diff options
Diffstat (limited to 'README.080')
| -rw-r--r-- | README.080 | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/README.080 b/README.080 new file mode 100644 index 0000000000..155ce1c712 --- /dev/null +++ b/README.080 @@ -0,0 +1,147 @@ +This version of SSLeay has quite a lot of things different from the +previous version. + +Basically check all callback parameters, I will be producing documentation +about how to use things in th future. Currently I'm just getting 080 out +the door. Please not that there are several ways to do everything, and +most of the applications in the apps directory are hybrids, some using old +methods and some using new methods. + +Have a look in demos/bio for some very simple programs and +apps/s_client.c and apps/s_server.c for some more advanced versions. +Notes are definitly needed but they are a week or so away. + +Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) +--- +Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to +get those people that want to move to using the new code base off to +a quick start. + +Note that Eric has tidied up a lot of the areas of the API that were +less than desirable and renamed quite a few things (as he had to break +the API in lots of places anyrate). There are a whole pile of additional +functions for making dealing with (and creating) certificates a lot +cleaner. + +01-Jul-97 +Tim Hudson +tjh@cryptsoft.com + +---8<--- + +To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could +use something like the following (assuming you #include "crypto.h" which +is something that you really should be doing). + +#if SSLEAY_VERSION_NUMBER >= 0x0800 +#define SSLEAY8 +#endif + +buffer.h -> splits into buffer.h and bio.h so you need to include bio.h + too if you are working with BIO internal stuff (as distinct + from simply using the interface in an opaque manner) + +#include "bio.h" - required along with "buffer.h" if you write + your own BIO routines as the buffer and bio + stuff that was intermixed has been separated + out + +envelope.h -> evp.h (which should have been done ages ago) + +Initialisation ... don't forget these or you end up with code that +is missing the bits required to do useful things (like ciphers): + +SSLeay_add_ssl_algorithms() +(probably also want SSL_load_error_strings() too but you should have + already had that call in place) + +SSL_CTX_new() - requires an extra method parameter + SSL_CTX_new(SSLv23_method()) + SSL_CTX_new(SSLv2_method()) + SSL_CTX_new(SSLv3_method()) + + OR to only have the server or the client code + SSL_CTX_new(SSLv23_server_method()) + SSL_CTX_new(SSLv2_server_method()) + SSL_CTX_new(SSLv3_server_method()) + or + SSL_CTX_new(SSLv23_client_method()) + SSL_CTX_new(SSLv2_client_method()) + SSL_CTX_new(SSLv3_client_method()) + +SSL_set_default_verify_paths() ... renamed to the more appropriate +SSL_CTX_set_default_verify_paths() + +If you want to use client certificates then you have to add in a bit +of extra stuff in that a SSLv3 server sends a list of those CAs that +it will accept certificates from ... so you have to provide a list to +SSLeay otherwise certain browsers will not send client certs. + +SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + + +X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) + or provide a buffer and size to copy the + result into + +X509_add_cert -> X509_STORE_add_cert (and you might want to read the + notes on X509_NAME structure changes too) + + +VERIFICATION CODE +================= + +The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to +more accurately reflect things. + +The verification callback args are now packaged differently so that +extra fields for verification can be added easily in future without +having to break things by adding extra parameters each release :-) + +X509_cert_verify_error_string -> X509_verify_cert_error_string + + +BIO INTERNALS +============= + +Eric has fixed things so that extra flags can be introduced in +the BIO layer in future without having to play with all the BIO +modules by adding in some macros. + +The ugly stuff using + b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_clear_retry_flags(b) + + b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) +becomes + BIO_set_retry_read(b) + +Also ... BIO_get_retry_flags(b), BIO_set_flags(b) + + + +OTHER THINGS +============ + +X509_NAME has been altered so that it isn't just a STACK ... the STACK +is now in the "entries" field ... and there are a pile of nice functions +for getting at the details in a much cleaner manner. + +SSL_CTX has been altered ... "cert" is no longer a direct member of this +structure ... things are now down under "cert_store" (see x509_vfy.h) and +things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. +If your code "knows" about this level of detail then it will need some +surgery. + +If you depending on the incorrect spelling of a number of the error codes +then you will have to change your code as these have been fixed. + +ENV_CIPHER "type" got renamed to "nid" and as that is what it actually +has been all along so this makes things clearer. +ify_cert_error_string(ctx->error)); + +SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST + and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO + + |