Hello community, here is the log from the commit of package perl-Net-SSLeay for openSUSE:Factory checked in at 2015-07-05 17:53:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLeay (Old) and /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLeay" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Net-SSLeay/perl-Net-SSLeay.changes 2015-04-10 09:48:51.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new/perl-Net-SSLeay.changes 2015-07-05 17:53:53.000000000 +0200 @@ -1,0 +2,18 @@ +Wed Jun 24 08:05:15 UTC 2015 - [email protected] + +- net-ssleay-no-ofb.patch: disable the OFB cipher, not exported by + our openssl 1.0.2 currently. + +------------------------------------------------------------------- +Tue Jun 23 09:33:48 UTC 2015 - [email protected] + +- Update to version 1.69: + + Testing with OpenSSL 1.0.2, 1.0.2a. OK. + + Completed LibreSSL compatibility. + + Improved compatibility with OpenSSL 1.0.2a. + + Added the X509_check_* functions introduced in OpenSSL 1.0.2. + + Added support for X509_V_FLAG_TRUSTED_FIRST constant. Patch + allows get_keyblock_size to work correctly with OpenSSL 1.0.1 + and later versions. + +------------------------------------------------------------------- Old: ---- Net-SSLeay-1.68.tar.gz New: ---- Net-SSLeay-1.69.tar.gz net-ssleay-no-ofb.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Net-SSLeay.spec ++++++ --- /var/tmp/diff_new_pack.6jLO58/_old 2015-07-05 17:53:54.000000000 +0200 +++ /var/tmp/diff_new_pack.6jLO58/_new 2015-07-05 17:53:54.000000000 +0200 @@ -19,7 +19,7 @@ %bcond_with test Name: perl-Net-SSLeay -Version: 1.68 +Version: 1.69 Release: 0 %define cpan_name Net-SSLeay Summary: Perl extension for using OpenSSL @@ -27,6 +27,8 @@ Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/Net-SSLeay/ Source: http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz +# Broken by 1.0.2c openssl update ... probably an openssl bug. -Marcus +Patch0: net-ssleay-no-ofb.patch BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: perl @@ -51,6 +53,7 @@ %prep %setup -q -n %{cpan_name}-%{version} +%patch0 -p1 # replace rest of /usr/local/bin/perl with /usr/bin/perl for f in $(find . -type f -exec grep -l "/usr/local/bin/perl" {} \; ); do sed -i -e "s@/usr/local/bin/perl@perl@g" $f ++++++ Net-SSLeay-1.68.tar.gz -> Net-SSLeay-1.69.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/Changes new/Net-SSLeay-1.69/Changes --- old/Net-SSLeay-1.68/Changes 2015-01-24 01:23:18.000000000 +0100 +++ new/Net-SSLeay-1.69/Changes 2015-06-03 23:44:05.000000000 +0200 @@ -1,5 +1,16 @@ Revision history for Perl extension Net::SSLeay. +1.69 2015-06-04 + Testing with OpenSSL 1.0.2, 1.0.2a. OK. + Completed LibreSSL compatibility with the kind assistance of Alexander + Bluhm. + Improved compatibility with OpenSSL 1.0.2a as suggested by Petr Pisar. + Added the X509_check_* functions introduced in OpenSSL 1.0.2, contributed + by Carsten Gaebler. + Added support for X509_V_FLAG_TRUSTED_FIRST constant, patch from Gisle Aas. + Patch allows get_keyblock_size to work correctly with + OpenSSL 1.0.1 and later versions. Contributed by Heikki Vatiainen. + 1.68 2015-01-24 Fixed a problem on OSX when macports openssl 1.x is installed: headers from macport were found but older OSX openssl libraries were linked, resulting diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/README new/Net-SSLeay-1.69/README --- old/Net-SSLeay-1.68/README 2014-08-21 03:08:37.000000000 +0200 +++ new/Net-SSLeay-1.69/README 2015-02-14 22:57:30.000000000 +0100 @@ -1,5 +1,5 @@ README - Net::SSLeay Perl module for using OpenSSL -$Id: README 426 2014-08-21 01:08:36Z mikem-guest $ +$Id: README 435 2015-02-14 21:57:30Z mikem-guest $ By popular demand... -------------------- @@ -9,14 +9,14 @@ Prerequisites ------------- -perl-5.6.1 - though anything starting from perl5.003 probably works. -OpenSSL-0.9.6j or OpenSSL-0.9.7b - (try http://www.openssl.org/) - - This release has been tested with 0.9.6d and - in historical light it seems likely that future versions - will work as well (if major version number changes all bets - are off, though) +perl-5.6.1 though anything starting from perl5.003 probably works. + +OpenSSL-0.9.6j through to at least OpenSSL-1.0.2 and probably later + http://www.openssl.org/ - On Linux, you can either build and + install OpenSSL from scratch (its very portable) or you can + install the appropriate OpenSSL 'devel' package for your Linux + distribution: (rpm openssl-devel, deb libssl-dev). + Note: SSLeay is no longer supported. If you want to use Net::SSLeay with SSLeay or early versions of OpenSSL, use version 1.03. The support @@ -38,7 +38,7 @@ ---------- Unix: - # build OpenSSL as per instructions in that package + # build or install OpenSSL as per instructions in that package gunzip <Net-SSLeay.pm-1.35.tar.gz | tar xvf - cd Net-SSLeay.pm-1.35 @@ -120,6 +120,8 @@ - ANSI C compiler brand and version (e.g. gcc -v) If build fails, + - Dop you have OpenSSL headers installed? Perhaps you need the OpenSSL Devel + package for your Linux distribution. - three compiler warnings are known to be emitted (due to lack of const in some places), one of them indicates a fatal bug in callback handling, but as I have not yet sorted it out, you'll simply have to ignore it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/SSLeay.xs new/Net-SSLeay-1.69/SSLeay.xs --- old/Net-SSLeay-1.68/SSLeay.xs 2015-01-23 21:59:57.000000000 +0100 +++ new/Net-SSLeay-1.69/SSLeay.xs 2015-06-03 23:42:51.000000000 +0200 @@ -8,7 +8,7 @@ * * Change data removed. See Changes * - * $Id: SSLeay.xs,v 1.10 2015/01/23 20:59:15 mikem Exp mikem $ + * $Id: SSLeay.xs 443 2015-06-03 21:42:51Z mikem-guest $ * * The distribution and use of this module are subject to the conditions * listed in LICENSE file at the root of the Net-SSLeay @@ -1401,7 +1401,6 @@ RETVAL #ifndef OPENSSL_NO_SSL2 -#if OPENSSL_VERSION_NUMBER < 0x10000000L SSL_CTX * SSL_CTX_v2_new() @@ -1411,10 +1410,8 @@ RETVAL #endif -#endif #ifndef OPENSSL_NO_SSL3 -#if