ALT Linux Bugzilla
– Attachment 4281 Details for
Bug 23037
Обновить OpenSSL до 0.9.8m
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
Разница в заголовочных файлах для анализа разницы ABI
include.lm.diff (text/plain), 34.49 KB, created by
Evgeny Sinelnikov
on 2010-02-26 18:48:08 MSK
(
hide
)
Description:
Разница в заголовочных файлах для анализа разницы ABI
Filename:
MIME Type:
Creator:
Evgeny Sinelnikov
Created:
2010-02-26 18:48:08 MSK
Size:
34.49 KB
patch
obsolete
>diff -Nur include.l/openssl/asn1.h include.m/openssl/asn1.h >--- include.l/openssl/asn1.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/asn1.h 2010-02-26 16:53:21 +0300 >@@ -344,6 +344,8 @@ > ((void*) (1 ? p : (type*)0)) > #define CHECKED_PPTR_OF(type, p) \ > ((void**) (1 ? p : (type**)0)) >+#define CHECKED_PTR_OF_TO_CHAR(type, p) \ >+ ((char*) (1 ? p : (type*)0)) > > #define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) > #define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) >@@ -933,12 +935,12 @@ > #define ASN1_dup_of(type,i2d,d2i,x) \ > ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ > CHECKED_D2I_OF(type, d2i), \ >- CHECKED_PTR_OF(type, x))) >+ CHECKED_PTR_OF_TO_CHAR(type, x))) > > #define ASN1_dup_of_const(type,i2d,d2i,x) \ > ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ > CHECKED_D2I_OF(type, d2i), \ >- CHECKED_PTR_OF(const type, x))) >+ CHECKED_PTR_OF_TO_CHAR(const type, x))) > > void *ASN1_item_dup(const ASN1_ITEM *it, void *x); > >@@ -1158,7 +1160,6 @@ > #define ASN1_F_ASN1_VERIFY 137 > #define ASN1_F_B64_READ_ASN1 208 > #define ASN1_F_B64_WRITE_ASN1 209 >-#define ASN1_F_BIO_NEW_NDEF 212 > #define ASN1_F_BITSTR_CB 180 > #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 > #define ASN1_F_BN_TO_ASN1_INTEGER 139 >@@ -1264,6 +1265,7 @@ > #define ASN1_R_INVALID_MIME_TYPE 200 > #define ASN1_R_INVALID_MODIFIER 186 > #define ASN1_R_INVALID_NUMBER 187 >+#define ASN1_R_INVALID_OBJECT_ENCODING 212 > #define ASN1_R_INVALID_SEPARATOR 131 > #define ASN1_R_INVALID_TIME_FORMAT 132 > #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 >diff -Nur include.l/openssl/bio.h include.m/openssl/bio.h >--- include.l/openssl/bio.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/bio.h 2010-02-26 16:53:21 +0300 >@@ -156,8 +156,11 @@ > * previous write > * operation */ > >+#define BIO_CTRL_DGRAM_GET_PEER 46 > #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ > >+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to >+ * adjust socket timeouts */ > > /* modifiers */ > #define BIO_FP_READ 0x02 >@@ -405,7 +408,7 @@ > #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) > #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) > #define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) >-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3) >+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) > > > #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) >@@ -414,7 +417,7 @@ > #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) > #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) > /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ >-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) >+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) > #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) > > #define BIO_BIND_NORMAL 0 >@@ -541,6 +544,8 @@ > (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) > #define BIO_dgram_send_timedout(b) \ > (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) >+#define BIO_dgram_get_peer(b,peer) \ >+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) > #define BIO_dgram_set_peer(b,peer) \ > (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) > >diff -Nur include.l/openssl/cast.h include.m/openssl/cast.h >--- include.l/openssl/cast.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/cast.h 2010-02-26 16:53:21 +0300 >@@ -87,17 +87,17 @@ > void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); > #endif > void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); >-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, >+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, > int enc); >-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); >-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); >+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); >+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); > void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, >- CAST_KEY *ks, unsigned char *iv, int enc); >+ const CAST_KEY *ks, unsigned char *iv, int enc); > void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, >- long length, CAST_KEY *schedule, unsigned char *ivec, >+ long length, const CAST_KEY *schedule, unsigned char *ivec, > int *num, int enc); > void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, >- long length, CAST_KEY *schedule, unsigned char *ivec, >+ long length, const CAST_KEY *schedule, unsigned char *ivec, > int *num); > > #ifdef __cplusplus >diff -Nur include.l/openssl/dtls1.h include.m/openssl/dtls1.h >--- include.l/openssl/dtls1.