- 23 1月, 2016 11 次提交
-
-
由 Richard Levitte 提交于
It's time for print_table_entry to get a bit of refreshment. The way it was put together, we needed to maintain the list of known configuration keys of interest twice, in different shapes. This is error prone, so move the list of strings to a common list for all printing cases, and use simple formatting of lines to do the actual printout based on that list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Andy Isaacson 提交于
The code is trying to interpolate the value of the BASE_SECTION macro, but due to excess escaping, it instead prints the string "BASE_SECTION". Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Alex Gaynor 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Some things to ignore need to be properly rooted, and use a bit more precision on ignoring 'lib', as that maybe be a perfectly valid directory name to add into git elsewhere in the source tree. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Alessandro Ghedini 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 mmiyashi 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Michał Trojnara 提交于
Change to reflect changes in dynamic_fns Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Marcus Meissner 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 22 1月, 2016 3 次提交
-
-
由 Richard Levitte 提交于
Time to get rid of @MK1MF_Builds and introduce a more flexible 'build_scheme' configuration key. Its value may be a string or an array of strings, meaning we need to teach resolve_config how to handle ARRAY referenses. The build scheme is a word that selects a function to create the appropriate result files for a certain configuration. Currently valid build schemes aer "mk1mf" and "unixmake", the plan is however to add at least one other for a more universal build scheme. Incidently, this also adds the functions 'add' and 'add_before', which can be used in a configuration, so instead of having to repeatedly write a sub like this: key1 => sub { join(" ", @_, "myvalues"); }, key2 => sub { join(" ", "myvalues", @_); }, one could write this: key1 => add(" ", "myvalues"), key2 => add_before(" ", "myvalues"), The good point with 'add' and 'add_before' is that they handle inheritances where the values are a misture of scalars and ARRAYs. If there are any ARRAY to be found, the resulting value will be an ARRAY, otherwise it will be a scalar with all the incoming valued joined together with the separator given as first argument to add/add_before. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Move the documentation of the target configuration form to Configurations/README. Move initial assembler object templates to Configurations/00-BASE-templates.conf. Furthermore, remove all variables containing the names of the non-assembler object files and make a BASE template of them instead. The values from this templates are used as defaults as is. The remaining manipulation of data when assembler modules are used is done only when $no_asm is false. While doing this, clean out some other related variables that aren't used anywhere. Also, we had to move the resolution of the chosen target a bit, or the function 'asm' would never catch a true $no_asm... this hasn't mattered before we've moved it all to the BASE template, but now it does. At the same time, add the default for the 'unistd' key to the BASE template. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
--prefix is now exclusively used for software and manual installation. --openssldir is not exclusively used as a default location for certs, keys and the default openssl.cnf. This change is made to bring clarity, to have the two less intertwined, and to be more compatible with the usual ways of software installation. Please change your habits and scripts to use --prefix rather than --openssldir for installation location now. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 21 1月, 2016 16 次提交
-
-
由 Billy Brumley 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
It's time to refactor the handling of %disabled so that all information of value is in the same place. We have so far had a few cascading disable rules in form of code, far away from %disabled. Instead, bring that information to the array @disable_cascade, which is a list of pairs of the form 'test => descendents'. The test part can be a string, and it's simply checked if that string is a key in %disabled, or it can be a CODEref to do a more complex test. If the test comes true, then all descendents are disabled. This check is performed until there are no more things that need to be disabled. Also, $default_depflags is constructed from the information in %disabled instead of being a separate string. While a string of its own is visually appealing, it's much too easy to forget to update it when something is changed in %disabled. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
The way the "reconf"/"reconfigure" argument is handled is overly complicated. Just grep for it first, and if it is there in the current arguments, get the old command line arguments from Makefile. While we're at it, make the Makefile variable CONFIGURE_ARGS hold the value as a perl list of strings. This makes things much safer in case one of the arguments would contain a space. Since CONFIGURE_ARGS is used for nothing else, there's no harm in this. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
