The branch OpenSSL_1_1_0-stable has been updated via 435972c17211df1bc6bb5276385f2223aafe3848 (commit) via 9c067c8991ac450c508d04d2387d6d5f41a41a92 (commit) via 0430efa62fbae715a8cee56e9b2498b8a3c0fe0d (commit) via 3ed2d8a4b85fd361c733316883174309275f5e29 (commit) via b90348c7c57f2a6ba129fd2cb9a5889401fe3f91 (commit) via d57569388379c72271a0703e68a5eaffa7ffebca (commit) via f506d8247709f82ec1b123819ea975afe45a55c5 (commit) from 3fd181a8b5b85a1f7383e82438da494a08f7d843 (commit)
- Log ----------------------------------------------------------------- commit 435972c17211df1bc6bb5276385f2223aafe3848 Author: Richard Levitte <levi...@openssl.org> Date: Sun Sep 18 23:52:30 2016 +0200 Documentation fixup; no more ECDHParameters Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 6e836806add140fa9e56d1226d7514fdfa2c803a) commit 9c067c8991ac450c508d04d2387d6d5f41a41a92 Author: Richard Levitte <levi...@openssl.org> Date: Fri Sep 9 01:53:38 2016 +0200 Crude VMS build files for demos/bio/ Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 8c88c88b5ad43bbdf1f6e7602b6ac56c9031b153) commit 0430efa62fbae715a8cee56e9b2498b8a3c0fe0d Author: Richard Levitte <levi...@openssl.org> Date: Fri Sep 9 01:01:30 2016 +0200 Crude Makefile for demos/bio/ Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit f4566dff06d2539dd01f54c817e2b952b64452e4) commit 3ed2d8a4b85fd361c733316883174309275f5e29 Author: Richard Levitte <levi...@openssl.org> Date: Fri Sep 9 01:01:15 2016 +0200 Don't ignore Makefiles in demos/ Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit ccf11f7ee49a0825caa407ed481c21b4b5933023) commit b90348c7c57f2a6ba129fd2cb9a5889401fe3f91 Author: Richard Levitte <levi...@openssl.org> Date: Fri Sep 9 09:32:00 2016 +0200 Fixup BIO demos for OpenSSL 1.1.x Call SSL_CTX_new() before doing any configuration. (or call OPENSSL_ssl_init()) Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 54d72ef0f019db383f8e98342b9b77c5da8541e5) commit d57569388379c72271a0703e68a5eaffa7ffebca Author: Richard Levitte <levi...@openssl.org> Date: Fri Sep 9 00:59:00 2016 +0200 Fixup BIO demos for OpenSSL 1.1.x 'ECDHParameters = Automatic' isn't accepted. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 3656ea1c2217f38d44f3f34253e7c16f1b40ba77) commit f506d8247709f82ec1b123819ea975afe45a55c5 Author: Richard Levitte <levi...@openssl.org> Date: Fri Sep 9 00:58:21 2016 +0200 Fixup BIO demos for OpenSSL 1.1.x Note: server-cmod doesn't seem to do things right... from loading cmod.cnf, it tries to load libssl_conf.so. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 16c6deed2c42d4cf4a7676a32b718d6a867f482a) ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 ++ demos/bio/Makefile | 30 ++++++++++++++++++++++++++++++ demos/bio/accept.cnf | 2 -- demos/bio/client-arg.c | 4 ---- demos/bio/client-conf.c | 4 ---- demos/bio/descrip.mms | 47 +++++++++++++++++++++++++++++++++++++++++++++++ demos/bio/saccept.c | 7 +------ demos/bio/sconnect.c | 5 ----- demos/bio/server-arg.c | 6 +----- demos/bio/server-cmod.c | 7 +------ demos/bio/server-conf.c | 7 ++----- demos/bio/shared.opt | 2 ++ demos/bio/static.opt | 2 ++ doc/ssl/SSL_CONF_cmd.pod | 10 ---------- 14 files changed, 88 insertions(+), 47 deletions(-) create mode 100644 demos/bio/Makefile create mode 100644 demos/bio/descrip.mms create mode 100644 demos/bio/shared.opt create mode 100644 demos/bio/static.opt diff --git a/.gitignore b/.gitignore index 730731f..23c48be 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,8 @@ # *all* Makefiles Makefile +# ... except in demos +!