macros in apps.h.

    (Working file: progs.h
     revision 1.24

     date: 2001/02/19 16:06:03;  author: levitte;  state: Exp;  lines: +59 -59
     Make all configuration macros available for application by making
     sure they are available in opensslconf.h, by giving them names starting
     with "OPENSSL_" to avoid conflicts with other packages and by making
     sure e_os2.h will cover all platform-specific cases together with
     opensslconf.h.

     [...])

CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).

See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.

(found by Massimiliano Pala <madwolf@hackmasters.net>).

connection so it can prompt for pass phrase on startup
instead of after the first connection.

Add -port switch to usage message.

Make -passin -passout etc work again.

Fix leak in ca.c when using -passin.

Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.

Allow OCSP server to handle multiple requests.

Document new OCSP options.

Initial OCSP server support, using index.txt format.

This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.

things), especially as the RSA keys are fixed. However, DSA only fixes the
DSA parameters and then generates the public and private components on the
fly each time - this commit hard-codes some sampled key values so that this
is no longer the case.

SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.

(found by Andy Brown <logic@warthog.com>).

Modify apps to use NCONF code instead of old CONF code.

Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...

to go the monolith way (does anyone do that these days?).

NOTE: a few applications are missing in this commit.  I've a few more
changes in them that I haven't tested yet.

password callbak doesn't need to check for sizes any more.