Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

These two functions take a separator to concatenat the strings with as
first argument.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

Reported in GH#684
Reviewed-by: NMatt Caswell <matt@openssl.org>

Combination of heartbeats and unit-tests.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

That variable isn't for us, it's for any user, distributor or package
builder that wants one after the section number.  "ssl" seems to be
popular...
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

mk1mf was wondering about the options no-heartbeats and
no-crypto-mdebug-backtrace, so we add option hooks them.  They only
need to become OPENSSL_NO_ macros in opensslconf.h, so nothing
additional needs to be done.

Also, add "-DOPENSSL_PIC" when shared libraries are produced.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

RT#4305
Reviewed-by: NRich Salz <rsalz@openssl.org>

Thanks to: David Benjamin of Chromuim.

RT#4305
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Three header files from crypto/include/internal were used by
util/mkdef.pl.  This should never be needed.  Some test program used
these, which made it a valid reason at the time to make the some
internal symbols public in the shared libraries, but that's not the
case any more.

However, to be able to link libssl.so, some symbols found in
include/internal headers still need to be made public.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

On some platforms, the implementation is such that a signed char
triggers a warning when used with is*() functions.  On others, the
behavior is outright buggy when presented with a char that happens
to get promoted to a negative integer.

The safest thing is to cast the char that's used to an unsigned char.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

To force it on anyone using --strict-warnings was the wrong move, as
this is an option best left to those who know what they're doing.

Use with care!
Reviewed-by: NAndy Polyakov <appro@openssl.org>

DllMain is a symbol that needs to be global, but no one needs to know.
However, some compilers will warn if there isn't a declaration before
the function is defined.  Just add a declaration before the function
definition.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Most of the times, it seems that socklen_t is unsigned.
Unfortunately, this isn't always the case, and it doesn't compare with
a size_t without warning.

A cast resolves the issue.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

While IO::Socket::IP is a core perl module (since Perl v5.19.8, or so
says corelist), IO::Socket::INET6 has been around longer, is said to
be more widely deployed, and most importantly, seems to have less bugs
hitting us.  We therefore prefer IO::Socket::INET6, and only fall back
to IO::Socket::IP if the former doesn't exist on the local system.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

It seems that on some platforms, the perlasm scripts call the C
compiler for certain checks.  These scripts need the environment
variable CC to have the C compiler command.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Test programs are now only built when running "make test" or "make
build_tests".
Reviewed-by: NRich Salz <rsalz@openssl.org>

unix-Makefile.tmpl was lagging behind on this point.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Also remove a spurious extra $(LDFLAGS)
Reviewed-by: NRich Salz <rsalz@openssl.org>

Silencing this:
    crypto/async/arch/async_win.c: In function 'async_fibre_init_dispatcher':
    crypto/async/arch/async_win.c:112:12: warning: unused variable 'dispatcher' [-Wunused-variable]
         LPVOID dispatcher;
                ^
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The installation of man files and html files alike didn't properly
check that file names with different casing could be the same on
case-insensitive file systems.  This change fixes that.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The ocsp utility is something of a jack-of-all-trades; most anything
related to the OCSP can be done with it.  In particular, the manual
page calls out that it can be used as either a client or a server
of the protocol, but there are also a few things that it can do
which do not quite fit into either role, such as encoding an OCSP
request but not sending it, printing out a text form of an OCSP
response (or request) from a file akin to the asn1parse utility,
or performing a lookup into the server-side revocation database
without actually sending a request or response.  All three of these
are documented as examples in the manual page, but the documentation
prior to this commit is somewhat misleading, in that when printing
the text form of an OCSP response, the code also attempts to
verify the response, displaying an error message and returning
failure if the response does not verify.  (It is possible that
the response would be able to verify with the given example, since
the default trust roots are used for that verification, but OCSP
responses frequently have alternate certification authorities
that would require passing -CAfile or -CApath for verification.)

Tidy up the documentation by passing -noverify for the case of
converting from binary to textual representation, and also
change a few instances of -respin to -reqin as appropriate, note
that the -url option provides the same functionality as the -host
and -path options, clarify that the example that saves an OCSP
response to a file will also perform verification on that response,
and fix a couple grammar nits in the manual page.

Also remove an always-true conditional for rdb != NULL -- there
are no codepaths in which it could be initialized at the time of
this check.
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>