/demos/*/Makefile # Links under apps /apps/CA.pl diff --git a/demos/bio/Makefile b/demos/bio/Makefile new file mode 100644 index 0000000..493e8a5 --- /dev/null +++ b/demos/bio/Makefile @@ -0,0 +1,30 @@ +# Quick instruction: +# To build against an OpenSSL built in the source tree, do this: +# +# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./server-arg +# LD_LIBRARY_PATH=../.. ./server-cmod +# LD_LIBRARY_PATH=../.. ./server-conf +# LD_LIBRARY_PATH=../.. ./client-arg +# LD_LIBRARY_PATH=../.. ./client-conf +# LD_LIBRARY_PATH=../.. ./saccept +# LD_LIBRARY_PATH=../.. ./sconnect + +CFLAGS = $(OPENSSL_INCS_LOCATION) +LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS) + +all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf + +client-arg: client-arg.o +client-conf: client-conf.o +saccept: saccept.o +sconnect: sconnect.o +server-arg: server-arg.o +server-cmod: server-cmod.o +server-conf: server-conf.o + +client-arg client-conf saccept sconnect server-arg server-cmod server-conf: + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf index 5a2ef45..eb69658 100644 --- a/demos/bio/accept.cnf +++ b/demos/bio/accept.cnf @@ -5,8 +5,6 @@ Port = 4433 # Protocol = ALL, -TLSv1.2 # Only support 3 curves Curves = P-521:P-384:P-256 -# Automatic curve selection -ECDHParameters = Automatic # Restricted signature algorithms SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 Certificate=server.pem diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c index 9e136e5..e8d5e46 100644 --- a/demos/bio/client-arg.c +++ b/demos/bio/client-arg.c @@ -23,10 +23,6 @@ int main(int argc, char **argv) const char *connect_str = "localhost:4433"; int nargs = argc - 1; - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - SSL_library_init(); - ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c index 66b5cac..e819030 100644 --- a/demos/bio/client-conf.c +++ b/demos/bio/client-conf.c @@ -26,10 +26,6 @@ int main(int argc, char **argv) const char *connect_str = "localhost:4433"; long errline = -1; - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - SSL_library_init(); - conf = NCONF_new(NULL); if (NCONF_load(conf, "connect.cnf", &errline) <= 0) { diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms new file mode 100644 index 0000000..8e127b0 --- /dev/null +++ b/demos/bio/descrip.mms @@ -0,0 +1,47 @@ +# This build description trusts that the following logical names are defined: +# +# For compilation: OPENSSL +# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR +# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL +# +# These are normally defined with the OpenSSL startup procedure + +# By default, we link with the shared libraries +SHARED = TRUE + +# Alternative, for linking with static libraries +#SHARED = FALSE + +.FIRST : + IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt + IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt + +.LAST : + DEASSIGN OPT + +.DEFAULT : + @ ! + +# Because we use an option file, we need to redefine this +.obj.exe : + $(LINK) $(LINKFLAGS) $<,OPT:/OPT + +all : client-arg.exe client-conf.exe saccept.exe sconnect.exe - + server-arg.exe server-cmod.exe server-conf.exe + +client-arg.exe : client-arg.obj +client-conf.exe : client-conf.obj +saccept.exe : saccept.obj +sconnect.exe : sconnect.obj +server-arg.exe : server-arg.obj +server-cmod.exe : server-cmod.obj +server-conf.exe : server-conf.obj + +# Stoopid MMS doesn't infer this automatically... +client-arg.obj : client-arg.c +client-conf.obj : client-conf.c +saccept.obj : saccept.c +sconnect.obj : sconnect.c +server-arg.obj : server-arg.c +server-cmod.obj : server-cmod.c +server-conf.obj : server-conf.c diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c index 106a089..66c5c61 100644 --- a/demos/bio/saccept.c +++ b/demos/bio/saccept.c @@ -26,7 +26,7 @@ static int done = 0; -void