1. 18 10月, 2001 1 次提交
  2. 17 10月, 2001 1 次提交
  3. 16 10月, 2001 2 次提交
    • D
      · 20d2186c
      Dr. Stephen Henson 提交于
      Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
      with existing code.
      
      Modify library to use digest *_ex() functions.
      20d2186c
    • B
      Change ssl3_get_message and the functions using it so that complete · 48948d53
      Bodo Möller 提交于
      'Handshake' protocol structures are kept in memory, including
      'msg_type' and 'length'.
      
      (This is in preparation of future support for callbacks that get to
      peek at handshake messages and the like.)
      48948d53
  4. 10 10月, 2001 1 次提交
  5. 11 9月, 2001 1 次提交
  6. 07 8月, 2001 1 次提交
  7. 31 7月, 2001 2 次提交
    • R
      More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu> · 882e8912
      Richard Levitte 提交于
      His comments are:
      
      First, it corrects a problem introduced in the last patch where the
      kssl_map_enc() would intentionally return NULL for valid ENCTYPE
      values.  This was done to prevent verification of the kerberos 5
      authenticator from being performed when Derived Key ciphers were
      in use.  Unfortunately, the authenticator verification routine was
      not the only place that function was used.  And it caused core dumps.
      
      Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
      Principal Name.
      882e8912
    • B
      Really add the EVP and all of the DES changes. · dbad1690
      Ben Laurie 提交于
      dbad1690
  8. 12 7月, 2001 2 次提交
  9. 10 7月, 2001 1 次提交
    • R
      Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in · 2a1ef754
      Richard Levitte 提交于
      SSL according to RFC 2712.  His comment is:
      
      This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
      authentication.  I'm expecting to have the full kssl-0.5 kit up on
      sourceforge by the end of the week.  The full kit includes patches
      for mod-ssl, apache, and a few text clients.  The sourceforge URL
      is http://sourceforge.net/projects/kssl/ .
      
      Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
      message with a real KerberosWrapper struct.  I think this is fully
      RFC 2712 compliant now, including support for the optional
      authenticator field.  I also added openssl-style ASN.1 macros for
      a few Kerberos structs; see crypto/krb5/ if you're interested.
      2a1ef754
  10. 20 6月, 2001 1 次提交
    • D
      · 323f289c
      Dr. Stephen Henson 提交于
      Change all calls to low level digest routines in the library and
      applications to use EVP. Add missing calls to HMAC_cleanup() and
      don't assume HMAC_CTX can be copied using memcpy().
      
      Note: this is almost identical to the patch submitted to openssl-dev
      by Verdon Walker <VWalker@novell.com> except some redundant
      EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
      made to avoid compiler warnings.
      323f289c
  11. 07 3月, 2001 1 次提交
  12. 20 2月, 2001 1 次提交
  13. 01 12月, 2000 1 次提交
  14. 30 11月, 2000 1 次提交
  15. 04 9月, 2000 1 次提交
  16. 03 7月, 2000 1 次提交
  17. 01 6月, 2000 1 次提交
    • G
      The previous commit to crypto/stack/*.[ch] pulled the type-safety strings · ccd86b68
      Geoff Thorpe 提交于
      yet tighter, and also put some heat on the rest of the library by
      insisting (correctly) that compare callbacks used in stacks are prototyped
      with "const" parameters. This has led to a depth-first explosion of
      compiler warnings in the code where 1 constification has led to 3 or 4
      more. Fortunately these have all been resolved to completion and the code
      seems cleaner as a result - in particular many of the _cmp() functions
      should have been prototyped with "const"s, and now are. There was one
      little problem however;
      
      X509_cmp() should by rights compare "const X509 *" pointers, and it is now
      declared as such. However, it's internal workings can involve
      recalculating hash values and extensions if they have not already been
      setup. Someone with a more intricate understanding of the flow control of
      X509 might be able to tighten this up, but for now - this seemed the
      obvious place to stop the "depth-first" constification of the code by
      using an evil cast (they have migrated all the way here from safestack.h).
      
      Fortunately, this is the only place in the code where this was required
      to complete these type-safety changes, and it's reasonably clear and
      commented, and seemed the least unacceptable of the options. Trying to
      take the constification further ends up exploding out considerably, and
      indeed leads directly into generalised ASN functions which are not likely
      to cooperate well with this.
      ccd86b68
  18. 28 5月, 2000 1 次提交
  19. 28 3月, 2000 1 次提交
  20. 04 2月, 2000 1 次提交
  21. 22 1月, 2000 1 次提交
  22. 21 1月, 2000 1 次提交
  23. 14 1月, 2000 1 次提交
  24. 06 1月, 2000 1 次提交
  25. 25 9月, 1999 1 次提交
  26. 19 9月, 1999 1 次提交
  27. 13 7月, 1999 1 次提交
  28. 12 7月, 1999 1 次提交
  29. 12 6月, 1999 1 次提交
  30. 08 6月, 1999 1 次提交
  31. 13 5月, 1999 1 次提交
  32. 10 5月, 1999 1 次提交
    • B
      No actual change, but the cert_st member of struct ssl_session_st is now · 9d5cceac
      Bodo Möller 提交于
      called sess_cert instead of just cert.  This is in preparation of further
      changes: Probably often when s->session->sess_cert is used, we should
      use s->cert instead; s->session->sess_cert should be a new structure
      containing only the stuff that is for just one connection (e.g.
      the peer's certificate, which the SSL client implementations currently
      store in s->session->[sess_]cert, which is a very confusing thing to do).
      Submitted by:
      Reviewed by:
      PR:
      9d5cceac
  33. 27 4月, 1999 3 次提交
  34. 24 4月, 1999 1 次提交
  35. 20 4月, 1999 1 次提交