It is sometimes useful (especially in automated tests) to supply multiple trusted or untrusted certificates via separate files rather than have to prepare a single file containing them all. To that end, change verify(1) to accept these options zero or more times. Also automatically set -no-CAfile and -no-CApath when -trusted is specified. Improve verify(1) documentation, which could still use some work. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Still need tests for trusted-first and tests that probe construction of alternate chains. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Returning untrusted is enough for for full chains that end in self-signed roots, because when explicit trust is specified it suppresses the default blanket trust of self-signed objects. But for partial chains, this is not enough, because absent a similar trust-self-signed policy, non matching EKUs are indistinguishable from lack of EKU constraints. Therefore, failure to match any trusted purpose must trigger an explicit reject. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
These can be re-generated via: cd test/certs; ./setup.sh if need be. The keys are all RSA 2048-bit keys, but it is possible to change that via environment variables. cd test/certs rm -f *-key.pem *-key2.pem OPENSSL_KEYALG=rsa OPENSSL_KEYBITS=3072 ./setup.sh cd test/certs rm -f *-key.pem *-key2.pem OPENSSL_KEYALG=ecdsa OPENSSL_KEYBITS=secp384r1 ./setup.sh ... Keys are re-used if already present, so the environment variables are only used when generating any keys that are missing. Hence the "rm -f" Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
When DANE-EE(3) matches or either of DANE-EE/PKIX-EE fails, we don't build a chain at all, but rather succeed or fail with just the leaf certificate. In either case also check for Suite-B violations. As unlikely as it may seem that anyone would enable both DANE and Suite-B, we should do what the application asks. Took the opportunity to eliminate the "cb" variables in x509_vfy.c, just call ctx->verify_cb(ok, ctx) Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Split the read_config function into read_config that ONLY reads the configuration files but doesn't try to resolve any of the inheritances, and resolve_config which resolves the inheritance chain of a given target. Move them to the bottom of Configure, with the rest of the helpers. Have a new small hash table, %target, which will hold the values for the target the user requested. This also means that all access to the current target data can be reduced from '$table{$target}->{key}' to a mere '$target{key}'. While we're at it, the old string formatted configurations are getting obsolete, so they may as well get deprecated entirely. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Get rid of the --test-sanity option. Since we no longer have string based configurations, we don't have the problem with miscounting colons any more. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Start simple, removed some unused variables and change all '<<EOF' to '<<"EOF"'. The latter is because some code colorizers (notably, in emacs) cannot recognise the here document end marker unless it's quoted and therefore assume the rest of the file is part of the here document. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NBen Laurie <ben@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NBen Laurie <ben@openssl.org>
-
- 20 1月, 2016 7 次提交
-
-
由 Rich Salz 提交于
Also remove depend/local_depend. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Rename 'update' to 'generate'. Rather than recurse, just explicitly call the three generate targets directly. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Calling SSL_shutdown while in init previously gave a "1" response, meaning everything was successfully closed down (even though it wasn't). Better is to send our close_notify, but fail when trying to receive one. The problem with doing a shutdown while in the middle of a handshake is that once our close_notify is sent we shouldn't really do anything else (including process handshake/CCS messages) until we've received a close_notify back from the peer. However the peer might send a CCS before acting on our close_notify - so we won't be able to read it because we're not acting on CCS messages! Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The GOST engine is now out of date and is removed by this commit. An up to date GOST engine is now being maintained in an external repository. See: https://wiki.openssl.org/index.php/BinariesReviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
For BSD systems, Configure adds a shared_ldflags including a reference to the Makefile variable LIBRPATH, but since it must be passed down to Makefile.shared, care must be taken so the value of LIBRPATH doesn't get expanded too early, or it ends up giving an empty string. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 19 1月, 2016 3 次提交
-
-
由 Alessandro Ghedini 提交于
RT#4080 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Prayag Verma 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-