Bring VMS in sync with the recent changes.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
This commit is contained in:
Ulf Möller 1999-05-20 21:00:29 +00:00
parent 60ed228e71
commit 9dff4cc051
5 changed files with 71 additions and 29 deletions

View File

@ -127,15 +127,29 @@ The logical names that are set up are the following:
SSLROOT a dotted concealed logical name pointing at the SSLROOT a dotted concealed logical name pointing at the
root directory. root directory.
SSLLIB points at the directory where CRYPTORTL.OLB and
SSLRTL.OLB are installed.
SSLINCLUDE points at the directory where the header files are
installed.
SSLEXE points at the directory where the applications are
installed.
SSLCERTS the place where the certificates are stored.
SSLPRIVATE I'm actually not sure what this is used for.
SSLCERTS Initially an empty directory, this is the default
location for certificate files.
SSLMISC Various scripts.
SSLPRIVATE Initially an empty directory, this is the default
location for private key files.
SSLEXE Contains the openssl binary and a few other utility
programs.
SSLINCLUDE Contains the header files needed if you want to
compile programs with libcrypto or libssl.
SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
and LIBSSL.OLB) themselves.
OPENSSL Same as SSLINCLUDE. This is because the standard
way to include OpenSSL header files from version
0.9.3 and on is:
#include <openssl/header.h>
For more info on this issue, see the INSTALL. file
(the NOTE in section 4 of "Installation in Detail").
You don't need to "deleting old header files"!!!
Backward portability: Backward portability:
===================== =====================

View File

@ -3,10 +3,17 @@
# This is mostly being used for generation of certificate requests. # This is mostly being used for generation of certificate requests.
# #
RANDFILE = $ENV::HOME.rnd RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME.oid oid_file = $ENV::HOME/.oid
oid_section = new_oids oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ] [ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'. # We can add new OIDs in here for use by 'ca' and 'req'.
@ -35,6 +42,11 @@ private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file RANDFILE = $dir.private].rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert x509_extensions = usr_cert # The extentions to add to the cert
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use. default_md = md5 # which md to use.
@ -123,31 +135,33 @@ basicConstraints=CA:FALSE
# the certificate can be used for anything *except* object signing. # the certificate can be used for anything *except* object signing.
# This is OK for an SSL server. # This is OK for an SSL server.
#nsCertType = server # nsCertType = server
# For an object signing certificate this would be used. # For an object signing certificate this would be used.
#nsCertType = objsign # nsCertType = objsign
# For normal client use this is typical # For normal client use this is typical
#nsCertType = client, email # nsCertType = client, email
# This is typical also # and for everything including object signing:
# nsCertType = client, email, objsign
keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate" nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations # PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address. # Import the email address.
# subjectAltName=email:copy
subjectAltName=email:copy
# Copy subject details # Copy subject details
# issuerAltName=issuer:copy
issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl #nsBaseUrl
@ -160,8 +174,6 @@ issuerAltName=issuer:copy
# Extensions for a typical CA # Extensions for a typical CA
# It's a CA certificate
basicConstraints = CA:true
# PKIX recommendation. # PKIX recommendation.
@ -172,19 +184,31 @@ authorityKeyIdentifier=keyid:always,issuer:always
# This is what PKIX recommends but some broken software chokes on critical # This is what PKIX recommends but some broken software chokes on critical
# extensions. # extensions.
#basicConstraints = critical,CA:true #basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: again this should really be critical. # Key usage: this is typical for a CA certificate. However since it will
keyUsage = cRLSign, keyCertSign # prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also # Some might want this also
#nsCertType = sslCA, emailCA # nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation # Include email address in subject alt name: another PKIX recommendation
subjectAltName=email:copy # subjectAltName=email:copy
# Copy issuer details # Copy issuer details
issuerAltName=issuer:copy # issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only! # RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03 # 1.2.3.5=RAW:02:03
# You can even override a supported extension: # You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF # basicConstraints= critical, RAW:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always

View File

@ -127,7 +127,11 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num);
*/ */
#endif #endif
#ifndef FLAT_INC
#include "../md32_common.h" #include "../md32_common.h"
#else
#include "md32_common.h"
#endif
/* /*
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))

View File

@ -53,7 +53,7 @@ $ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
CREATE/DIR/LOG WRK_SSLROOT:[VMS] CREATE/DIR/LOG WRK_SSLROOT:[VMS]
$ $
$ SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS $ SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS
$ EXHEADER := e_os.h $ EXHEADER := e_os.h,e_os2.h
$ $
$ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG $ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
$ $

View File

@ -220,7 +220,7 @@ $ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN -
$! $!
$! Copy All The ".H" Files From The Main Directory. $! Copy All The ".H" Files From The Main Directory.
$! $!
$ EXHEADER := e_os.h $ EXHEADER := e_os.h,e_os2.h
$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] $ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
$! $!
$! Copy All The ".H" Files From The [.CRYPTO] Directory Tree. $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.