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/dtls1.h 2010-02-26 16:53:21 +0300 >@@ -62,6 +62,18 @@ > > #include <openssl/buffer.h> > #include <openssl/pqueue.h> >+#ifdef OPENSSL_SYS_VMS >+#include <resource.h> >+#include <sys/timeb.h> >+#endif >+#ifdef OPENSSL_SYS_WIN32 >+/* Needed for struct timeval */ >+#include <winsock.h> >+#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) >+#include <sys/timeval.h> >+#else >+#include <sys/time.h> >+#endif > > #ifdef __cplusplus > extern "C" { >@@ -76,7 +88,7 @@ > #endif > > /* lengths of messages */ >-#define DTLS1_COOKIE_LENGTH 32 >+#define DTLS1_COOKIE_LENGTH 256 > > #define DTLS1_RT_HEADER_LENGTH 13 > >@@ -101,6 +113,19 @@ > PQ_64BIT max_seq_num; /* max record number seen so far */ > } DTLS1_BITMAP; > >+struct dtls1_retransmit_state >+ { >+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ >+ const EVP_MD *write_hash; /* used for mac generation */ >+#ifndef OPENSSL_NO_COMP >+ COMP_CTX *compress; /* compression */ >+#else >+ char *compress; >+#endif >+ SSL_SESSION *session; >+ unsigned short epoch; >+ }; >+ > struct hm_header_st > { > unsigned char type; >@@ -109,6 +134,7 @@ > unsigned long frag_off; > unsigned long frag_len; > unsigned int is_ccs; >+ struct dtls1_retransmit_state saved_retransmit_state; > }; > > struct ccs_header_st >@@ -168,6 +194,9 @@ > > unsigned short handshake_read_seq; > >+ /* save last sequence number for retransmissions */ >+ unsigned char last_write_sequence[8]; >+ > /* Received handshake records (processed and unprocessed) */ > record_pqueue unprocessed_rcds; > record_pqueue processed_rcds; >@@ -178,13 +207,29 @@ > /* Buffered (sent) handshake records */ > pqueue sent_messages; > >- unsigned int mtu; /* max wire packet size */ >+ /* Buffered application records. >+ * Only for records between CCS and Finished >+ * to prevent either protocol violation or >+ * unnecessary message loss. >+ */ >+ record_pqueue buffered_app_data; >+ >+ /* Is set when listening for new connections with dtls1_listen() */ >+ unsigned int listen; >+ >+ unsigned int mtu; /* max DTLS packet size */ > > struct hm_header_st w_msg_hdr; > struct hm_header_st r_msg_hdr; > > struct dtls1_timeout_st timeout; >- >+ >+ /* Indicates when the last handshake msg sent will timeout */ >+ struct timeval next_timeout; >+ >+ /* Timeout duration */ >+ unsigned short timeout_duration; >+ > /* storage for Alert/Handshake protocol data received but not > * yet processed by ssl3_read_bytes: */ > unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; >@@ -193,6 +238,7 @@ > unsigned int handshake_fragment_len; > > unsigned int retransmitting; >+ unsigned int change_cipher_spec_ok; > > } DTLS1_STATE; > >diff -Nur include.l/openssl/engine.h include.m/openssl/engine.h >--- include.l/openssl/engine.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/engine.h 2010-02-26 16:53:21 +0300 >@@ -339,9 +339,11 @@ > void ENGINE_load_cryptodev(void); > void ENGINE_load_padlock(void); > void ENGINE_load_builtin_engines(void); >+#ifdef OPENSSL_SYS_WIN32 > #ifndef OPENSSL_NO_CAPIENG > void ENGINE_load_capi(void); > #endif >+#endif > > /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation > * "registry" handling. */ >@@ -767,6 +769,7 @@ > #define ENGINE_R_DSO_FAILURE 104 > #define ENGINE_R_DSO_NOT_FOUND 132 > #define ENGINE_R_ENGINES_SECTION_ERROR 148 >+#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 > #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 > #define ENGINE_R_ENGINE_SECTION_ERROR 149 > #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 >diff -Nur include.l/openssl/obj_mac.h include.m/openssl/obj_mac.h >--- include.l/openssl/obj_mac.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/obj_mac.h 2010-02-26 16:53:21 +0300 >@@ -122,7 +122,7 @@ > > #define SN_wap_wsg "wap-wsg" > #define NID_wap_wsg 679 >-#define OBJ_wap_wsg OBJ_wap,13L >+#define OBJ_wap_wsg OBJ_wap,1L > > #define SN_selected_attribute_types "selected-attribute-types" > #define LN_selected_attribute_types "Selected Attribute Types" >@@ -2049,6 +2049,7 @@ > #define NID_stateOrProvinceName 16 > #define OBJ_stateOrProvinceName OBJ_X509,8L > >+#define SN_streetAddress "street" > #define LN_streetAddress "streetAddress" > #define NID_streetAddress 660 > #define OBJ_streetAddress OBJ_X509,9L >@@ -2063,6 +2064,7 @@ > #define NID_organizationalUnitName 18 > #define OBJ_organizationalUnitName OBJ_X509,11L > >+#define SN_title "title" > #define LN_title "title" > #define NID_title 106 > #define OBJ_title OBJ_X509,12L >@@ -2071,10 +2073,114 @@ > #define NID_description 107 > #define OBJ_description OBJ_X509,13L > >+#define LN_searchGuide "searchGuide" >+#define NID_searchGuide 859 >+#define OBJ_searchGuide OBJ_X509,14L >+ >+#define LN_businessCategory "businessCategory" >+#define NID_businessCategory 860 >+#define OBJ_businessCategory OBJ_X509,15L >+ >+#define LN_postalAddress "postalAddress" >+#define NID_postalAddress 861 >+#define OBJ_postalAddress OBJ_X509,16L >+ > #define LN_postalCode "postalCode" > #define NID_postalCode 661 > #define OBJ_postalCode OBJ_X509,17L > >+#define LN_postOfficeBox "postOfficeBox" >+#define NID_postOfficeBox 862 >+#define OBJ_postOfficeBox OBJ_X509,18L >+ >+#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" >+#define NID_physicalDeliveryOfficeName 863 >+#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L >+ >+#define LN_telephoneNumber "telephoneNumber" >+#define NID_telephoneNumber 864 >+#define OBJ_telephoneNumber OBJ_X509,20L >+ >+#define LN_telexNumber "telexNumber" >+#define NID_telexNumber 865 >+#define OBJ_telexNumber OBJ_X509,21L >+ >+#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" >+#define NID_teletexTerminalIdentifier 866 >+#define OBJ_teletexTerminalIdentifier OBJ_X509,22L >+ >+#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" >+#define NID_facsimileTelephoneNumber 867 >+#define OBJ_facsimileTelephoneNumber OBJ_X509,23L >+ >+#define LN_x121Address "x121Address" >+#define NID_x121Address 868 >+#define OBJ_x121Address OBJ_X509,24L >+ >+#define LN_internationaliSDNNumber "internationaliSDNNumber" >+#define NID_internationaliSDNNumber 869 >+#define OBJ_internationaliSDNNumber OBJ_X509,25L >+ >+#define LN_registeredAddress "registeredAddress" >+#define NID_registeredAddress 870 >+#define OBJ_registeredAddress OBJ_X509,26L >+ >+#define LN_destinationIndicator "destinationIndicator" >+#define NID_destinationIndicator 871 >+#define OBJ_destinationIndicator OBJ_X509,27L >+ >+#define LN_preferredDeliveryMethod "preferredDeliveryMethod" >+#define NID_preferredDeliveryMethod 872 >+#define OBJ_preferredDeliveryMethod OBJ_X509,28L >+ >+#define LN_presentationAddress "presentationAddress" >+#define NID_presentationAddress 873 >+#define OBJ_presentationAddress OBJ_X509,29L >+ >+#define LN_supportedApplicationContext "supportedApplicationContext" >+#define NID_supportedApplicationContext 874 >+#define OBJ_supportedApplicationContext OBJ_X509,30L >+ >+#define SN_member "member" >+#define NID_member 875 >+#define OBJ_member OBJ_X509,31L >+ >+#define SN_owner "owner" >+#define NID_owner 876 >+#define OBJ_owner OBJ_X509,32L >+ >+#define LN_roleOccupant "roleOccupant" >+#define NID_roleOccupant 877 >+#define OBJ_roleOccupant OBJ_X509,33L >+ >+#define SN_seeAlso "seeAlso" >+#define NID_seeAlso 878 >+#define OBJ_seeAlso OBJ_X509,34L >+ >+#define LN_userPassword "userPassword" >+#define NID_userPassword 879 >+#define OBJ_userPassword OBJ_X509,35L >+ >+#define LN_userCertificate "userCertificate" >+#define NID_userCertificate 880 >+#define OBJ_userCertificate OBJ_X509,36L >+ >+#define LN_cACertificate "cACertificate" >+#define NID_cACertificate 881 >+#define OBJ_cACertificate OBJ_X509,37L >+ >+#define LN_authorityRevocationList "authorityRevocationList" >+#define NID_authorityRevocationList 882 >+#define OBJ_authorityRevocationList OBJ_X509,38L >+ >+#define LN_certificateRevocationList "certificateRevocationList" >+#define NID_certificateRevocationList 883 >+#define OBJ_certificateRevocationList OBJ_X509,39L >+ >+#define LN_crossCertificatePair "crossCertificatePair" >+#define NID_crossCertificatePair 884 >+#define OBJ_crossCertificatePair OBJ_X509,40L >+ > #define SN_name "name" > #define LN_name "name" > #define NID_name 173 >@@ -2085,6 +2191,7 @@ > #define NID_givenName 99 > #define OBJ_givenName OBJ_X509,42L > >+#define SN_initials "initials" > #define LN_initials "initials" > #define NID_initials 101 > #define OBJ_initials OBJ_X509,43L >@@ -2102,6 +2209,38 @@ > #define NID_dnQualifier 174 > #define OBJ_dnQualifier OBJ_X509,46L > >+#define LN_enhancedSearchGuide "enhancedSearchGuide" >+#define NID_enhancedSearchGuide 885 >+#define OBJ_enhancedSearchGuide OBJ_X509,47L >+ >+#define LN_protocolInformation "protocolInformation" >+#define NID_protocolInformation 886 >+#define OBJ_protocolInformation OBJ_X509,48L >+ >+#define LN_distinguishedName "distinguishedName" >+#define NID_distinguishedName 887 >+#define OBJ_distinguishedName OBJ_X509,49L >+ >+#define LN_uniqueMember "uniqueMember" >+#define NID_uniqueMember 888 >+#define