OPENSSL_VERSION_NUMBER < 0x10002000L SSL_CTX * SSL_CTX_v3_new() @@ -1424,7 +1421,6 @@ RETVAL #endif -#endif SSL_CTX * SSL_CTX_v23_new() @@ -2336,6 +2332,45 @@ #define REM40 "Minimal X509 stuff..., this is a bit ugly and should be put in its own modules Net::SSLeay::X509.pm" +#if OPENSSL_VERSION_NUMBER >= 0x1000200fL + +int +X509_check_host(X509 *cert, const char *name, unsigned int flags = 0, SV *peername = &PL_sv_undef) + INIT: + char *c_peername = NULL; + CODE: + RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL); + if (items == 4) + sv_setpv(peername, c_peername); + OUTPUT: + RETVAL + CLEANUP: + if (c_peername) + OPENSSL_free(c_peername); + +int +X509_check_email(X509 *cert, const char *address, unsigned int flags = 0) + CODE: + RETVAL = X509_check_email(cert, address, 0, flags); + OUTPUT: + RETVAL + +int +X509_check_ip(X509 *cert, SV *address, unsigned int flags = 0) + INIT: + unsigned char *c_address; + size_t addresslen; + CODE: + c_address = SvPV(address, addresslen); + RETVAL = X509_check_ip(cert, c_address, addresslen, flags); + OUTPUT: + RETVAL + +int +X509_check_ip_asc(X509 *cert, const char *address, unsigned int flags = 0) + +#endif + X509_NAME* X509_get_issuer_name(cert) X509 * cert @@ -4853,16 +4888,22 @@ { const EVP_CIPHER *c; const EVP_MD *h; + int md_size = -1; c = s->enc_read_ctx->cipher; -#if OPENSSL_VERSION_NUMBER >= 0x00909000L +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + if (s->s3) + md_size = s->s3->tmp.new_mac_secret_size; +#elif OPENSSL_VERSION_NUMBER >= 0x00909000L h = EVP_MD_CTX_md(s->read_hash); + md_size = EVP_MD_size(h); #else h = s->read_hash; + md_size = EVP_MD_size(h); #endif - - RETVAL = 2 * (EVP_CIPHER_key_length(c) + - EVP_MD_size(h) + - EVP_CIPHER_iv_length(c)); + RETVAL = (md_size > 0) ? (2 * (EVP_CIPHER_key_length(c) + + md_size + + EVP_CIPHER_iv_length(c))) + : -1; } OUTPUT: RETVAL @@ -5773,7 +5814,7 @@ #endif -#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) int SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/constants.c new/Net-SSLeay-1.69/constants.c --- old/Net-SSLeay-1.68/constants.c 2014-07-13 23:40:34.000000000 +0200 +++ new/Net-SSLeay-1.69/constants.c 2015-05-29 02:52:14.000000000 +0200 @@ -4211,7 +4211,8 @@ NID_sha1WithRSAEncryption OP_MSIE_SSLV2_RSA_PADDING OP_NETSCAPE_CHALLENGE_BUG R_BAD_AUTHENTICATION_TYPE V_OCSP_CERTSTATUS_REVOKED V_OCSP_CERTSTATUS_UNKNOWN - X509_V_FLAG_CRL_CHECK_ALL X509_V_FLAG_NOTIFY_POLICY */ + X509_V_FLAG_CRL_CHECK_ALL X509_V_FLAG_NOTIFY_POLICY + X509_V_FLAG_TRUSTED_FIRST */ /* Offset 20 gives the best switch position. */ switch (name[20]) { case '2': @@ -4262,6 +4263,18 @@ } break; + case 'F': + if (!memcmp(name, "X509_V_FLAG_TRUSTED_FIRST", 25)) { + /* ^ */ + +#ifdef X509_V_FLAG_TRUSTED_FIRST + return X509_V_FLAG_TRUSTED_FIRST; +#else + goto not_there; +#endif + + } + break; case 'K': if (!memcmp(name, "V_OCSP_CERTSTATUS_UNKNOWN", 25)) { /* ^ */ @@ -4781,12 +4794,12 @@ /* F_SSL_USE_RSAPRIVATEKEY_ASN1 F_SSL_USE_RSAPRIVATEKEY_FILE NID_authority_key_identifier NID_netscape_ssl_server_name NID_pbe_WithSHA1And128BitRC4 NID_pkcs7_signedAndEnveloped - NID_private_key_usage_period */ - /* Offset 24 gives the best switch position. */ - switch (name[24]) { - case 'A': + NID_private_key_usage_period X509_CHECK_FLAG_NO_WILDCARDS */ + /* Offset 10 gives the best switch position. */ + switch (name[10]) { + case 'R': if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_ASN1", 28)) { - /* ^ */ + /* ^ */ #ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 return SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1; @@ -4795,10 +4808,8 @@ #endif } - break; - case 'F': if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_FILE", 28)) { - /* ^ */ + /* ^ */ #ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_FILE return SSL_F_SSL_USE_RSAPRIVATEKEY_FILE; @@ -4808,9 +4819,33 @@ } break; - case 'f': + case '_': + if (!memcmp(name, "X509_CHECK_FLAG_NO_WILDCARDS", 28)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_NO_WILDCARDS + return X509_CHECK_FLAG_NO_WILDCARDS; +#else + goto not_there; +#endif + + } + break; + case 'e': + if (!memcmp(name, "NID_private_key_usage_period", 28)) { + /* ^ */ + +#ifdef NID_private_key_usage_period + return NID_private_key_usage_period; +#else + goto not_there; +#endif + + } + break; + case 'i': if (!memcmp(name, "NID_authority_key_identifier", 28)) { - /* ^ */ + /* ^ */ #ifdef NID_authority_key_identifier return NID_authority_key_identifier; @@ -4820,9 +4855,9 @@ } break; - case 'n': + case 'p': if (!memcmp(name, "NID_netscape_ssl_server_name", 28)) { - /* ^ */ + /* ^ */ #ifdef NID_netscape_ssl_server_name return NID_netscape_ssl_server_name; @@ -4832,9 +4867,9 @@ } break; - case 'o': + case 's': if (!memcmp(name, "NID_pkcs7_signedAndEnveloped", 28)) { - /* ^ */ + /* ^ */ #ifdef NID_pkcs7_signedAndEnveloped return NID_pkcs7_signedAndEnveloped; @@ -4844,21 +4879,9 @@ } break; - case 'r': - if (!memcmp(name, "NID_private_key_usage_period", 28)) { - /* ^ */ - -#ifdef NID_private_key_usage_period - return NID_private_key_usage_period; -#else - goto not_there; -#endif - - } - break; case 't': if (!memcmp(name, "NID_pbe_WithSHA1And128BitRC4", 28)) { - /* ^ */ + /* ^ */ #ifdef NID_pbe_WithSHA1And128BitRC4 return NID_pbe_WithSHA1And128BitRC4; @@ -5183,25 +5206,80 @@ } break; case 36: - if (!memcmp(name, "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", 36)) { - + /* Names all of length 36. */ + /* OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS */ + /* Offset 31 gives the best switch position. */ + switch (name[31]) { + case 'A': + if (!memcmp(name, "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", 36)) { + /* ^ */ + #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION return SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; #else goto not_there; #endif + } + break; + case 'B': + if (!memcmp(name, "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT", 36)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + return X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; +#else + goto not_there; +#endif + + } + break; + case 'C': + if (!memcmp(name, "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS", 36)) { + /* ^ */ + +#ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + return X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; +#else + goto not_there; +#endif + + } + break; } break; case 37: - if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST", 37)) { - + /* Names all of length 37. */ + /* OCSP_RESPONSE_STATUS_MALFORMEDREQUEST + X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS */ + /* Offset 36 gives the best switch position. */ + switch (name[36]) { + case 'S': + if (!memcmp(name, "X509_CHECK_FLAG_MULTI_LABEL_WILDCARD", 36)) { + /* S */ + +#ifdef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + return X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; +#else + goto not_there; +#endif + + } + break; + case 'T': + if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUES", 36)) { + /* T */ + #ifdef OCSP_RESPONSE_STATUS_MALFORMEDREQUEST return OCSP_RESPONSE_STATUS_MALFORMEDREQUEST; #else goto not_there; #endif + } + break; } break; case 38: @@ -5236,6 +5314,17 @@ break; } break; + case 39: + if (!memcmp(name, "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS", 39)) { + +#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + return X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; +#else + goto not_there; +#endif + + } + break; case 41: /* Names all of length 41. */ /* OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/helper_script/regen_openssl_constants.pl new/Net-SSLeay-1.69/helper_script/regen_openssl_constants.pl --- old/Net-SSLeay-1.68/helper_script/regen_openssl_constants.pl 2014-07-13 23:36:10.000000000 +0200 +++ new/Net-SSLeay-1.69/helper_script/regen_openssl_constants.pl 2015-05-29 02:48:22.000000000 +0200 @@ -530,6 +530,11 @@ SSL_VERIFY_PEER SSL_WRITING SSL_X509_LOOKUP +X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT +X509_CHECK_FLAG_NO_WILDCARDS +X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS +X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS +X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS X509_PURPOSE_ANY X509_PURPOSE_CRL_SIGN X509_PURPOSE_NS_SSL_SERVER @@ -560,6 +565,7 @@ X509_V_FLAG_NOTIFY_POLICY X509_V_FLAG_POLICY_CHECK X509_V_FLAG_POLICY_MASK +X509_V_FLAG_TRUSTED_FIRST X509_V_FLAG_USE_CHECK_TIME X509_V_FLAG_USE_DELTAS X509_V_FLAG_X509_STRICT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/lib/Net/SSLeay.pm new/Net-SSLeay-1.69/lib/Net/SSLeay.pm --- old/Net-SSLeay-1.68/lib/Net/SSLeay.pm 2015-01-24 01:24:24.000000000 +0100 +++ new/Net-SSLeay-1.69/lib/Net/SSLeay.pm 2015-06-03 23:45:58.000000000 +0200 @@ -4,7 +4,7 @@ # Copyright (C) 2005 Florian Ragwitz <[email protected]>, All Rights Reserved. # Copyright (C) 2005 Mike McCauley <[email protected]>, All Rights Reserved. # -# $Id: SSLeay.pm 434 2015-01-24 00:24:24Z mikem-guest $ +# $Id: SSLeay.pm 445 2015-06-03 21:45:57Z mikem-guest $ # # Change data removed from here. See Changes # The distribution and use of this module are subject to the conditions @@ -63,7 +63,7 @@ $Net::SSLeay::random_device = '/dev/urandom'; $Net::SSLeay::how_random = 512; -$VERSION = '1.68'; # Dont forget to set version in META.yml too +$VERSION = '1.69'; # Dont forget to set version in META.yml too @ISA = qw(Exporter); #BEWARE: @@ -72,149 +72,150 @@ # if you add/remove any constant you need to update it manually @EXPORT_OK = qw( - ASN1_STRFLGS_ESC_CTRL NID_dsa_2 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION - ASN1_STRFLGS_ESC_MSB NID_email_protect OP_CIPHER_SERVER_PREFERENCE - ASN1_STRFLGS_ESC_QUOTE NID_ext_key_usage OP_CISCO_ANYCONNECT - ASN1_STRFLGS_RFC2253 NID_ext_req OP_COOKIE_EXCHANGE - CB_ACCEPT_EXIT NID_friendlyName OP_CRYPTOPRO_TLSEXT_BUG - CB_ACCEPT_LOOP NID_givenName OP_DONT_INSERT_EMPTY_FRAGMENTS - CB_ALERT NID_hmacWithSHA1 OP_EPHEMERAL_RSA - CB_CONNECT_EXIT NID_id_ad OP_LEGACY_SERVER_CONNECT - CB_CONNECT_LOOP NID_id_ce OP_MICROSOFT_BIG_SSLV3_BUFFER - CB_EXIT NID_id_kp OP_MICROSOFT_SESS_ID_BUG - CB_HANDSHAKE_DONE NID_id_pbkdf2 OP_MSIE_SSLV2_RSA_PADDING - CB_HANDSHAKE_START NID_id_pe OP_NETSCAPE_CA_DN_BUG - CB_LOOP NID_id_pkix OP_NETSCAPE_CHALLENGE_BUG - CB_READ NID_id_qt_cps OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - CB_READ_ALERT NID_id_qt_unotice OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CB_WRITE NID_idea_cbc OP_NON_EXPORT_FIRST - CB_WRITE_ALERT NID_idea_cfb64 OP_NO_COMPRESSION - ERROR_NONE NID_idea_ecb OP_NO_QUERY_MTU - ERROR_SSL NID_idea_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - ERROR_SYSCALL NID_info_access OP_NO_SSLv2 - ERROR_WANT_ACCEPT NID_initials OP_NO_SSLv3 - ERROR_WANT_CONNECT NID_invalidity_date OP_NO_TICKET - ERROR_WANT_READ NID_issuer_alt_name OP_NO_TLSv1 - ERROR_WANT_WRITE NID_keyBag OP_NO_TLSv1_1 - ERROR_WANT_X509_LOOKUP NID_key_usage OP_NO_TLSv1_2 - ERROR_ZERO_RETURN NID_localKeyID OP_PKCS1_CHECK_1 - EVP_PKS_DSA NID_localityName OP_PKCS1_CHECK_2 - EVP_PKS_EC NID_md2 OP_SINGLE_DH_USE - EVP_PKS_RSA NID_md2WithRSAEncryption OP_SINGLE_ECDH_USE - EVP_PKT_ENC NID_md5 OP_SSLEAY_080_CLIENT_DH_BUG - EVP_PKT_EXCH NID_md5WithRSA OP_SSLREF2_REUSE_CERT_TYPE_BUG - EVP_PKT_EXP NID_md5WithRSAEncryption OP_TLS_BLOCK_PADDING_BUG - EVP_PKT_SIGN NID_md5_sha1 OP_TLS_D5_BUG - EVP_PK_DH NID_mdc2 OP_TLS_ROLLBACK_BUG - EVP_PK_DSA NID_mdc2WithRSA READING - EVP_PK_EC NID_ms_code_com RECEIVED_SHUTDOWN - EVP_PK_RSA NID_ms_code_ind RSA_3 - FILETYPE_ASN1 NID_ms_ctl_sign RSA_F4 - FILETYPE_PEM NID_ms_efs R_BAD_AUTHENTICATION_TYPE - F_CLIENT_CERTIFICATE NID_ms_ext_req R_BAD_CHECKSUM - F_CLIENT_HELLO NID_ms_sgc R_BAD_MAC_DECODE - F_CLIENT_MASTER_KEY NID_name R_BAD_RESPONSE_ARGUMENT - F_D2I_SSL_SESSION NID_netscape R_BAD_SSL_FILETYPE - F_GET_CLIENT_FINISHED NID_netscape_base_url R_BAD_SSL_SESSION_ID_LENGTH - F_GET_CLIENT_HELLO NID_netscape_ca_policy_url R_BAD_STATE - F_GET_CLIENT_MASTER_KEY NID_netscape_ca_revocation_url