), 47 deletions(-)
create mode 100644 demos/bio/Makefile
create mode 100644 demos/bio/descrip.mms
create mode 100644 demos/bio/shared.opt
create mode 100644 demos/bio/static.opt
diff --git a/.gitignore b/.gitignore
index 730731f..23c48be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,8 @@
# *all* Makefiles
Makefile
+# ... except in demos
+!/demos/*/Makefile
# Links under apps
/apps/CA.pl
diff --git a/demos/bio/Makefile b/demos/bio/Makefile
new file mode 100644
index 0000000..493e8a5
--- /dev/null
+++ b/demos/bio/Makefile
@@ -0,0 +1,30 @@
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+# LD_LIBRARY_PATH=../.. ./server-arg
+# LD_LIBRARY_PATH=../.. ./server-cmod
+# LD_LIBRARY_PATH=../.. ./server-conf
+# LD_LIBRARY_PATH=../.. ./client-arg
+# LD_LIBRARY_PATH=../.. ./client-conf
+# LD_LIBRARY_PATH=../.. ./saccept
+# LD_LIBRARY_PATH=../.. ./sconnect
+
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
+
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
+
+client-arg: client-arg.o
+client-conf: client-conf.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf
index 5a2ef45..eb69658 100644
--- a/demos/bio/accept.cnf
+++ b/demos/bio/accept.cnf
@@ -5,8 +5,6 @@ Port = 4433
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
-# Automatic curve selection
-ECDHParameters = Automatic
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c
index 9e136e5..e8d5e46 100644
--- a/demos/bio/client-arg.c
+++ b/demos/bio/client-arg.c
@@ -23,10 +23,6 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
int nargs = argc - 1;
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- SSL_library_init();
-
ctx = SSL_CTX_new(TLS_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c
index 66b5cac..e819030 100644
--- a/demos/bio/client-conf.c
+++ b/demos/bio/client-conf.c
@@ -26,10 +26,6 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
long errline = -1;
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- SSL_library_init();
-
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms
new file mode 100644
index 0000000..8e127b0
--- /dev/null
+++ b/demos/bio/descrip.mms
@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+ IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+ IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+ DEASSIGN OPT
+
+.DEFAULT :
+ @ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe :
+ $(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+ server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 106a089..66c5c61 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -26,7 +26,7 @@
static int done = 0;
-void interrupt()
+void interrupt(int sig)
{
done = 1;
}
@@ -58,11 +58,6 @@ int main(int argc, char *argv[])
else
port = argv[1];
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
ctx = SSL_CTX_new(TLS_server_method());
if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
goto err;
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index 284bc30..664a1e0 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -55,11 +55,6 @@ char *argv[];
sock_init();
#endif
- /* Lets get nice error messages */
- SSL_load_error_strings();
-
- /* Setup all the global SSL stuff */
- OpenSSL_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(TLS_client_method());
/* Enable trust chain verification */
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
index 4e9b7bd..6056969 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -14,6 +14,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -30,11 +31,6 @@ int main(int argc, char *argv[])
char **args = argv + 1;
int nargs = argc - 1;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
ctx = SSL_CTX_new(TLS_server_method());
cctx = SSL_CONF_CTX_new();
diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c
index 77b456a..9cb2463 100644
--- a/demos/bio/server-cmod.c
+++ b/demos/bio/server-cmod.c
@@ -27,18 +27,13 @@ int main(int argc, char *argv[])
SSL_CTX *ctx;
int ret = 1, i;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
+ ctx = SSL_CTX_new(TLS_server_method());
if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
fprintf(stderr, "Error processing config file\n");
goto err;
}
- ctx = SSL_CTX_new(TLS_server_method());
-
if (SSL_CTX_config(ctx, "server") == 0) {
fprintf(stderr, "Error configuring server.\n");
goto err;
diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c
index 32abefd..41b1308 100644
--- a/demos/bio/server-conf.c
+++ b/demos/bio/server-conf.c
@@ -14,6 +14,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -33,10 +34,7 @@ int main(int argc, char *argv[])
char buf[512];
int ret = 1, i;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
+ ctx = SSL_CTX_new(TLS_server_method());
conf = NCONF_new(NULL);
@@ -55,7 +53,6 @@ int main(int argc, char *argv[])
goto err;
}
- ctx = SSL_CTX_new(TLS_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
diff --git a/demos/bio/shared.opt b/demos/bio/shared.opt
new file mode 100644
index 0000000..4141b93
--- /dev/null
+++ b/demos/bio/shared.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE
diff --git a/demos/bio/static.opt b/demos/bio/static.opt
new file mode 100644
index 0000000..9ca1588
--- /dev/null
+++ b/demos/bio/static.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index 7b38489..d8c0e9b 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -263,16 +263,6 @@ The B<value> argument is a colon separated list of curves. The curve can be
either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g
B<prime256v1>). Curve names are case sensitive.
-=item B<ECDHParameters>
-
-This sets the temporary curve used for ephemeral ECDH modes. Only used by
-servers
-
-The B<value> argument is a curve name or the special value B<Automatic> which
-picks an appropriate curve based on client and server preferences. The curve
-can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
-(e.g B<prime256v1>). Curve names are case sensitive.
-
=item B<MinProtocol>
This sets the minimum supported SSL, TLS or DTLS version.
More information about the openssl-commits
mailing list