OBJ_uniqueMember OBJ_X509,50L >+ >+#define LN_houseIdentifier "houseIdentifier" >+#define NID_houseIdentifier 889 >+#define OBJ_houseIdentifier OBJ_X509,51L >+ >+#define LN_supportedAlgorithms "supportedAlgorithms" >+#define NID_supportedAlgorithms 890 >+#define OBJ_supportedAlgorithms OBJ_X509,52L >+ >+#define LN_deltaRevocationList "deltaRevocationList" >+#define NID_deltaRevocationList 891 >+#define OBJ_deltaRevocationList OBJ_X509,53L >+ >+#define SN_dmdName "dmdName" >+#define NID_dmdName 892 >+#define OBJ_dmdName OBJ_X509,54L >+ > #define LN_pseudonym "pseudonym" > #define NID_pseudonym 510 > #define OBJ_pseudonym OBJ_X509,65L >diff -Nur include.l/openssl/opensslv.h include.m/openssl/opensslv.h >--- include.l/openssl/opensslv.h 2010-01-16 03:45:13 +0300 >+++ include.m/openssl/opensslv.h 2010-02-26 16:53:22 +0300 >@@ -25,11 +25,11 @@ > * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for > * major minor fix final patch/beta) > */ >-#define OPENSSL_VERSION_NUMBER 0x009080cfL >+#define OPENSSL_VERSION_NUMBER 0x009080dfL > #ifdef OPENSSL_FIPS >-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8l-fips 5 Nov 2009" >+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8m-fips 25 Feb 2010" > #else >-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8l 5 Nov 2009" >+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8m 25 Feb 2010" > #endif > #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT > >diff -Nur include.l/openssl/pkcs12.h include.m/openssl/pkcs12.h >--- include.l/openssl/pkcs12.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/pkcs12.h 2010-02-26 16:53:21 +0300 >@@ -232,9 +232,14 @@ > const EVP_MD *md_type); > int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, > int saltlen, const EVP_MD *md_type); >+#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) >+/* Rename these functions to avoid name clashes on NetWare OS */ >+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); >+char *OPENSSL_uni2asc(unsigned char *uni, int unilen); >+#else > unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); > char *uni2asc(unsigned char *uni, int unilen); >- >+#endif > DECLARE_ASN1_FUNCTIONS(PKCS12) > DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) > DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) >diff -Nur include.l/openssl/safestack.h include.m/openssl/safestack.h >--- include.l/openssl/safestack.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/safestack.h 2010-02-26 16:53:21 +0300 >@@ -678,28 +678,6 @@ > #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) > #define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) > >-#define sk_EVP_PKEY_ASN1_METHOD_new(st) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) >-#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) >-#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) >-#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) >-#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) >-#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) >-#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) >-#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) >-#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) >-#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) >-#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) >-#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) >-#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) >-#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) >-#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) >- > #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) > #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) > #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) >@@ -1008,50 +986,6 @@ > #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) > #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) > >-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) >-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) >-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) >-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) >-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) >-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) >-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) >-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) >-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) >-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) >-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) >-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) >-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) >-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) >-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