Signed-off-by: NCorinna Vinschen <vinschen@redhat.com>
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Author: Remi Gacogne <rgacogne-github@coredump.fr>
GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of
a OCSP_SINGLERESP. It is possible to do it the other way around using
OCSP_resp_find(), but this is more efficient when you have a tree indexed
by OCSP_CERTID, like haproxy does. (This is also RT4251)

Author: Marek Klein <kleinmrk@gmail.com>
GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a
OCSP_BASICRESP
GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and
TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Missed the camellia EVP update.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Make sure they detect that.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This avoids explicit double spaces between sentences.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also s/s/ssl/ as appropriate in the code example.

Suggested by Claus Assmann.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Also report an SSL_dane_enable error when the basedomain is an
invalid SNI name.  Avoid side-effects when such a name is valid
with X509_VERIFY_PARAM_set1_host(), as e.g. with an empty name, by
setting the SNI name first.
Reviewed-by: NRich Salz <rsalz@openssl.org>

While empty inputs to SSL_set1_host() clear the reference identifier
list.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Via Rainer Jung
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

- bugfix: should not treat '--' as invalid domain substring.
- '-' should not be the first letter of a domain
Signed-off-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The windows installation instructions were very out of date. Substantial
update to the text. Remove a lot of historical stuff that isn't relevant
any more, and merge the win64 and win32 instructions into one file.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Also remove the INSTALL.W64 file. Next commit will update INSTALL.WIN to
cover both.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

The previous 'Relax the requirements for a debug build' commit had
an extra line of code that shouldn't have been there.  This fixes it.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

It seems that the r modifier for s/// is fairly new.  It's reported
not to exist in perl 5.10.1, so it's better to avoid it when
possible.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

On Unixly platforms, this doesn't matter.  On VMS, it does.
Reviewed-by: NRich Salz <rsalz@openssl.org>

We required that a target be named 'debug-something' or to have at
least one of the configuration items debug_cflags and debug_lflags for
--debug to be accepted.

However, there are targets with no such markings but that will still
have debugging capabilities.  This is particularly true for mk1mf
builds, where the extra flags for debugging are figured out later on
by util/mk1mf.pl.
Reviewed-by: NRich Salz <rsalz@openssl.org>

It turns out that -pause calls the undocumented function SSL_set_debug.
That just sets flag inside the SSL structure.  That flag, despite
the command is never used.  So remove the flag, the field, and the
function.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Tell open() O_BINARY on VMS doesn't make sense, as it's possible to
use more precise file attributes.  However, if we're still going to
fdopen() it in binary mode, we must set the fd in binary context.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

On some platforms, the shell will determine what attributes a file
will have, so while the program might think it's safely outputting
binary data, it's not always true.

For the sake of the tests, it's therefore safer to use -out than to
use redirection.
Reviewed-by: NRich Salz <rsalz@openssl.org>

'openssl rehash' isn't implemented on all platforms, and since 'make
test' depends on a rehash of certs/demo being performed, it becomes an
effective block from running tests on any platform but Unix, for the
moment.

It's better to fall back to c_rehash and let the tests perform
everywhere.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>