diff --git a/INSTALL.VMS b/INSTALL.VMS index cf3c81a6e..93a4cf89f 100644 --- a/INSTALL.VMS +++ b/INSTALL.VMS @@ -127,15 +127,29 @@ The logical names that are set up are the following: SSLROOT a dotted concealed logical name pointing at the root directory. - SSLLIB points at the directory where CRYPTORTL.OLB and - SSLRTL.OLB are installed. - SSLINCLUDE points at the directory where the header files are - installed. - SSLEXE points at the directory where the applications are - installed. - SSLCERTS the place where the certificates are stored. - SSLPRIVATE I'm actually not sure what this is used for. + SSLCERTS Initially an empty directory, this is the default + location for certificate files. + SSLMISC Various scripts. + SSLPRIVATE Initially an empty directory, this is the default + location for private key files. + + SSLEXE Contains the openssl binary and a few other utility + programs. + SSLINCLUDE Contains the header files needed if you want to + compile programs with libcrypto or libssl. + SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB + and LIBSSL.OLB) themselves. + + OPENSSL Same as SSLINCLUDE. This is because the standard + way to include OpenSSL header files from version + 0.9.3 and on is: + + #include + + For more info on this issue, see the INSTALL. file + (the NOTE in section 4 of "Installation in Detail"). + You don't need to "deleting old header files"!!! Backward portability: ===================== diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index f5c11a0cc..13d10f21e 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -3,10 +3,17 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = $ENV::HOME.rnd -oid_file = $ENV::HOME.oid +RANDFILE = $ENV::HOME/.rnd +oid_file = $ENV::HOME/.oid oid_section = new_oids +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. @@ -35,6 +42,11 @@ private_key = $dir.private]cakey.pem# The private key RANDFILE = $dir.private].rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crl_extensions = crl_ext + default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # which md to use. @@ -123,31 +135,33 @@ basicConstraints=CA:FALSE # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. -#nsCertType = server +# nsCertType = server # For an object signing certificate this would be used. -#nsCertType = objsign +# nsCertType = objsign # For normal client use this is typical -#nsCertType = client, email +# nsCertType = client, email -# This is typical also +# and for everything including object signing: +# nsCertType = client, email, objsign -keyUsage = nonRepudiation, digitalSignature, keyEncipherment +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment +# This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" -# PKIX recommendations +# PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always +# This stuff is for subjectAltName and issuerAltname. # Import the email address. - -subjectAltName=email:copy +# subjectAltName=email:copy # Copy subject details - -issuerAltName=issuer:copy +# issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl @@ -160,8 +174,6 @@ issuerAltName=issuer:copy # Extensions for a typical CA -# It's a CA certificate -basicConstraints = CA:true # PKIX recommendation. @@ -172,19 +184,31 @@ authorityKeyIdentifier=keyid:always,issuer:always # This is what PKIX recommends but some broken software chokes on critical # extensions. #basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true -# Key usage: again this should really be critical. -keyUsage = cRLSign, keyCertSign +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign # Some might want this also -#nsCertType = sslCA, emailCA +# nsCertType = sslCA, emailCA # Include email address in subject alt name: another PKIX recommendation -subjectAltName=email:copy +# subjectAltName=email:copy # Copy issuer details -issuerAltName=issuer:copy +# issuerAltName=issuer:copy # RAW DER hex encoding of an extension: beware experts only! # 1.2.3.5=RAW:02:03 # You can even override a supported extension: # basicConstraints= critical, RAW:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h index bafd305ad..cc96bf50d 100644 --- a/crypto/md5/md5_locl.h +++ b/crypto/md5/md5_locl.h @@ -127,7 +127,11 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num); */ #endif +#ifndef FLAT_INC #include "../md32_common.h" +#else +#include "md32_common.h" +#endif /* #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) diff --git a/install.com b/install.com index 436b5bc09..16eac9aab 100644 --- a/install.com +++ b/install.com @@ -53,7 +53,7 @@ $ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[VMS] $ $ SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS -$ EXHEADER := e_os.h +$ EXHEADER := e_os.h,e_os2.h $ $ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG $ diff --git a/makevms.com b/makevms.com index 30d53848a..c8547dcee 100755 --- a/makevms.com +++ b/makevms.com @@ -220,7 +220,7 @@ $ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN - $! $! Copy All The ".H" Files From The Main Directory. $! -$ EXHEADER := e_os.h +$ EXHEADER := e_os.h,e_os2.h $ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] $! $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.