) >- >-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) >-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) >-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) >-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) >-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) >-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) >-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) >-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) >-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) >-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) >-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) >-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) >-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) >-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) >-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) >- > #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) > #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) > #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) >diff -Nur include.l/openssl/ssl3.h include.m/openssl/ssl3.h >--- include.l/openssl/ssl3.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/ssl3.h 2010-02-26 16:53:21 +0300 >@@ -129,6 +129,9 @@ > extern "C" { > #endif > >+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ >+#define SSL3_CK_SCSV 0x030000FF >+ > #define SSL3_CK_RSA_NULL_MD5 0x03000001 > #define SSL3_CK_RSA_NULL_SHA 0x03000002 > #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 >@@ -326,11 +329,10 @@ > #define SSL3_CT_NUMBER 7 > > >-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 >-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 >-#define SSL3_FLAGS_POP_BUFFER 0x0004 >-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 >-#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 >+#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 >+#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 >+#define SSL3_FLAGS_POP_BUFFER 0x0004 >+#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 > > typedef struct ssl3_state_st > { >@@ -441,6 +443,12 @@ > int cert_request; > } tmp; > >+ /* Connection binding to prevent renegotiation attacks */ >+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; >+ unsigned char previous_client_finished_len; >+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; >+ unsigned char previous_server_finished_len; >+ int send_connection_binding; /* TODOEKR */ > } SSL3_STATE; > > >diff -Nur include.l/openssl/ssl.h include.m/openssl/ssl.h >--- include.l/openssl/ssl.h 2010-01-16 03:45:13 +0300 >+++ include.m/openssl/ssl.h 2010-02-26 16:53:22 +0300 >@@ -485,7 +485,9 @@ > > #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L > #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L >-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */ >+/* Allow initial connection to servers that don't support RI */ >+#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L >+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L > #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L > #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L > #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ >@@ -515,6 +517,8 @@ > > /* As server, disallow session resumption on renegotiation */ > #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L >+/* Permit unsafe legacy renegotiation */ >+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L > /* If set, always create a new key when using tmp_ecdh parameters */ > #define SSL_OP_SINGLE_ECDH_USE 0x00080000L > /* If set, always create a new key when using tmp_dh parameters */ >@@ -563,17 +567,25 @@ > > #define SSL_CTX_set_options(ctx,op) \ > SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) >+#define SSL_CTX_clear_options(ctx,op) \ >+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) > #define SSL_CTX_get_options(ctx) \ > SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) > #define SSL_set_options(ssl,op) \ > SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) >+#define SSL_clear_options(ssl,op) \ >+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) > #define SSL_get_options(ssl) \ > SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) > > #define SSL_CTX_set_mode(ctx,op) \ > SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) >+#define SSL_CTX_clear_mode(ctx,op) \ >+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) > #define SSL_CTX_get_mode(ctx) \ > SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) >+#define SSL_clear_mode(ssl,op) \ >+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) > #define SSL_set_mode(ssl,op) \ > SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) > #define SSL_get_mode(ssl) \ >@@ -581,6 +593,8 @@ > #define SSL_set_mtu(ssl, mtu) \ > SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) > >+#define SSL_get_secure_renegotiation_support(ssl) \ >+ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) > > void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); > void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); >@@ -1271,6 +1285,21 @@ > #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 > #endif > >+#define DTLS_CTRL_GET_TIMEOUT 73 >+#define DTLS_CTRL_HANDLE_TIMEOUT 74 >+#define DTLS_CTRL_LISTEN 75 >+ >+#define SSL_CTRL_GET_RI_SUPPORT 76 >+#define SSL_CTRL_CLEAR_OPTIONS 77 >+#define SSL_CTRL_CLEAR_MODE 78 >+ >+#define DTLSv1_get_timeout(ssl, arg) \ >+ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) >+#define DTLSv1_handle_timeout(ssl) \ >+ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) >+#define DTLSv1_listen(ssl, peer) \ >+ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) >+ > #define SSL_session_reused(ssl) \ > SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) > #define SSL_num_renegotiations(ssl) \ >@@ -1521,7 +1550,7 @@ > > int SSL_library_init(void ); > >-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); >+char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); > STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); > > SSL *SSL_dup(SSL *ssl); >@@ -1651,6 +1680,7 @@ > #define SSL_F_DO_DTLS1_WRITE 245 > #define SSL_F_DO_SSL3_WRITE 104 > #define SSL_F_DTLS1_ACCEPT 246 >+#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 > #define SSL_F_DTLS1_BUFFER_RECORD 247 > #define SSL_F_DTLS1_CLIENT_HELLO 248 > #define SSL_F_DTLS1_CONNECT 249 >@@ -1659,6 +1689,7 @@ > #define SSL_F_DTLS1_GET_MESSAGE 252 > #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 > #define SSL_F_DTLS1_GET_RECORD 254 >+#define SSL_F_DTLS1_HANDLE_TIMEOUT 282 > #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 > #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 > #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 >@@ -1704,6 +1735,7 @@ > #define SSL_F_SSL2_SET_CERTIFICATE 126 > #define SSL_F_SSL2_WRITE 127 > #define SSL_F_SSL3_ACCEPT 128 >+#define SSL_F_SSL3_ADD_CERT_TO_BUF 281 > #define SSL_F_SSL3_CALLBACK_CTRL 233 > #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 > #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 >@@ -1744,9 +1776,11 @@ > #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 > #define SSL_F_SSL3_WRITE_BYTES 158 > #define SSL_F_SSL3_WRITE_PENDING 159 >+#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 > #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 > #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 > #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 >+#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 > #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 > #define SSL_F_SSL_BAD_METHOD 160 > #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 >@@ -1788,6 +1822,10 @@ > #define SSL_F_SSL_INIT_WBIO_BUFFER 184 > #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 > #define SSL_F_SSL_NEW 186 >+#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 >+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 >+#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 >+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 > #define SSL_F_SSL_PEEK 270 > #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 > #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 >@@ -1887,6 +1925,7 @@ > #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 > #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 > #define SSL_R_DIGEST_CHECK_FAILED 149 >+#define SSL_R_DTLS_MESSAGE_TOO_BIG 318 > #define SSL_R_DUPLICATE_COMPRESSION_ID 309 > #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 > #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 >@@ -1954,7 +1993,7 @@ > #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 > #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 > #define SSL_R_NO_PUBLICKEY 192 >-#define SSL_R_NO_RENEGOTIATION 318 >+#define SSL_R_NO_RENEGOTIATION 319 > #define SSL_R_NO_SHARED_CIPHER 193 > #define SSL_R_NO_VERIFY_CALLBACK 194 > #define SSL_R_NULL_SSL_CTX 195 >@@ -1982,10 +2021,14 @@ > #define SSL_R_RECORD_LENGTH_MISMATCH 213 > #define SSL_R_RECORD_TOO_LARGE 214 > #define SSL_R_RECORD_TOO_SMALL 298 >+#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 >+#define SSL_R_RENEGOTIATION_ENCODING_ERR 321 >+#define SSL_R_RENEGOTIATION_MISMATCH 322 > #define SSL_R_REQUIRED_CIPHER_MISSING 215 > #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 > #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 > #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 >+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 > #define SSL_R_SERVERHELLO_TLSEXT 224 > #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 > #define SSL_R_SHORT_READ 219 >@@ -2055,6 +2098,7 @@ > #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 > #define SSL_R_UNKNOWN_SSL_VERSION 254 > #define SSL_R_UNKNOWN_STATE 255 >+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 > #define SSL_R_UNSUPPORTED_CIPHER 256 > #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 > #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 >diff -Nur include.l/openssl/symhacks.h include.m/openssl/symhacks.h >--- include.l/openssl/symhacks.