generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Recent changes from 0.9.6-stable.

Browse Source
This commit is contained in:
Richard Levitte 2002-11-09 23:32:54 +00:00
parent 3ba2b94a6b
commit 14f4feb05b
10 changed files with 136 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 0.9.6g and 0.9.6h [xx XXX xxxx]
*) Change X509_NAME_cmp() so it applies the special rules on handling
DN values that are of type PrintableString, as well as RDNs of type
emailAddress where the value has the type ia5String.
[stefank@valicert.com via Richard Levitte]
*) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be

2
Makefile.org
View File

@ -270,7 +270,7 @@ do_gnu-shared:
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
my_ld=`gcc -print-prog-name=ld 2>&1` && \
my_ld=`${CC} -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1

2
apps/x509.c
View File

@ -122,7 +122,7 @@ static char *x509_usage[]={
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial - serial file\n",
" -CAserial arg - serial file\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",

9
config
View File

@ -473,7 +473,8 @@ case "$GUESSOS" in
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure irix64-mips4-$CC' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
read waste < /dev/tty
# Do not stop if /dev/tty is unavailable
(read waste < /dev/tty) || true
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
@ -528,7 +529,8 @@ EOF
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
#echo " Type return if you want to continue, Ctrl-C to abort."
#read waste < /dev/tty
# Do not stop if /dev/tty is unavailable
#(read waste < /dev/tty) || true
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
@ -569,7 +571,8 @@ EOF
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
read waste < /dev/tty
# Do not stop if /dev/tty is unavailable
(read waste < /dev/tty) || true
fi
OUT="solaris-sparcv9-$CC" ;;
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;

109
crypto/x509/x509_cmp.c
View File

@ -157,6 +157,99 @@ int X509_cmp(const X509 *a, const X509 *b)
}
#endif
/* Case insensitive string comparision */
static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
{
int i;
if (a->length != b->length)
return (a->length - b->length);
for (i=0; i<a->length; i++)
{
int ca, cb;
ca = tolower(a->data[i]);
cb = tolower(b->data[i]);
if (ca != cb)
return(ca-cb);
}
return 0;
}
/* Case insensitive string comparision with space normalization
* Space normalization - ignore leading, trailing spaces,
* multiple spaces between characters are replaced by single space
*/
static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
{
unsigned char *pa = NULL, *pb = NULL;
int la, lb;
la = a->length;
lb = b->length;
pa = a->data;
pb = b->data;
/* skip leading spaces */
while (la > 0 && isspace(*pa))
{
la--;
pa++;
}
while (lb > 0 && isspace(*pb))
{
lb--;
pb++;
}
/* skip trailing spaces */
while (la > 0 && isspace(pa[la-1]))
la--;
while (lb > 0 && isspace(pb[lb-1]))
lb--;
/* compare strings with space normalization */
while (la > 0 && lb > 0)
{
int ca, cb;
/* compare character */
ca = tolower(*pa);
cb = tolower(*pb);
if (ca != cb)
return (ca - cb);
pa++; pb++;
la--; lb--;
if (la <= 0 || lb <= 0)
break;
/* is white space next character ? */
if (isspace(*pa) && isspace(*pb))
{
/* skip remaining white spaces */
while (la > 0 && isspace(*pa))
{
la--;
pa++;
}
while (lb > 0 && isspace(*pb))
{
lb--;
pb++;
}
}
}
if (la > 0 || lb > 0)
return la - lb;
return 0;
}
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
@ -170,10 +263,20 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
j=na->value->length-nb->value->length;
j=na->value->type-nb->value->type;
if (j) return(j);
j=memcmp(na->value->data,nb->value->data,
na->value->length);
if (na->value->type == V_ASN1_PRINTABLESTRING)
j=nocase_spacenorm_cmp(na->value, nb->value);
else if (na->value->type == V_ASN1_IA5STRING
&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
j=nocase_cmp(na->value, nb->value);
else
{
j=na->value->length-nb->value->length;
if (j) return(j);
j=memcmp(na->value->data,nb->value->data,
na->value->length);
}
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);

8
doc/apps/req.pod
View File

@ -457,13 +457,13 @@ Sample configuration containing all field values:
The header and footer lines in the B<PEM> format are normally:
-----BEGIN CERTIFICATE REQUEST----
-----END CERTIFICATE REQUEST----
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
some software (some versions of Netscape certificate server) instead needs:
-----BEGIN NEW CERTIFICATE REQUEST----
-----END NEW CERTIFICATE REQUEST----
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
which is produced with the B<-newhdr> option but is otherwise compatible.
Either form is accepted transparently on input.

4
doc/apps/smime.pod
View File

@ -340,8 +340,8 @@ detached signature format. You can use this program to verify the
signature by line wrapping the base64 encoded structure and surrounding
it with:
-----BEGIN PKCS7----
-----END PKCS7----
-----BEGIN PKCS7-----
-----END PKCS7-----
and using the command,

14
doc/apps/x509.pod
View File

@ -321,7 +321,7 @@ The default filename consists of the CA certificate file base name with
".srl" appended. For example if the CA certificate file is called
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
=item B<-CAcreateserial filename>
=item B<-CAcreateserial>
with this option the CA serial number file is created if it does not exist:
it will contain the serial number "02" and the certificate being signed will
@ -539,18 +539,18 @@ Set a certificate to be trusted for SSL client use and change set its alias to
The PEM format uses the header and footer lines:
-----BEGIN CERTIFICATE----
-----END CERTIFICATE----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
it will also handle files containing:
-----BEGIN X509 CERTIFICATE----
-----END X509 CERTIFICATE----
-----BEGIN X509 CERTIFICATE-----
-----END X509 CERTIFICATE-----
Trusted certificates have the lines
-----BEGIN TRUSTED CERTIFICATE----
-----END TRUSTED CERTIFICATE----
-----BEGIN TRUSTED CERTIFICATE-----
-----END TRUSTED CERTIFICATE-----
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO8859-1 character set. This is wrong but Netscape

2
shlib/Makefile.hpux10-cc
View File

@ -1,6 +1,6 @@
# Makefile.hpux-cc
major=0.9.6e
major=0.9.6h
slib=libssl
sh_slib=$(slib).sl.$(major)

6
shlib/hpux10-cc.sh
View File

@ -60,9 +60,9 @@ mkdir /usr/local
mkdir /usr/local/ssl
mkdir /usr/local/ssl/lib
chmod 444 lib*_pic.a
chmod 555 lib*.sl.0.9.6e
cp -p lib*_pic.a lib*.sl.0.9.6e /usr/local/ssl/lib
(cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.6e libcrypto.sl ; ln -sf libssl.sl.0.9.6e libssl.sl)
chmod 555 lib*.sl.0.9.6h
cp -p lib*_pic.a lib*.sl.0.9.6h /usr/local/ssl/lib
(cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.6h libcrypto.sl ; ln -sf libssl.sl.0.9.6h libssl.sl)
# Reconfigure without pic to compile the executables. Unfortunately, while
# performing this task we have to recompile the library components, even