The documentation is wrong about what happens when the
session cache fills up.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

I added some error-checking while integrating this patch.
Reviewed-by: NTim Hudson <tjh@openssl.org>

pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.
Reviewed-by: NTim Hudson <tjh@openssl.org>

The original RT request included a patch.  By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback.  But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Copy the ifdef/undef stanza from x509.h to x509v3.h
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

In the current code, the check isn't redundant.
And in fact the REAL check was missing.
This avoids a NULL-deref crash.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Also, I (rsalz) changed "#ifdef undef" to "#if 0"
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

empty merge; script hiccup.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The function returns 0 or 1, only.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The function returns 0 or 1, only.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Regexp was bracketed wrong.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NDr Stephen Henson <steve@openssl.org>

i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.

OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.

This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.

(Original patch amended to achieve strnlen in a different way.)
Reviewed-by: NRich Salz <rsalz@openssl.org>

string returns 0 with errno = ENOENT.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Can't really happen, but the flow of control isn't obvious.
Add an initializer.
Reviewed-by: NMatt Caswell <matt@openssl.org>

"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.
Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero.  Finally time to update
the doc
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add .crt/.cer/.crl to the filenames parsed.

I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>

Andy pointed out there is also darwin64, so tweak the pattern.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Andy found an additional typo "can be can be".
Now I have that silly "Que sera sera" song stuck in my head.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

New option allows to perform benchmarks on misaligned data.
Reviewed-by: NRich Salz <rsalz@openssl.org>

The doc says that port can be "*" to mean any port.
That's wrong.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

PR2693
Reviewed-by: NTim Hudson <tjh@openssl.org>

Add Darwin to list of case-insensitive filenames when
installing manapges.  When doing this, I noticed that
we weren't setting "filecase" for the HTML doc install.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>