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/symhacks.h 2010-02-26 16:53:21 +0300 >@@ -60,6 +60,11 @@ > /* Hacks to solve the problem with linkers incapable of handling very long > symbol names. In the case of VMS, the limit is 31 characters on VMS for > VAX. */ >+/* Note that this affects util/libeay.num and util/ssleay.num... you may >+ change those manually, but that's not recommended, as those files are >+ controlled centrally and updated on Unix, and the central definition >+ may disagree with yours, which in turn may come with shareable library >+ incompatibilities. */ > #ifdef OPENSSL_SYS_VMS > > /* Hack a long name in crypto/cryptlib.c */ >@@ -137,6 +142,8 @@ > #define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers > #undef X509_STORE_CTX_get_explicit_policy > #define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy >+#undef X509_STORE_CTX_get0_current_issuer >+#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer > > /* Hack some long CRYPTO names */ > #undef CRYPTO_set_dynlock_destroy_callback >@@ -174,6 +181,15 @@ > #undef SSL_COMP_get_compression_methods > #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods > >+#undef ssl_add_clienthello_renegotiate_ext >+#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext >+#undef ssl_add_serverhello_renegotiate_ext >+#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext >+#undef ssl_parse_clienthello_renegotiate_ext >+#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext >+#undef ssl_parse_serverhello_renegotiate_ext >+#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext >+ > /* Hack some long ENGINE names */ > #undef ENGINE_get_default_BN_mod_exp_crt > #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt >@@ -365,6 +381,10 @@ > #undef cms_SignerIdentifier_get0_signer_id > #define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id > >+/* Hack some long DTLS1 names */ >+#undef dtls1_retransmit_buffered_messages >+#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs >+ > #endif /* defined OPENSSL_SYS_VMS */ > > >diff -Nur include.l/openssl/tls1.h include.m/openssl/tls1.h >--- include.l/openssl/tls1.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/tls1.h 2010-02-26 16:53:21 +0300 >@@ -115,6 +115,9 @@ > #define TLSEXT_TYPE_ec_point_formats 11 > #define TLSEXT_TYPE_session_ticket 35 > >+/* Temporary extension type */ >+#define TLSEXT_TYPE_renegotiate 0xff01 >+ > /* NameType value from RFC 3546 */ > #define TLSEXT_NAMETYPE_host_name 0 > /* status request value from RFC 3546 */ >@@ -169,9 +172,9 @@ > SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) > > #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ >- SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) >+ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) > #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ >- SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) >+ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) > > #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ > SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) >diff -Nur include.l/openssl/x509.h include.m/openssl/x509.h >--- include.l/openssl/x509.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/x509.h 2010-02-26 16:53:21 +0300 >@@ -116,6 +116,7 @@ > /* Under Win32 these are defined in wincrypt.h */ > #undef X509_NAME > #undef X509_CERT_PAIR >+#undef X509_EXTENSIONS > #endif > > #define X509_FILETYPE_PEM 1 >diff -Nur include.l/openssl/x509_vfy.h include.m/openssl/x509_vfy.h >--- include.l/openssl/x509_vfy.h 2010-01-16 03:44:02 +0300 >+++ include.m/openssl/x509_vfy.h 2010-02-26 16:53:21 +0300 >@@ -363,6 +363,9 @@ > /* Notify callback that policy is OK */ > #define X509_V_FLAG_NOTIFY_POLICY 0x800 > >+/* Check selfsigned CA signature */ >+#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 >+ > #define X509_VP_FLAG_DEFAULT 0x1 > #define X509_VP_FLAG_OVERWRITE 0x2 > #define X509_VP_FLAG_RESET_FLAGS 0x4
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4281">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 23037
: 4281