R_BAD_WRITE_RETRY - F_GET_SERVER_FINISHED NID_netscape_cert_extension R_CHALLENGE_IS_DIFFERENT - F_GET_SERVER_HELLO NID_netscape_cert_sequence R_CIPHER_TABLE_SRC_ERROR - F_GET_SERVER_VERIFY NID_netscape_cert_type R_INVALID_CHALLENGE_LENGTH - F_I2D_SSL_SESSION NID_netscape_comment R_NO_CERTIFICATE_SET - F_READ_N NID_netscape_data_type R_NO_CERTIFICATE_SPECIFIED - F_REQUEST_CERTIFICATE NID_netscape_renewal_url R_NO_CIPHER_LIST - F_SERVER_HELLO NID_netscape_revocation_url R_NO_CIPHER_MATCH - F_SSL_CERT_NEW NID_netscape_ssl_server_name R_NO_PRIVATEKEY - F_SSL_GET_NEW_SESSION NID_ns_sgc R_NO_PUBLICKEY - F_SSL_NEW NID_organizationName R_NULL_SSL_CTX - F_SSL_READ NID_organizationalUnitName R_PEER_DID_NOT_RETURN_A_CERTIFICATE - F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD2AndDES_CBC R_PEER_ERROR - F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_CERTIFICATE - F_SSL_SESSION_NEW NID_pbeWithMD5AndCast5_CBC R_PEER_ERROR_NO_CIPHER - F_SSL_SESSION_PRINT_FP NID_pbeWithMD5AndDES_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE - F_SSL_SET_FD NID_pbeWithMD5AndRC2_CBC R_PUBLIC_KEY_ENCRYPT_ERROR - F_SSL_SET_RFD NID_pbeWithSHA1AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA - F_SSL_SET_WFD NID_pbeWithSHA1AndRC2_CBC R_READ_WRONG_PACKET_TYPE - F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And128BitRC2_CBC R_SHORT_READ - F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And128BitRC4 R_SSL_SESSION_ID_IS_DIFFERENT - F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY - F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_UNKNOWN_REMOTE_ERROR_TYPE - F_SSL_USE_PRIVATEKEY_ASN1 NID_pbe_WithSHA1And40BitRC2_CBC R_UNKNOWN_STATE - F_SSL_USE_PRIVATEKEY_FILE NID_pbe_WithSHA1And40BitRC4 R_X509_LIB - F_SSL_USE_RSAPRIVATEKEY NID_pbes2 SENT_SHUTDOWN - F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pbmac1 SESSION_ASN1_VERSION - F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs ST_ACCEPT - F_WRITE_PENDING NID_pkcs3 ST_BEFORE - GEN_DIRNAME NID_pkcs7 ST_CONNECT - GEN_DNS NID_pkcs7_data ST_INIT - GEN_EDIPARTY NID_pkcs7_digest ST_OK - GEN_EMAIL NID_pkcs7_encrypted ST_READ_BODY - GEN_IPADD NID_pkcs7_enveloped ST_READ_HEADER - GEN_OTHERNAME NID_pkcs7_signed TLSEXT_STATUSTYPE_ocsp - GEN_RID NID_pkcs7_signedAndEnveloped VERIFY_CLIENT_ONCE - GEN_URI NID_pkcs8ShroudedKeyBag VERIFY_FAIL_IF_NO_PEER_CERT - GEN_X400 NID_pkcs9 VERIFY_NONE - LIBRESSL_VERSION_NUMBER NID_pkcs9_challengePassword VERIFY_PEER - MBSTRING_ASC NID_pkcs9_contentType V_OCSP_CERTSTATUS_GOOD - MBSTRING_BMP NID_pkcs9_countersignature V_OCSP_CERTSTATUS_REVOKED - MBSTRING_FLAG NID_pkcs9_emailAddress V_OCSP_CERTSTATUS_UNKNOWN - MBSTRING_UNIV NID_pkcs9_extCertAttributes WRITING - MBSTRING_UTF8 NID_pkcs9_messageDigest X509_LOOKUP - MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_signingTime X509_PURPOSE_ANY - MODE_ACCEPT_MOVING_WRITE_BUFFER NID_pkcs9_unstructuredAddress X509_PURPOSE_CRL_SIGN - MODE_AUTO_RETRY NID_pkcs9_unstructuredName X509_PURPOSE_NS_SSL_SERVER - MODE_ENABLE_PARTIAL_WRITE NID_private_key_usage_period X509_PURPOSE_OCSP_HELPER - MODE_RELEASE_BUFFERS NID_rc2_40_cbc X509_PURPOSE_SMIME_ENCRYPT - NID_OCSP_sign NID_rc2_64_cbc X509_PURPOSE_SMIME_SIGN - NID_SMIMECapabilities NID_rc2_cbc X509_PURPOSE_SSL_CLIENT - NID_X500 NID_rc2_cfb64 X509_PURPOSE_SSL_SERVER - NID_X509 NID_rc2_ecb X509_PURPOSE_TIMESTAMP_SIGN - NID_ad_OCSP NID_rc2_ofb64 X509_TRUST_COMPAT - NID_ad_ca_issuers NID_rc4 X509_TRUST_EMAIL - NID_algorithm NID_rc4_40 X509_TRUST_OBJECT_SIGN - NID_authority_key_identifier NID_rc5_cbc X509_TRUST_OCSP_REQUEST - NID_basic_constraints NID_rc5_cfb64 X509_TRUST_OCSP_SIGN - NID_bf_cbc NID_rc5_ecb X509_TRUST_SSL_CLIENT - NID_bf_cfb64 NID_rc5_ofb64 X509_TRUST_SSL_SERVER - NID_bf_ecb NID_ripemd160 X509_TRUST_TSA - NID_bf_ofb64 NID_ripemd160WithRSA X509_V_FLAG_ALLOW_PROXY_CERTS - NID_cast5_cbc NID_rle_compression X509_V_FLAG_CB_ISSUER_CHECK - NID_cast5_cfb64 NID_rsa X509_V_FLAG_CHECK_SS_SIGNATURE - NID_cast5_ecb NID_rsaEncryption X509_V_FLAG_CRL_CHECK - NID_cast5_ofb64 NID_rsadsi X509_V_FLAG_CRL_CHECK_ALL - NID_certBag NID_safeContentsBag X509_V_FLAG_EXPLICIT_POLICY - NID_certificate_policies NID_sdsiCertificate X509_V_FLAG_EXTENDED_CRL_SUPPORT - NID_client_auth NID_secretBag X509_V_FLAG_IGNORE_CRITICAL - NID_code_sign NID_serialNumber X509_V_FLAG_INHIBIT_ANY - NID_commonName NID_server_auth X509_V_FLAG_INHIBIT_MAP - NID_countryName NID_sha X509_V_FLAG_NOTIFY_POLICY - NID_crlBag NID_sha1 X509_V_FLAG_POLICY_CHECK - NID_crl_distribution_points NID_sha1WithRSA X509_V_FLAG_POLICY_MASK - NID_crl_number NID_sha1WithRSAEncryption X509_V_FLAG_USE_CHECK_TIME - NID_crl_reason NID_shaWithRSAEncryption X509_V_FLAG_USE_DELTAS - NID_delta_crl NID_stateOrProvinceName X509_V_FLAG_X509_STRICT - NID_des_cbc NID_subject_alt_name X509_V_OK - NID_des_cfb64 NID_subject_key_identifier XN_FLAG_COMPAT - NID_des_ecb NID_surname XN_FLAG_DN_REV - NID_des_ede NID_sxnet XN_FLAG_DUMP_UNKNOWN_FIELDS - NID_des_ede3 NID_time_stamp XN_FLAG_FN_ALIGN - NID_des_ede3_cbc NID_title XN_FLAG_FN_LN - NID_des_ede3_cfb64 NID_undef XN_FLAG_FN_MASK - NID_des_ede3_ofb64 NID_uniqueIdentifier XN_FLAG_FN_NONE - NID_des_ede_cbc NID_x509Certificate XN_FLAG_FN_OID - NID_des_ede_cfb64 NID_x509Crl XN_FLAG_FN_SN - NID_des_ede_ofb64 NID_zlib_compression XN_FLAG_MULTILINE - NID_des_ofb64 NOTHING XN_FLAG_ONELINE - NID_description OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_RFC2253 - NID_desx_cbc OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_SEP_COMMA_PLUS - NID_dhKeyAgreement OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_SEP_CPLUS_SPC - NID_dnQualifier OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_SEP_MASK - NID_dsa OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_SEP_MULTILINE - NID_dsaWithSHA OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_SPLUS_SPC - NID_dsaWithSHA1 OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ - NID_dsaWithSHA1_2 OP_ALL - + ASN1_STRFLGS_ESC_CTRL NID_ext_key_usage OP_CRYPTOPRO_TLSEXT_BUG + ASN1_STRFLGS_ESC_MSB NID_ext_req OP_DONT_INSERT_EMPTY_FRAGMENTS + ASN1_STRFLGS_ESC_QUOTE NID_friendlyName OP_EPHEMERAL_RSA + ASN1_STRFLGS_RFC2253 NID_givenName OP_LEGACY_SERVER_CONNECT + CB_ACCEPT_EXIT NID_hmacWithSHA1 OP_MICROSOFT_BIG_SSLV3_BUFFER + CB_ACCEPT_LOOP NID_id_ad OP_MICROSOFT_SESS_ID_BUG + CB_ALERT NID_id_ce OP_MSIE_SSLV2_RSA_PADDING + CB_CONNECT_EXIT NID_id_kp OP_NETSCAPE_CA_DN_BUG + CB_CONNECT_LOOP NID_id_pbkdf2 OP_NETSCAPE_CHALLENGE_BUG + CB_EXIT NID_id_pe OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + CB_HANDSHAKE_DONE NID_id_pkix OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + CB_HANDSHAKE_START NID_id_qt_cps OP_NON_EXPORT_FIRST + CB_LOOP NID_id_qt_unotice OP_NO_COMPRESSION + CB_READ NID_idea_cbc OP_NO_QUERY_MTU + CB_READ_ALERT NID_idea_cfb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + CB_WRITE NID_idea_ecb OP_NO_SSLv2 + CB_WRITE_ALERT NID_idea_ofb64 OP_NO_SSLv3 + ERROR_NONE NID_info_access OP_NO_TICKET + ERROR_SSL NID_initials OP_NO_TLSv1 + ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1 + ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 + ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 + ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2 + ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE + ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE + ERROR_ZERO_RETURN NID_md2 OP_SSLEAY_080_CLIENT_DH_BUG + EVP_PKS_DSA NID_md2WithRSAEncryption OP_SSLREF2_REUSE_CERT_TYPE_BUG + EVP_PKS_EC NID_md5 OP_TLS_BLOCK_PADDING_BUG + EVP_PKS_RSA NID_md5WithRSA OP_TLS_D5_BUG + EVP_PKT_ENC NID_md5WithRSAEncryption OP_TLS_ROLLBACK_BUG + EVP_PKT_EXCH NID_md5_sha1 READING + EVP_PKT_EXP NID_mdc2 RECEIVED_SHUTDOWN + EVP_PKT_SIGN NID_mdc2WithRSA RSA_3 + EVP_PK_DH NID_ms_code_com RSA_F4 + EVP_PK_DSA NID_ms_code_ind R_BAD_AUTHENTICATION_TYPE + EVP_PK_EC NID_ms_ctl_sign R_BAD_CHECKSUM + EVP_PK_RSA NID_ms_efs R_BAD_MAC_DECODE + FILETYPE_ASN1 NID_ms_ext_req R_BAD_RESPONSE_ARGUMENT + FILETYPE_PEM NID_ms_sgc R_BAD_SSL_FILETYPE + F_CLIENT_CERTIFICATE NID_name R_BAD_SSL_SESSION_ID_LENGTH + F_CLIENT_HELLO NID_netscape R_BAD_STATE + F_CLIENT_MASTER_KEY NID_netscape_base_url R_BAD_WRITE_RETRY + F_D2I_SSL_SESSION NID_netscape_ca_policy_url R_CHALLENGE_IS_DIFFERENT + F_GET_CLIENT_FINISHED NID_netscape_ca_revocation_url R_CIPHER_TABLE_SRC_ERROR + F_GET_CLIENT_HELLO NID_netscape_cert_extension R_INVALID_CHALLENGE_LENGTH + F_GET_CLIENT_MASTER_KEY NID_netscape_cert_sequence R_NO_CERTIFICATE_SET + F_GET_SERVER_FINISHED NID_netscape_cert_type R_NO_CERTIFICATE_SPECIFIED + F_GET_SERVER_HELLO NID_netscape_comment R_NO_CIPHER_LIST + F_GET_SERVER_VERIFY NID_netscape_data_type R_NO_CIPHER_MATCH + F_I2D_SSL_SESSION NID_netscape_renewal_url R_NO_PRIVATEKEY + F_READ_N NID_netscape_revocation_url R_NO_PUBLICKEY + F_REQUEST_CERTIFICATE NID_netscape_ssl_server_name R_NULL_SSL_CTX + F_SERVER_HELLO NID_ns_sgc R_PEER_DID_NOT_RETURN_A_CERTIFICATE + F_SSL_CERT_NEW NID_organizationName R_PEER_ERROR + F_SSL_GET_NEW_SESSION NID_organizationalUnitName R_PEER_ERROR_CERTIFICATE + F_SSL_NEW NID_pbeWithMD2AndDES_CBC R_PEER_ERROR_NO_CIPHER + F_SSL_READ NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD5AndCast5_CBC R_PUBLIC_KEY_ENCRYPT_ERROR + F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD5AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA + F_SSL_SESSION_NEW NID_pbeWithMD5AndRC2_CBC R_READ_WRONG_PACKET_TYPE + F_SSL_SESSION_PRINT_FP NID_pbeWithSHA1AndDES_CBC R_SHORT_READ + F_SSL_SET_FD NID_pbeWithSHA1AndRC2_CBC R_SSL_SESSION_ID_IS_DIFFERENT + F_SSL_SET_RFD NID_pbe_WithSHA1And128BitRC2_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY + F_SSL_SET_WFD NID_pbe_WithSHA1And128BitRC4 R_UNKNOWN_REMOTE_ERROR_TYPE + F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNKNOWN_STATE + F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_X509_LIB + F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And40BitRC2_CBC SENT_SHUTDOWN + F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And40BitRC4 SESSION_ASN1_VERSION + F_SSL_USE_PRIVATEKEY_ASN1 NID_pbes2 ST_ACCEPT + F_SSL_USE_PRIVATEKEY_FILE NID_pbmac1 ST_BEFORE + F_SSL_USE_RSAPRIVATEKEY NID_pkcs ST_CONNECT + F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pkcs3 ST_INIT + F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs7 ST_OK + F_WRITE_PENDING NID_pkcs7_data ST_READ_BODY + GEN_DIRNAME NID_pkcs7_digest ST_READ_HEADER + GEN_DNS NID_pkcs7_encrypted TLSEXT_STATUSTYPE_ocsp + GEN_EDIPARTY NID_pkcs7_enveloped VERIFY_CLIENT_ONCE + GEN_EMAIL NID_pkcs7_signed VERIFY_FAIL_IF_NO_PEER_CERT + GEN_IPADD NID_pkcs7_signedAndEnveloped VERIFY_NONE + GEN_OTHERNAME NID_pkcs8ShroudedKeyBag VERIFY_PEER + GEN_RID NID_pkcs9 V_OCSP_CERTSTATUS_GOOD + GEN_URI NID_pkcs9_challengePassword V_OCSP_CERTSTATUS_REVOKED + GEN_X400 NID_pkcs9_contentType V_OCSP_CERTSTATUS_UNKNOWN + LIBRESSL_VERSION_NUMBER NID_pkcs9_countersignature WRITING + MBSTRING_ASC NID_pkcs9_emailAddress X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + MBSTRING_BMP NID_pkcs9_extCertAttributes X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + MBSTRING_FLAG NID_pkcs9_messageDigest X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + MBSTRING_UNIV NID_pkcs9_signingTime X509_CHECK_FLAG_NO_WILDCARDS + MBSTRING_UTF8 NID_pkcs9_unstructuredAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_unstructuredName X509_LOOKUP + MODE_ACCEPT_MOVING_WRITE_BUFFER NID_private_key_usage_period X509_PURPOSE_ANY + MODE_AUTO_RETRY NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN + MODE_ENABLE_PARTIAL_WRITE NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER + MODE_RELEASE_BUFFERS NID_rc2_cbc X509_PURPOSE_OCSP_HELPER + NID_OCSP_sign NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT + NID_SMIMECapabilities NID_rc2_ecb X509_PURPOSE_SMIME_SIGN + NID_X500 NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT + NID_X509 NID_rc4 X509_PURPOSE_SSL_SERVER + NID_ad_OCSP NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN + NID_ad_ca_issuers NID_rc5_cbc