Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086
Reviewed-by: NRichard Levitte <levitte@openssl.org>

There used to be options -macopt and -sigopt in <=1.0.2 for the dgst
command line app. These were incorrectly spelled as -macop and -sigop in
master.

RT#4072
Reviewed-by: NAndy Polyakov <appro@openssl.org>

PR#4035
Reviewed-by: NMatt Caswell <matt@openssl.org>

Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Even though SOCKET is effectively declared as (void *) on Windows, it's
not actually a pointer, but an index within per-process table of
kernel objects. The table size is actually limited and its upper limit
is far below upper limit for signed 32-bit integer. This is what makes
cast in question possible.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Some builds break, as documented in:
  https://github.com/openssl/openssl/pull/408#issuecomment-142971427
This fixes it.
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Use sockaddr_storage not sockaddr for the client IP address to allow for
IPv6.
Also fixed a section of code which was conditional on OPENSSL_NO_DTLS1
which should not have been.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

DTLSv1_listen is a commonly used function within DTLS solutions for
listening for new incoming connections. This commit adds support to s_server
for using it.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

The -srpvfile option was broken in the srp command line app. Using it would
always result in "-dbfile and -configfile cannot be specified together."
The error message is also wrong because the option is "-srpvfile" not
"-dbfile", so that has been fixed too.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

PR#3817
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

I have no clue why MD_GHOST94 was checked on, there is no
OPENSSL_NO_MD_GHOST94 in sight anywhere
Reviewed-by: NStephen Henson <steve@openssl.org>

Have a look at the directories in crypto/, I found reason to add
checks on CMAC and HMAC.  This might be completely irrelevant, but I
prefered covering too much than not enough.
Reviewed-by: NStephen Henson <steve@openssl.org>

A grep of OPENSSL_NO_ in the rest of the source tree revealed a few
more features to check.

NOTE: there are some of those macros that I ignore because a check of
them doesn't seem useful to external apps.  This might change later on.
Reviewed-by: NStephen Henson <steve@openssl.org>

After a grep of OPENSSL_NO_ in apps/*.c, a few more features that may
be interesting to check the availability of came up.
Reviewed-by: NStephen Henson <steve@openssl.org>

I've tried to make this list as complete as possible, based on
information found in apps/progs.pl.
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NStephen Henson <steve@openssl.org>

OPENSSL_NO_ECA changed to OPENSSL_NO_EC
Reviewed-by: NStephen Henson <steve@openssl.org>

New option "openssl list -disabled" this lists a set of disabled features
in a form which can be conveniently parsed by the test framework so it
knows which tests to skip.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Real fix for RT 4033
Reviewed-by: NRichard Levitte <levitte@openssl.org>

If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397
Reviewed-by: NTim Hudson <tjh@openssl.org>

-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Make the script and app match the documentation.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Both now warn once if directory isn't writeable.
Both now warn on file-write errors (multiple times).
Update manpage to describe both program and script correctly.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Also make internal functions consistently return values, and
add a comment documenting them.
Reviewed-by: NBen Laurie <ben@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>