depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.

settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).

ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>

His comments are:

First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values.  This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use.  Unfortunately, the authenticator verification routine was
not the only place that function was used.  And it caused core dumps.

Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.

SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.

Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.

First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS.  Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>

For the server side this was already done one year ago :-(

symbols for debugging are defined.

may be disabled by preprocessor symbols)

yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.

minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.

returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.

and verify rather than direct encrypt/decrypt.

a pain to read when using 4-space tabs.

While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.

called sess_cert instead of just cert.  This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:

     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR: