openbsd/src/lib/libssl, branch OPENBSD_4

openbsd/src/lib/libssl, branch OPENBSD_4_9 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_4_9 2011-02-12T15:54:20+00:00 This commit was manufactured by cvs2git to create branch 'OPENBSD_4_9'. 2011-02-12T15:54:20+00:00 cvs2svn admin@example.com 2011-02-12T15:54:20+00:00 urn:sha1:72e955673307e5c3b53169579bbac634e581aa81 fix for CVE-2011-0014 "OCSP stapling vulnerability"; 2011-02-10T22:40:27+00:00 djm 2011-02-10T22:40:27+00:00 urn:sha1:414ad4128c3f4f206e599041d7538686e164ba8d ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. Put -I${includedir} back into Cflags so configure script tests like 2011-01-25T20:53:18+00:00 naddy 2011-01-25T20:53:18+00:00 urn:sha1:5f07706d23c759a4046075aca987fcbfcd0a7290 test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@ - simplify, krb5 handling is not needed. 2011-01-21T09:24:46+00:00 jasper 2011-01-21T09:24:46+00:00 urn:sha1:d23be44a11f1a5189f70ab941e24ca0411bce500 prompted by brad - adjust krb5 directories 2011-01-03T09:32:01+00:00 jasper 2011-01-03T09:32:01+00:00 urn:sha1:fff3e6eaff21cc8a5f514d252315526688ba8e9c - zap a trailing tab - ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is not 2010-12-28T20:07:47+00:00 jasper 2010-12-28T20:07:47+00:00 urn:sha1:7e33b04d6fa2245d28e83242a0265c0bb8e09b43 common/encouraged practice - generate and install pkg-config files for openssl, which more and more 2010-12-28T14:30:50+00:00 jasper 2010-12-28T14:30:50+00:00 urn:sha1:39b32484a6292f856cc1e7e3edd4108bae9cfe2c projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@ move CRYPTO_VIAC3_MAX out of cryptodev.h and into the only 2010-12-16T16:56:08+00:00 jsg 2010-12-16T16:56:08+00:00 urn:sha1:6b9ac598895b1b758a246538efcbbbd58e70aa9f file it will be used from. requested by/ok mikeb@ The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX length 2010-12-16T00:07:25+00:00 jsg 2010-12-16T00:07:25+00:00 urn:sha1:4afed7f0dbd6023c1c12fb0cad317304d8953a71 which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt Security fix for CVE-2010-4180 as mentioned in http://www.openssl.org/news/secadv_20101202.txt. 2010-12-15T09:42:29+00:00 jasper 2010-12-15T09:42:29+00:00 urn:sha1:4ebb35764e503a3abb7bf5f37dd315e28b44caf6 where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@