This file is part of MXE. See index.html for further information. From fa1d94198fa75abfdb2e3fdbe071d37677347375 Mon Sep 17 00:00:00 2001 From: Mark Brand Date: Wed, 8 Jan 2014 02:19:10 +0100 Subject: [PATCH 1/2] winsock2 -This patch has been taken from: -http://rt.openssl.org/Ticket/Display.html?id=2285&user=guest&pass=guest diff --git a/e_os.h b/e_os.h index 79c1392..efe345f 100644 --- a/e_os.h +++ b/e_os.h @@ -492,7 +492,7 @@ static unsigned int _strlen31(const char *str) # endif # if !defined(IPPROTO_IP) /* winsock[2].h was included already? */ -# include +# include # endif # ifdef getservbyname # undef getservbyname diff --git a/ssl/dtls1.h b/ssl/dtls1.h index e65d501..7762089 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -68,7 +68,7 @@ #endif #ifdef OPENSSL_SYS_WIN32 /* Needed for struct timeval */ -#include +#include #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) #include #else diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 4f80be8..af5f1be 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -193,7 +193,7 @@ */ #ifdef OPENSSL_SYS_WINDOWS -#include +#include #else #include OPENSSL_UNISTD #endif -- 1.8.4 From ea68b7956d716fe09d7b47764e32127f5c1d0f10 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Wed, 8 Jan 2014 02:20:21 +0100 Subject: [PATCH 2/2] Patch OpenSSL POD docs for perl-5.16+ Stricter validation in recent Perl versions means the install stage fails without these applied. Should be harmless for earlier versions of perl. diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index a09588a..a8301c7 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -450,28 +450,28 @@ remains DER. =over 4 -=item 0 +=item * 0 the operation was completely successfully. -=item 1 +=item * 1 an error occurred parsing the command options. -=item 2 +=item * 2 one of the input files could not be read. -=item 3 +=item * 3 an error occurred creating the CMS file or when reading the MIME message. -=item 4 +=item * 4 an error occurred decrypting or verifying the message. -=item 5 +=item * 5 the message was verified correctly but an error occurred writing out the signers certificates. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index e4e89af..617343f 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -308,28 +308,28 @@ remains DER. =over 4 -=item 0 +=item * 0 the operation was completely successfully. -=item 1 +=item * 1 an error occurred parsing the command options. -=item 2 +=item * 2 one of the input files could not be read. -=item 3 +=item * 3 an error occurred creating the PKCS#7 file or when reading the MIME message. -=item 4 +=item * 4 an error occurred decrypting or verifying the message. -=item 5 +=item * 5 the message was verified correctly but an error occurred writing out the signers certificates. diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod index 1c068c8..801ef88 100644 --- a/doc/crypto/rand.pod +++ b/doc/crypto/rand.pod @@ -74,17 +74,14 @@ First up I will state the things I believe I need for a good RNG. =over 4 -=item 1 - +=item * 1 A good hashing algorithm to mix things up and to convert the RNG 'state' to random numbers. -=item 2 - +=item * 2 An initial source of random 'state'. -=item 3 - +=item * 3 The state should be very large. If the RNG is being used to generate 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). If your RNG state only has 128 bits, you are obviously limiting the @@ -93,14 +90,12 @@ carried away on this last point but it does indicate that it may not be a bad idea to keep quite a lot of RNG state. It should be easier to break a cipher than guess the RNG seed data. -=item 4 - +=item * 4 Any RNG seed data should influence all subsequent random numbers generated. This implies that any random seed data entered will have an influence on all subsequent random numbers generated. -=item 5 - +=item * 5 When using data to seed the RNG state, the data used should not be extractable from the RNG state. I believe this should be a requirement because one possible source of 'secret' semi random @@ -108,13 +103,11 @@ data would be a private key or a password. This data must not be disclosed by either subsequent random numbers or a 'core' dump left by a program crash. -=item 6 - +=item * 6 Given the same initial 'state', 2 systems should deviate in their RNG state (and hence the random numbers generated) over time if at all possible. -=item 7 - +=item * 7 Given the random number output stream, it should not be possible to determine the RNG state or the next random number. diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index 42fa66b..d531299 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values: =over 4 -=item 0 +=item * 0 The operation succeeded. -=item 1 +=item * 1 The operation failed. Check the error queue to find out the reason. diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod index 82676b2..ca89dcc 100644 --- a/doc/ssl/SSL_CTX_add_session.pod +++ b/doc/ssl/SSL_CTX_add_session.pod @@ -52,15 +52,15 @@ The following values are returned by all functions: =over 4 -=item 0 +=item * 0 - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. -=item 1 +=item * 1 - The operation succeeded. +The operation succeeded. =back diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod index 84a799f..66031d4 100644 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -100,13 +100,13 @@ The following return values can occur: =over 4 -=item 0 +=item * 0 The operation failed because B and B are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason. -=item 1 +=item * 1 The operation succeeded. diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod index 5e66133..2874fb8 100644 --- a/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod @@ -66,13 +66,13 @@ values: =over 4 -=item 0 +=item * 0 A failure while manipulating the STACK_OF(X509_NAME) object occurred or the X509_NAME could not be extracted from B. Check the error stack to find out the reason. -=item 1 +=item * 1 The operation succeeded. diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod index 58fc685..b3306aa 100644 --- a/doc/ssl/SSL_CTX_set_session_id_context.pod +++ b/doc/ssl/SSL_CTX_set_session_id_context.pod @@ -64,14 +64,12 @@ return the following values: =over 4 -=item 0 - +=item * 0 The length B of the session id context B exceeded the maximum allowed length of B. The error is logged to the error stack. -=item 1 - +=item * 1 The operation succeeded. =back diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod index 254f2b4..21df5a2 100644 --- a/doc/ssl/SSL_CTX_set_ssl_version.pod +++ b/doc/ssl/SSL_CTX_set_ssl_version.pod @@ -42,12 +42,10 @@ and SSL_set_ssl_method(): =over 4 -=item 0 - +=item * 0 The new choice failed, check the error stack to find out the reason. -=item 1 - +=item * 1 The operation succeeded. =back diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod index 7e60df5..77e2139 100644 --- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,7 @@ Return values from the server callback are interpreted as follows: =over 4 -=item > 0 +=item * > 0 PSK identity was found and the server callback has provided the PSK successfully in parameter B. Return value is the length of @@ -96,7 +96,7 @@ data to B and return the length of the random data, so the connection will fail with decryption_error before it will be finished completely. -=item 0 +=item * 0 PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index b1c34d1..b8a2c17 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -44,18 +44,18 @@ The following return values can occur: =over 4 -=item 0 +=item * 0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item * 1 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. -=item E0 +=item * E0 The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod index d4df1bf..c6416cf 100644 --- a/doc/ssl/SSL_clear.pod +++ b/doc/ssl/SSL_clear.pod @@ -56,13 +56,11 @@ The following return values can occur: =over 4 -=item 0 - +=item * 0 The SSL_clear() operation could not be performed. Check the error stack to find out the reason. -=item 1 - +=item * 1 The SSL_clear() operation was successful. =back diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 946ca89..792821e 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -41,18 +41,18 @@ The following return values can occur: =over 4 -=item 0 +=item * 0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item * 1 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. -=item E0 +=item * E0 The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod index 7f8cf24..c46d18d 100644 --- a/doc/ssl/SSL_do_handshake.pod +++ b/doc/ssl/SSL_do_handshake.pod @@ -45,18 +45,18 @@ The following return values can occur: =over 4 -=item 0 +=item * 0 The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item * 1 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. -=item E0 +=item * E0 The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod index 165c6a5..073e99c 100644 --- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod +++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod @@ -36,11 +36,11 @@ before the SSL index is created. =over 4 -=item E=0 +=item * E=0 The index value to access the pointer. -=item E0 +=item * E0 An error occurred, check the error stack for a detailed error message. diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod index 89260b5..1207658 100644 --- a/doc/ssl/SSL_get_fd.pod +++ b/doc/ssl/SSL_get_fd.pod @@ -26,12 +26,12 @@ The following return values can occur: =over 4 -=item -1 +=item * -1 The operation failed, because the underlying BIO is not of the correct type (suitable for file descriptors). -=item E=0 +=item * E=0 The file descriptor linked to B. diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod index 7038cd2..de52b49 100644 --- a/doc/ssl/SSL_read.pod +++ b/doc/ssl/SSL_read.pod @@ -81,13 +81,12 @@ The following return values can occur: =over 4 -=item E0 +=item * E0 The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection. -=item 0 - +=item * 0 The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set @@ -103,7 +102,7 @@ only be detected, whether the underlying connection was closed. It cannot be checked, whether the closure was initiated by the peer or by something else. -=item E0 +=item * E0 The read operation was not successful, because either an error occurred or action must be taken by the calling process. Call SSL_get_error() with the diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod index da7d062..e55c958 100644 --- a/doc/ssl/SSL_session_reused.pod +++ b/doc/ssl/SSL_session_reused.pod @@ -27,12 +27,10 @@ The following return values can occur: =over 4 -=item 0 - +=item * 0 A new session was negotiated. -=item 1 - +=item * 1 A session was reused. =back diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod index 7029112..42bfa1a 100644 --- a/doc/ssl/SSL_set_fd.pod +++ b/doc/ssl/SSL_set_fd.pod @@ -35,12 +35,10 @@ The following return values can occur: =over 4 -=item 0 - +=item * 0 The operation failed. Check the error stack to find out why. -=item 1 - +=item * 1 The operation succeeded. =back diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod index 5f54714..1aeee12 100644 --- a/doc/ssl/SSL_set_session.pod +++ b/doc/ssl/SSL_set_session.pod @@ -37,12 +37,10 @@ The following return values can occur: =over 4 -=item 0 - +=item * 0 The operation failed; check the error stack to find out the reason. -=item 1 - +=item * 1 The operation succeeded. =back diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod index 011a022..6f3e03e 100644 --- a/doc/ssl/SSL_set_shutdown.pod +++ b/doc/ssl/SSL_set_shutdown.pod @@ -24,16 +24,16 @@ The shutdown state of an ssl connection is a bitmask of: =over 4 -=item 0 +=item * 0 No shutdown setting, yet. -=item SSL_SENT_SHUTDOWN +=item * SSL_SENT_SHUTDOWN A "close notify" shutdown alert was sent to the peer, the connection is being considered closed and the session is closed and correct. -=item SSL_RECEIVED_SHUTDOWN +=item * SSL_RECEIVED_SHUTDOWN A shutdown alert was received form the peer, either a normal "close notify" or a fatal error. diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index 42a89b7..2853e65 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -92,19 +92,19 @@ The following return values can occur: =over 4 -=item 0 +=item * 0 The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional shutdown shall be performed. The output of L may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. -=item 1 +=item * 1 The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close notify" alert was received. -=item -1 +=item * -1 The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index e013c12..b2934b8 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -74,13 +74,12 @@ The following return values can occur: =over 4 -=item E0 +=item * E0 The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection. -=item 0 - +=item * 0 The write operation was not successful. Probably the underlying connection was closed. Call SSL_get_error() with the return value B to find out, whether an error occurred or the connection was shut down cleanly @@ -90,7 +89,7 @@ SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only be detected, whether the underlying connection was closed. It cannot be checked, why the closure happened. -=item E0 +=item * E0 The write operation was not successful, because either an error occurred or action must be taken by the calling process. Call SSL_get_error() with the -- 1.8.4