interrupt() +void interrupt(int sig) { done = 1; } @@ -58,11 +58,6 @@ int main(int argc, char *argv[]) else port = argv[1]; - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); - ctx = SSL_CTX_new(TLS_server_method()); if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE)) goto err; diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index 284bc30..664a1e0 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -55,11 +55,6 @@ char *argv[]; sock_init(); #endif - /* Lets get nice error messages */ - SSL_load_error_strings(); - - /* Setup all the global SSL stuff */ - OpenSSL_add_ssl_algorithms(); ssl_ctx = SSL_CTX_new(TLS_client_method()); /* Enable trust chain verification */ diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c index 4e9b7bd..6056969 100644 --- a/demos/bio/server-arg.c +++ b/demos/bio/server-arg.c @@ -14,6 +14,7 @@ */ #include <stdio.h> +#include <string.h> #include <signal.h> #include <openssl/err.h> #include <openssl/ssl.h> @@ -30,11 +31,6 @@ int main(int argc, char *argv[]) char **args = argv + 1; int nargs = argc - 1; - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); - ctx = SSL_CTX_new(TLS_server_method()); cctx = SSL_CONF_CTX_new(); diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c index 77b456a..9cb2463 100644 --- a/demos/bio/server-cmod.c +++ b/demos/bio/server-cmod.c @@ -27,18 +27,13 @@ int main(int argc, char *argv[]) SSL_CTX *ctx; int ret = 1, i; - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); + ctx = SSL_CTX_new(TLS_server_method()); if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) { fprintf(stderr, "Error processing config file\n"); goto err; } - ctx = SSL_CTX_new(TLS_server_method()); - if (SSL_CTX_config(ctx, "server") == 0) { fprintf(stderr, "Error configuring server.\n"); goto err; diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c index 32abefd..41b1308 100644 --- a/demos/bio/server-conf.c +++ b/demos/bio/server-conf.c @@ -14,6 +14,7 @@ */ #include <stdio.h> +#include <string.h> #include <signal.h> #include <openssl/err.h> #include <openssl/ssl.h> @@ -33,10 +34,7 @@ int main(int argc, char *argv[]) char buf[512]; int ret = 1, i; - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); + ctx = SSL_CTX_new(TLS_server_method()); conf = NCONF_new(NULL); @@ -55,7 +53,6 @@ int main(int argc, char *argv[]) goto err; } - ctx = SSL_CTX_new(TLS_server_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); diff --git a/demos/bio/shared.opt b/demos/bio/shared.opt new file mode 100644 index 0000000..4141b93 --- /dev/null +++ b/demos/bio/shared.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL_SHR/SHARE +OSSL$LIBCRYPTO_SHR/SHARE diff --git a/demos/bio/static.opt b/demos/bio/static.opt new file mode 100644 index 0000000..9ca1588 --- /dev/null +++ b/demos/bio/static.opt @@ -0,0 +1,2 @@ +OSSL$LIBSSL/LIB +OSSL$LIBCRYPTO/LIB diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 7b38489..d8c0e9b 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -263,16 +263,6 @@ The B<value> argument is a colon separated list of curves. The curve can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g B<prime256v1>). Curve names are case sensitive. -=item B<ECDHParameters> - -This sets the temporary curve used for ephemeral ECDH modes. Only used by -servers - -The B<value> argument is a curve name or the special value B<Automatic> which -picks an appropriate curve based on client and server preferences. The curve -can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name -(e.g B<prime256v1>). Curve names are case sensitive. - =item B<MinProtocol> This sets the minimum supported SSL, TLS or DTLS version. _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits