diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 13 | ||||
-rw-r--r-- | ssl/s3_lib.c | 21 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 15 | ||||
-rw-r--r-- | ssl/ssl-lib.com | 309 | ||||
-rw-r--r-- | ssl/ssl.h | 9 | ||||
-rw-r--r-- | ssl/ssl3.h | 4 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 9 | ||||
-rw-r--r-- | ssl/tls1.h | 13 |
9 files changed, 78 insertions, 317 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 592e0b35c8..1a2cb7cd10 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -117,19 +117,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e0e1176d00..be4325886d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -117,19 +117,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * @@ -702,8 +689,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 28 VRS */ { 1, - SSL3_TXT_KRB5_RC4_40_CBC_SHA, - SSL3_CK_KRB5_RC4_40_CBC_SHA, + SSL3_TXT_KRB5_RC4_40_SHA, + SSL3_CK_KRB5_RC4_40_SHA, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, @@ -744,8 +731,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ /* Cipher 2B VRS */ { 1, - SSL3_TXT_KRB5_RC4_40_CBC_MD5, - SSL3_CK_KRB5_RC4_40_CBC_MD5, + SSL3_TXT_KRB5_RC4_40_MD5, + SSL3_CK_KRB5_RC4_40_MD5, SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, SSL_EXPORT|SSL_EXP40, 0, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 98c950a343..ac555c1f80 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -117,19 +117,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * @@ -2127,7 +2114,7 @@ static int ssl3_get_cert_verify(SSL *s) SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, - 512, /* 512? */ + 514, /* 514? */ &ok); if (!ok) return((int)n); diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 3abb5f59b8..fc0e63c310 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -21,22 +21,10 @@ $! $! LIBRARY To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library. $! SSL_TASK To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE $! -$! Specify RSAREF as P2 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugger +$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! -$! Specify which compiler at P4 to try to compile under. +$! Specify which compiler at P3 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -45,17 +33,17 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P5, if defined, sets a TCP/IP library to use, through one of the following +$! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! -$! P6, if defined, sets the pointer size to build with. The values can be +$! P5, if defined, sets the pointer size to build with. The values can be $! be "32" or "64". Any other value will default to "32" $! -$! P7, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! $! $! Define A TCP/IP Library That We Will Need To Link To. @@ -157,8 +145,6 @@ $ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'FILE_POINTER_SIZE'.OLB $! $! Define The RSAREF-LIB We Are To Use. $! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE'FILE_POINTER_SIZE'.OLB -$! $! Check To See What We Are To Do. $! $ IF (BUILDALL.EQS."TRUE") @@ -341,84 +327,31 @@ $! $ ON ERROR THEN GOTO SSL_TASK_END $ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C $! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Link The Program. +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (RSAREF.EQS."TRUE") +$ IF (TCPIP_LIB.NES."") $ THEN $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library... -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION +$! Link With TCP/IP Library. $! -$! End The TCP/IP Library Check. -$! -$ ENDIF +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + 'OBJ_DIR'SSL_TASK.OBJ, - + 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB','OPT_FILE'/OPTION $! $! Else... $! $ ELSE $! -$! Don't Link With The RSAREF Routines. -$! +$! Don't Link With TCP/IP Library. $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - + 'OBJ_DIR'SSL_TASK.OBJ,- + 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ, - - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE - - /MAP='LIS_DIR'SSL_TASK.MAP /FULL/CROSS - - 'OBJ_DIR'SSL_TASK.OBJ,- - 'SSL_LIB'/LIBRARY, - - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION, - - SYS$DISK:[-]SSL_IDENT.OPT/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! $ ENDIF $! @@ -593,35 +526,6 @@ $! End The LIBCRYPTO.OLB Library Check. $! $ ENDIF $! -$! Check To See If We Need The RSAREF Library. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Look For The Library LIBRSAGLUE.OLB. -$! -$ IF (F$SEARCH(RSAREF_LIB).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The LIBRSAGLUE.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",RSAREF_LIB,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$! -$! End The LIBRSAGLUE.OLB Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Library Check. -$! -$ ENDIF -$! $! Time To Return. $! $ RETURN @@ -685,78 +589,10 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! -$ p2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") -$ THEN -$! -$! P2 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file dosen't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."NODEBUG") +$ IF (P2.EQS."NODEBUG") $ THEN $! -$! P3 Is NODEBUG, So Compile Without Debugger Information. +$! P2 Is NODEBUG, So Compile Without Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -771,7 +607,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P3.EQS."DEBUG") +$ IF (P2.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -787,7 +623,7 @@ $! $! Tell The User Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -801,7 +637,7 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P3 Check. +$! End The P2 Check. $! $ ENDIF $! @@ -811,20 +647,20 @@ $! On VAX as well as the 64-bit variant on Alpha, the name carries no extra $! information about pointer size (i.e., 64 bits is default on Alpha and 32 $! bits is default on VAX). $! -$ IF (P6.NES."32" .AND. P6.NES."64") +$ IF (P5.NES."32" .AND. P5.NES."64") $ THEN $! $! Set The Default $! -$ P6 = "" +$ P5 = "" $! -$! End of First Check Of P6 +$! End of First Check Of P5 $! $ ENDIF $! -$! Check If P6 Isn't Set (Or Set Properly) +$! Check If P5 Isn't Set (Or Set Properly) $! -$ IF (P6.EQS."" .OR. (P6.NES."32" .AND. ARCH.EQS."VAX")) +$ IF (P5.EQS."" .OR. (P5.NES."32" .AND. ARCH.EQS."VAX")) $ THEN $! $! Check If We're On A VAX @@ -834,7 +670,7 @@ $ THEN $! $! On VAX, We Force 32 Bit Pointers $! -$ P6 = "32" +$ P5 = "32" $! $! Else... $! @@ -842,19 +678,19 @@ $ ELSE $! $! On Alpha, We Use 64 Bit Pointers By Default $! -$ P6 = "64" +$ P5 = "64" $! $! End Of Check For VAX $! $ ENDIF $! -$! End Check Of P6 +$! End Check Of P5 $! $ ENDIF $! $! Set POINTER_SIZE $! -$ POINTER_SIZE = P6 +$ POINTER_SIZE = P5 $ QUAL_POINTER_SIZE = "" $ FILE_POINTER_SIZE = "" $ IF ARCH.EQS."AXP" @@ -869,9 +705,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P7. +$! Check To See If We Have A Option For P6. $! -$ IF (P7.EQS."") +$ IF (P6.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -893,13 +729,13 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P7 Check. +$! End The P6 Check. $! $ ENDIF $! -$! Check To See If P4 Is Blank. +$! Check To See If P3 Is Blank. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -912,7 +748,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P4 = "GNUC" +$ P3 = "GNUC" $! $! End The GNU C Compiler Check. $! @@ -925,7 +761,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P4 = "DECC" +$ P3 = "DECC" $! $! Else... $! @@ -933,7 +769,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P4 = "VAXC" +$ P3 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -947,9 +783,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P5. +$! Check To See If We Have A Option For P4. $! -$ IF (P5.EQS."") +$ IF (P4.EQS."") $ THEN $! $! Find out what socket library we have available @@ -959,7 +795,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P5 = "SOCKETSHR" +$ P4 = "SOCKETSHR" $! $! Tell the user $! @@ -979,7 +815,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Tell the user $! @@ -993,7 +829,7 @@ $ ENDIF $! $! Set Up Initial CC Definitions, Possibly With User Ones $! -$ CCDEFS = "TCPIP_TYPE_''P5'" +$ CCDEFS = "TCPIP_TYPE_''P4'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS @@ -1003,12 +839,12 @@ $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC") +$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P4.EQS."DECC") +$ IF (P3.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1038,7 +874,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P4.EQS."VAXC") +$ IF (P3.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -1076,7 +912,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P4.EQS."GNUC") +$ IF (P3.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -1105,31 +941,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Finish up the definition of CC. $! $ IF COMPILER .EQS. "DECC" @@ -1170,7 +981,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1184,13 +995,13 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P5.EQS."SOCKETSHR" +$ IF P4.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1203,12 +1014,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P5.EQS."MULTINET" +$ IF P4.EQS."MULTINET" $ THEN $! $! Set the library to use UCX emulation. $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Done with MULTINET $! @@ -1216,7 +1027,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P5.EQS."UCX" +$ IF P4.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1236,7 +1047,7 @@ $ ENDIF $! $! Check to see if TCPIP was chosen $! -$ IF P5.EQS."TCPIP" +$ IF P4.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP (post UCX). @@ -1249,7 +1060,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P5.EQS."NONE" +$ IF P4.EQS."NONE" $ THEN $! $! Do not use a TCPIP library. @@ -1271,7 +1082,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -321,9 +321,7 @@ extern "C" { #include <openssl/crypto.h> #include <openssl/lhash.h> #include <openssl/buffer.h> -#include <openssl/bio.h> #include <openssl/pem.h> -#include <openssl/x509.h> #ifdef __cplusplus extern "C" { @@ -728,10 +726,11 @@ struct ssl_ctx_st #define SSL_SESS_CACHE_SERVER 0x0002 #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 -/* This one, when set, makes the server session-id lookup not look - * in the cache. If there is an application get_session callback - * defined, this will still get called. */ +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 52a38ae834..b829791abd 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -225,9 +225,9 @@ extern "C" { #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" #define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1ddd3380ac..851155e04e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1803,7 +1803,7 @@ void ssl_update_cache(SSL *s,int mode) i=s->ctx->session_cache_mode; if ((i & mode) && (!s->hit) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index ca1a7427be..2a4a90897e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -309,9 +309,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) if (copy) CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); - /* The following should not return 1, otherwise, - * things are very strange */ - SSL_CTX_add_session(s->ctx,ret); + /* Add the externally cached session to the internal + * cache as well if and only if we are supposed to. */ + if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) + /* The following should not return 1, otherwise, + * things are very strange */ + SSL_CTX_add_session(s->ctx,ret); } if (ret == NULL) goto err; diff --git a/ssl/tls1.h b/ssl/tls1.h index 4d7c9a17b2..7f4a2f3085 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * ECC cipher suite support in OpenSSL originally written by * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. * |