diff options
| author | Eduardo Chappa <chappa@washington.edu> | 2020-01-04 20:08:32 -0700 |
|---|---|---|
| committer | Eduardo Chappa <chappa@washington.edu> | 2020-01-04 20:08:32 -0700 |
| commit | f398f615b6df385aec2b3553310cc237b29e068a (patch) | |
| tree | 5af79c6a9a180c72c58a9d9cd2d79a1d7657d152 /libressl/include/openssl/ts.h | |
| parent | 77191bf3e4e049603fb6a0547876259c29c71dbd (diff) | |
| download | alpine-f398f615b6df385aec2b3553310cc237b29e068a.tar.xz | |
* The feature that stopped alpine from saving passwords in the password
file prevented users from actually saving their passwords in Windows
and MAC OS. Fix the code so that passwords will be saved. Also,
update the documentation of this feature.
* Fix a buffer overflow bug in the XOAUTH2 code (off by one error).
* Update PC-Alpine to work with Libressl version 3.0.2 instead of
version 2.5.5 (update build.bat and lib files from the LibreSSL
build).
* Erase SSLXXXXXX file.
* ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c.
The file ssl_libressl.c is the file ssl_unix.c from the unix osdep
directory. The file ssl_win.c is the native SSL windows code. The
Unix side provides S/MIME support for Alpine and the latest
encryption protocols support for Alpine when connecting to a secure
server, while the windows side provide TLSv1_3 support for Alpine,
but not S/MIME support.
In order to provide unix code for TLSv1_3 (once LibreSSL supports it)
edit the file os_nt.c and remove the comments on the #ifdef section.
This would provide both TLSv1_3 and S/MIME support with unix code. On
the other hand, when we provide TLSv1_3 with the Windows code we need
to undefine DF_ENCRYPTION_RANGE, and this is done in the file
include/config.wnt.h. The way this is done as of this moment is by
commenting an #else directive that preceedes this #undefine.
* Update makefile.nt and friends in the windows side to account for the
addition of XOAUTH2, and the use of only ssl_nt.c when dealing with
Alpine.
* Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these
certificates be considered while checking a digital S/MIME signature.
* Improvements to the SMARTTIME24 token to account for changes in year.
Diffstat (limited to 'libressl/include/openssl/ts.h')
| -rw-r--r-- | libressl/include/openssl/ts.h | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/libressl/include/openssl/ts.h b/libressl/include/openssl/ts.h index a8d2281b..fa8eb949 100644 --- a/libressl/include/openssl/ts.h +++ b/libressl/include/openssl/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.8 2016/12/27 16:05:57 jsing Exp $ */ +/* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -365,7 +365,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); -int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); @@ -378,7 +378,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); void TS_REQ_ext_free(TS_REQ *a); int TS_REQ_get_ext_count(TS_REQ *a); int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); -int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); @@ -439,7 +439,8 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); void TS_TST_INFO_ext_free(TS_TST_INFO *a); int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); -int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); @@ -524,14 +525,14 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); /* This parameter must be set. */ -int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); /* No additional certs are included in the response by default. */ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); /* Adds a new acceptable policy, only the default policy is accepted by default. */ -int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); /* Adds a new acceptable message digest. Note that no message digests are accepted by default. The md argument is shared with the caller. */ |