X509_TRUST_COMPAT + NID_algorithm NID_rc5_cfb64 X509_TRUST_EMAIL + NID_authority_key_identifier NID_rc5_ecb X509_TRUST_OBJECT_SIGN + NID_basic_constraints NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST + NID_bf_cbc NID_ripemd160 X509_TRUST_OCSP_SIGN + NID_bf_cfb64 NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT + NID_bf_ecb NID_rle_compression X509_TRUST_SSL_SERVER + NID_bf_ofb64 NID_rsa X509_TRUST_TSA + NID_cast5_cbc NID_rsaEncryption X509_V_FLAG_ALLOW_PROXY_CERTS + NID_cast5_cfb64 NID_rsadsi X509_V_FLAG_CB_ISSUER_CHECK + NID_cast5_ecb NID_safeContentsBag X509_V_FLAG_CHECK_SS_SIGNATURE + NID_cast5_ofb64 NID_sdsiCertificate X509_V_FLAG_CRL_CHECK + NID_certBag NID_secretBag X509_V_FLAG_CRL_CHECK_ALL + NID_certificate_policies NID_serialNumber X509_V_FLAG_EXPLICIT_POLICY + NID_client_auth NID_server_auth X509_V_FLAG_EXTENDED_CRL_SUPPORT + NID_code_sign NID_sha X509_V_FLAG_IGNORE_CRITICAL + NID_commonName NID_sha1 X509_V_FLAG_INHIBIT_ANY + NID_countryName NID_sha1WithRSA X509_V_FLAG_INHIBIT_MAP + NID_crlBag NID_sha1WithRSAEncryption X509_V_FLAG_NOTIFY_POLICY + NID_crl_distribution_points NID_shaWithRSAEncryption X509_V_FLAG_POLICY_CHECK + NID_crl_number NID_stateOrProvinceName X509_V_FLAG_POLICY_MASK + NID_crl_reason NID_subject_alt_name X509_V_FLAG_TRUSTED_FIRST + NID_delta_crl NID_subject_key_identifier X509_V_FLAG_USE_CHECK_TIME + NID_des_cbc NID_surname X509_V_FLAG_USE_DELTAS + NID_des_cfb64 NID_sxnet X509_V_FLAG_X509_STRICT + NID_des_ecb NID_time_stamp X509_V_OK + NID_des_ede NID_title XN_FLAG_COMPAT + NID_des_ede3 NID_undef XN_FLAG_DN_REV + NID_des_ede3_cbc NID_uniqueIdentifier XN_FLAG_DUMP_UNKNOWN_FIELDS + NID_des_ede3_cfb64 NID_x509Certificate XN_FLAG_FN_ALIGN + NID_des_ede3_ofb64 NID_x509Crl XN_FLAG_FN_LN + NID_des_ede_cbc NID_zlib_compression XN_FLAG_FN_MASK + NID_des_ede_cfb64 NOTHING XN_FLAG_FN_NONE + NID_des_ede_ofb64 OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_FN_OID + NID_des_ofb64 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_FN_SN + NID_description OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_MULTILINE + NID_desx_cbc OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_ONELINE + NID_dhKeyAgreement OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_RFC2253 + NID_dnQualifier OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_COMMA_PLUS + NID_dsa OPENSSL_VERSION_NUMBER XN_FLAG_SEP_CPLUS_SPC + NID_dsaWithSHA OP_ALL XN_FLAG_SEP_MASK + NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE + NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC + NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ + NID_email_protect OP_COOKIE_EXCHANGE BIO_eof BIO_f_ssl BIO_free @@ -250,6 +251,10 @@ X509_STORE_CTX_set_flags X509_STORE_add_cert X509_STORE_add_crl + X509_check_email + X509_check_host + X509_check_ip + X509_check_ip_asc X509_free X509_get_issuer_name X509_get_subject_name diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/lib/Net/SSLeay.pod new/Net-SSLeay-1.69/lib/Net/SSLeay.pod --- old/Net-SSLeay-1.68/lib/Net/SSLeay.pod 2015-01-24 01:22:39.000000000 +0100 +++ new/Net-SSLeay-1.69/lib/Net/SSLeay.pod 2015-05-29 02:57:02.000000000 +0200 @@ -4955,6 +4955,80 @@ Check openssl doc L<http://www.openssl.org/docs/crypto/X509_new.html|http://www.openssl.org/docs/crypto/X509_new.html> +=item * X509_check_host + +B<COMPATIBILITY:> not available in Net-SSLeay-1.68 and before; requires at +least OpenSSL 1.0.2. + +Checks f the certificate Subject Alternative Name (SAN) or Subject CommonName +(CN) matches the specified host name. + + my $rv = Net::SSLeay::X509_check_host($cert, $name, $flags, $peername); + # $cert - value corresponding to openssl's X509 structure + # $name - host name to check + # $flags (optional, default: 0) - can be the bitwise OR of: + # &Net::SSLeay::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + # &Net::SSLeay::X509_CHECK_FLAG_NO_WILDCARDS + # &Net::SSLeay::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + # &Net::SSLeay::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + # &Net::SSLeay::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + # $peername (optional) - If not omitted and $host matches $cert, + # a copy of the matching SAN or CN from + # the peer certificate is stored in $peername. + # + # returns: + # 1 for a successful match + # 0 for a failed match + # -1 for an internal error + # -2 if the input is malformed + +Check openssl doc L<https://www.openssl.org/docs/crypto/X509_check_host.html>. + +=item * X509_check_email + +B<COMPATIBILITY:> not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2. + +Checks if the certificate matches the specified email address. + + my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags); + # $cert - value corresponding to openssl's X509 structure + # $address - email address to check + # $flags (optional, default: 0) - see X509_check_host() + # + # returns: see X509_check_host() + +Check openssl doc L<https://www.openssl.org/docs/crypto/X509_check_email.html>. + +=item * X509_check_ip + +B<COMPATIBILITY:> not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2. + +Checks if the certificate matches the specified IPv4 or IPv6 address. + + my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags); + # $cert - value corresponding to openssl's X509 structure + # $address - IP address to check in binary format, in network byte order + # $flags (optional, default: 0) - see X509_check_host() + # + # returns: see X509_check_host() + +Check openssl doc L<https://www.openssl.org/docs/crypto/X509_check_ip.html>. + +=item * X509_check_ip_asc + +B<COMPATIBILITY:> not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2. + +Checks if the certificate matches the specified IPv4 or IPv6 address. + + my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags); + # $cert - value corresponding to openssl's X509 structure + # $address - IP address to check in text representation + # $flags (optional, default: 0) - see X509_check_host() + # + # returns: see X509_check_host() + +Check openssl doc L<https://www.openssl.org/docs/crypto/X509_check_ip_asc.html>. + =item * X509_certificate_type B<COMPATIBILITY:> not available in Net-SSLeay-1.45 and before @@ -7900,149 +7974,150 @@ =for comment the next part is the output of: perl helper_script/regen_openssl_constants.pl -gen-pod - ASN1_STRFLGS_ESC_CTRL NID_dsa_2 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION - ASN1_STRFLGS_ESC_MSB NID_email_protect OP_CIPHER_SERVER_PREFERENCE - ASN1_STRFLGS_ESC_QUOTE NID_ext_key_usage OP_CISCO_ANYCONNECT - ASN1_STRFLGS_RFC2253 NID_ext_req OP_COOKIE_EXCHANGE - CB_ACCEPT_EXIT NID_friendlyName OP_CRYPTOPRO_TLSEXT_BUG - CB_ACCEPT_LOOP NID_givenName OP_DONT_INSERT_EMPTY_FRAGMENTS - CB_ALERT NID_hmacWithSHA1 OP_EPHEMERAL_RSA - CB_CONNECT_EXIT NID_id_ad OP_LEGACY_SERVER_CONNECT - CB_CONNECT_LOOP NID_id_ce OP_MICROSOFT_BIG_SSLV3_BUFFER - CB_EXIT NID_id_kp OP_MICROSOFT_SESS_ID_BUG - CB_HANDSHAKE_DONE NID_id_pbkdf2 OP_MSIE_SSLV2_RSA_PADDING - CB_HANDSHAKE_START NID_id_pe OP_NETSCAPE_CA_DN_BUG - CB_LOOP NID_id_pkix OP_NETSCAPE_CHALLENGE_BUG - CB_READ NID_id_qt_cps OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - CB_READ_ALERT NID_id_qt_unotice OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CB_WRITE NID_idea_cbc OP_NON_EXPORT_FIRST - CB_WRITE_ALERT NID_idea_cfb64 OP_NO_COMPRESSION - ERROR_NONE NID_idea_ecb OP_NO_QUERY_MTU - ERROR_SSL NID_idea_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - ERROR_SYSCALL NID_info_access OP_NO_SSLv2 - ERROR_WANT_ACCEPT NID_initials OP_NO_SSLv3 - ERROR_WANT_CONNECT NID_invalidity_date OP_NO_TICKET - ERROR_WANT_READ NID_issuer_alt_name OP_NO_TLSv1 - ERROR_WANT_WRITE NID_keyBag OP_NO_TLSv1_1 - ERROR_WANT_X509_LOOKUP NID_key_usage OP_NO_TLSv1_2 - ERROR_ZERO_RETURN NID_localKeyID OP_PKCS1_CHECK_1 - EVP_PKS_DSA NID_localityName OP_PKCS1_CHECK_2 - EVP_PKS_EC NID_md2 OP_SINGLE_DH_USE - EVP_PKS_RSA NID_md2WithRSAEncryption OP_SINGLE_ECDH_USE - EVP_PKT_ENC NID_md5 OP_SSLEAY_080_CLIENT_DH_BUG - EVP_PKT_EXCH NID_md5WithRSA OP_SSLREF2_REUSE_CERT_TYPE_BUG - EVP_PKT_EXP NID_md5WithRSAEncryption OP_TLS_BLOCK_PADDING_BUG - EVP_PKT_SIGN NID_md5_sha1 OP_TLS_D5_BUG - EVP_PK_DH NID_mdc2 OP_TLS_ROLLBACK_BUG - EVP_PK_DSA NID_mdc2WithRSA READING - EVP_PK_EC NID_ms_code_com RECEIVED_SHUTDOWN - EVP_PK_RSA NID_ms_code_ind RSA_3 - FILETYPE_ASN1 NID_ms_ctl_sign RSA_F4 - FILETYPE_PEM NID_ms_efs R_BAD_AUTHENTICATION_TYPE - F_CLIENT_CERTIFICATE NID_ms_ext_req R_BAD_CHECKSUM - F_CLIENT_HELLO NID_ms_sgc R_BAD_MAC_DECODE - F_CLIENT_MASTER_KEY NID_name R_BAD_RESPONSE_ARGUMENT - F_D2I_SSL_SESSION NID_netscape R_BAD_SSL_FILETYPE - F_GET_CLIENT_FINISHED NID_netscape_base_url R_BAD_SSL_SESSION_ID_LENGTH - F_GET_CLIENT_HELLO NID_netscape_ca_policy_url R_BAD_STATE - F_GET_CLIENT_MASTER_KEY NID_netscape_ca_revocation_url R_BAD_WRITE_RETRY - F_GET_SERVER_FINISHED NID_netscape_cert_extension R_CHALLENGE_IS_DIFFERENT - F_GET_SERVER_HELLO NID_netscape_cert_sequence R_CIPHER_TABLE_SRC_ERROR - F_GET_SERVER_VERIFY NID_netscape_cert_type R_INVALID_CHALLENGE_LENGTH - F_I2D_SSL_SESSION NID_netscape_comment R_NO_CERTIFICATE_SET - F_READ_N NID_netscape_data_type R_NO_CERTIFICATE_SPECIFIED - F_REQUEST_CERTIFICATE NID_netscape_renewal_url R_NO_CIPHER_LIST - F_SERVER_HELLO NID_netscape_revocation_url R_NO_CIPHER_MATCH - F_SSL_CERT_NEW NID_netscape_ssl_server_name R_NO_PRIVATEKEY - F_SSL_GET_NEW_SESSION NID_ns_sgc R_NO_PUBLICKEY - F_SSL_NEW NID_organizationName R_NULL_SSL_CTX - F_SSL_READ NID_organizationalUnitName R_PEER_DID_NOT_RETURN_A_CERTIFICATE - F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD2AndDES_CBC R_PEER_ERROR - F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_CERTIFICATE - F_SSL_SESSION_NEW NID_pbeWithMD5AndCast5_CBC R_PEER_ERROR_NO_CIPHER - F_SSL_SESSION_PRINT_FP NID_pbeWithMD5AndDES_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE - F_SSL_SET_FD NID_pbeWithMD5AndRC2_CBC R_PUBLIC_KEY_ENCRYPT_ERROR - F_SSL_SET_RFD NID_pbeWithSHA1AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA - F_SSL_SET_WFD NID_pbeWithSHA1AndRC2_CBC R_READ_WRONG_PACKET_TYPE - F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And128BitRC2_CBC R_SHORT_READ - F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And128BitRC4 R_SSL_SESSION_ID_IS_DIFFERENT - F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY - F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_UNKNOWN_REMOTE_ERROR_TYPE - F_SSL_USE_PRIVATEKEY_ASN1 NID_pbe_WithSHA1And40BitRC2_CBC R_UNKNOWN_STATE - F_SSL_USE_PRIVATEKEY_FILE NID_pbe_WithSHA1And40BitRC4 R_X509_LIB - F_SSL_USE_RSAPRIVATEKEY NID_pbes2 SENT_SHUTDOWN - F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pbmac1 SESSION_ASN1_VERSION - F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs ST_ACCEPT - F_WRITE_PENDING NID_pkcs3 ST_BEFORE - GEN_DIRNAME NID_pkcs7 ST_CONNECT - GEN_DNS NID_pkcs7_data ST_INIT - GEN_EDIPARTY NID_pkcs7_digest ST_OK - GEN_EMAIL NID_pkcs7_encrypted ST_READ_BODY - GEN_IPADD NID_pkcs7_enveloped ST_READ_HEADER - GEN_OTHERNAME NID_pkcs7_signed TLSEXT_STATUSTYPE_ocsp - GEN_RID NID_pkcs7_signedAndEnveloped VERIFY_CLIENT_ONCE - GEN_URI NID_pkcs8ShroudedKeyBag VERIFY_FAIL_IF_NO_PEER_CERT - GEN_X400 NID_pkcs9 VERIFY_NONE - LIBRESSL_VERSION_NUMBER NID_pkcs9_challengePassword VERIFY_PEER - MBSTRING_ASC NID_pkcs9_contentType V_OCSP_CERTSTATUS_GOOD - MBSTRING_BMP NID_pkcs9_countersignature V_OCSP_CERTSTATUS_REVOKED - MBSTRING_FLAG NID_pkcs9_emailAddress V_OCSP_CERTSTATUS_UNKNOWN - MBSTRING_UNIV NID_pkcs9_extCertAttributes WRITING - MBSTRING_UTF8 NID_pkcs9_messageDigest X509_LOOKUP - MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_signingTime X509_PURPOSE_ANY - MODE_ACCEPT_MOVING_WRITE_BUFFER NID_pkcs9_unstructuredAddress X509_PURPOSE_CRL_SIGN - MODE_AUTO_RETRY NID_pkcs9_unstructuredName X509_PURPOSE_NS_SSL_SERVER - MODE_ENABLE_PARTIAL_WRITE NID_private_key_usage_period X509_PURPOSE_OCSP_HELPER - MODE_RELEASE_BUFFERS NID_rc2_40_cbc X509_PURPOSE_SMIME_ENCRYPT - NID_OCSP_sign NID_rc2_64_cbc X509_PURPOSE_SMIME_SIGN - NID_SMIMECapabilities NID_rc2_cbc X509_PURPOSE_SSL_CLIENT - NID_X500 NID_rc2_cfb64 X509_PURPOSE_SSL_SERVER - NID_X509 NID_rc2_ecb X509_PURPOSE_TIMESTAMP_SIGN - NID_ad_OCSP NID_rc2_ofb64 X509_TRUST_COMPAT - NID_ad_ca_issuers NID_rc4 X509_TRUST_EMAIL - NID_algorithm NID_rc4_40 X509_TRUST_OBJECT_SIGN - NID_authority_key_identifier NID_rc5_cbc X509_TRUST_OCSP_REQUEST - NID_basic_constraints NID_rc5_cfb64 X509_TRUST_OCSP_SIGN - NID_bf_cbc NID_rc5_ecb X509_TRUST_SSL_CLIENT - NID_bf_cfb64 NID_rc5_ofb64 X509_TRUST_SSL_SERVER - NID_bf_ecb NID_ripemd160 X509_TRUST_TSA - NID_bf_ofb64 NID_ripemd160WithRSA X509_V_FLAG_ALLOW_PROXY_CERTS - NID_cast5_cbc NID_rle_compression X509_V_FLAG_CB_ISSUER_CHECK - NID_cast5_cfb64 NID_rsa X509_V_FLAG_CHECK_SS_SIGNATURE - NID_cast5_ecb NID_rsaEncryption X509_V_FLAG_CRL_CHECK - NID_cast5_ofb64 NID_rsadsi X509_V_FLAG_CRL_CHECK_ALL - NID_certBag NID_safeContentsBag X509_V_FLAG_EXPLICIT_POLICY - NID_certificate_policies NID_sdsiCertificate X509_V_FLAG_EXTENDED_CRL_SUPPORT - NID_client_auth NID_secretBag X509_V_FLAG_IGNORE_CRITICAL - NID_code_sign NID_serialNumber X509_V_FLAG_INHIBIT_ANY - NID_commonName NID_server_auth X509_V_FLAG_INHIBIT_MAP - NID_countryName NID_sha X509_V_FLAG_NOTIFY_POLICY - NID_crlBag NID_sha1 X509_V_FLAG_POLICY_CHECK - NID_crl_distribution_points NID_sha1WithRSA X509_V_FLAG_POLICY_MASK - NID_crl_number NID_sha1WithRSAEncryption X509_V_FLAG_USE_CHECK_TIME - NID_crl_reason NID_shaWithRSAEncryption X509_V_FLAG_USE_DELTAS - NID_delta_crl NID_stateOrProvinceName X509_V_FLAG_X509_STRICT - NID_des_cbc NID_subject_alt_name X509_V_OK - NID_des_cfb64 NID_subject_key_identifier XN_FLAG_COMPAT - NID_des_ecb NID_surname XN_FLAG_DN_REV - NID_des_ede NID_sxnet XN_FLAG_DUMP_UNKNOWN_FIELDS - NID_des_ede3 NID_time_stamp XN_FLAG_FN_ALIGN - NID_des_ede3_cbc NID_title XN_FLAG_FN_LN - NID_des_ede3_cfb64 NID_undef XN_FLAG_FN_MASK - NID_des_ede3_ofb64 NID_uniqueIdentifier XN_FLAG_FN_NONE - NID_des_ede_cbc NID_x509Certificate XN_FLAG_FN_OID - NID_des_ede_cfb64 NID_x509Crl XN_FLAG_FN_SN - NID_des_ede_ofb64 NID_zlib_compression XN_FLAG_MULTILINE - NID_des_ofb64 NOTHING XN_FLAG_ONELINE - NID_description OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_RFC2253 - NID_desx_cbc OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_SEP_COMMA_PLUS - NID_dhKeyAgreement OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_SEP_CPLUS_SPC - NID_dnQualifier OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_SEP_MASK - NID_dsa OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_SEP_MULTILINE - NID_dsaWithSHA OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_SPLUS_SPC - NID_dsaWithSHA1 OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ - NID_dsaWithSHA1_2 OP_ALL - + ASN1_STRFLGS_ESC_CTRL NID_ext_key_usage OP_CRYPTOPRO_TLSEXT_BUG + ASN1_STRFLGS_ESC_MSB NID_ext_req OP_DONT_INSERT_EMPTY_FRAGMENTS + ASN1_STRFLGS_ESC_QUOTE NID_friendlyName OP_EPHEMERAL_RSA + ASN1_STRFLGS_RFC2253 NID_givenName OP_LEGACY_SERVER_CONNECT + CB_ACCEPT_EXIT NID_hmacWithSHA1 OP_MICROSOFT_BIG_SSLV3_BUFFER + CB_ACCEPT_LOOP NID_id_ad OP_MICROSOFT_SESS_ID_BUG + CB_ALERT NID_id_ce OP_MSIE_SSLV2_RSA_PADDING + CB_CONNECT_EXIT NID_id_kp OP_NETSCAPE_CA_DN_BUG + CB_CONNECT_LOOP NID_id_pbkdf2 OP_NETSCAPE_CHALLENGE_BUG + CB_EXIT NID_id_pe OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + CB_HANDSHAKE_DONE NID_id_pkix OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + CB_HANDSHAKE_START NID_id_qt_cps OP_NON_EXPORT_FIRST + CB_LOOP NID_id_qt_unotice OP_NO_COMPRESSION + CB_READ NID_idea_cbc OP_NO_QUERY_MTU + CB_READ_ALERT NID_idea_cfb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + CB_WRITE NID_idea_ecb OP_NO_SSLv2 + CB_WRITE_ALERT NID_idea_ofb64 OP_NO_SSLv3 + ERROR_NONE NID_info_access OP_NO_TICKET + ERROR_SSL NID_initials OP_NO_TLSv1 + ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1 + ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 + ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 + ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2 + ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE + ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE + ERROR_ZERO_RETURN NID_md2 OP_SSLEAY_080_CLIENT_DH_BUG + EVP_PKS_DSA NID_md2WithRSAEncryption OP_SSLREF2_REUSE_CERT_TYPE_BUG + EVP_PKS_EC NID_md5 OP_TLS_BLOCK_PADDING_BUG + EVP_PKS_RSA NID_md5WithRSA OP_TLS_D5_BUG + EVP_PKT_ENC NID_md5WithRSAEncryption OP_TLS_ROLLBACK_BUG + EVP_PKT_EXCH NID_md5_sha1 READING + EVP_PKT_EXP NID_mdc2 RECEIVED_SHUTDOWN + EVP_PKT_SIGN NID_mdc2WithRSA RSA_3 + EVP_PK_DH NID_ms_code_com RSA_F4 + EVP_PK_DSA NID_ms_code_ind R_BAD_AUTHENTICATION_TYPE + EVP_PK_EC NID_ms_ctl_sign R_BAD_CHECKSUM + EVP_PK_RSA NID_ms_efs R_BAD_MAC_DECODE + FILETYPE_ASN1 NID_ms_ext_req R_BAD_RESPONSE_ARGUMENT + FILETYPE_PEM NID_ms_sgc R_BAD_SSL_FILETYPE + F_CLIENT_CERTIFICATE NID_name R_BAD_SSL_SESSION_ID_LENGTH + F_CLIENT_HELLO NID_netscape R_BAD_STATE + F_CLIENT_MASTER_KEY NID_netscape_base_url R_BAD_WRITE_RETRY + F_D2I_SSL_SESSION NID_netscape_ca_policy_url R_CHALLENGE_IS_DIFFERENT + F_GET_CLIENT_FINISHED NID_netscape_ca_revocation_url R_CIPHER_TABLE_SRC_ERROR + F_GET_CLIENT_HELLO NID_netscape_cert_extension R_INVALID_CHALLENGE_LENGTH + F_GET_CLIENT_MASTER_KEY NID_netscape_cert_sequence R_NO_CERTIFICATE_SET + F_GET_SERVER_FINISHED NID_netscape_cert_type R_NO_CERTIFICATE_SPECIFIED + F_GET_SERVER_HELLO NID_netscape_comment R_NO_CIPHER_LIST + F_GET_SERVER_VERIFY NID_netscape_data_type R_NO_CIPHER_MATCH + F_I2D_SSL_SESSION NID_netscape_renewal_url R_NO_PRIVATEKEY + F_READ_N NID_netscape_revocation_url R_NO_PUBLICKEY + F_REQUEST_CERTIFICATE NID_netscape_ssl_server_name R_NULL_SSL_CTX + F_SERVER_HELLO NID_ns_sgc R_PEER_DID_NOT_RETURN_A_CERTIFICATE + F_SSL_CERT_NEW NID_organizationName R_PEER_ERROR + F_SSL_GET_NEW_SESSION NID_organizationalUnitName R_PEER_ERROR_CERTIFICATE + F_SSL_NEW NID_pbeWithMD2AndDES_CBC R_PEER_ERROR_NO_CIPHER + F_SSL_READ NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD5AndCast5_CBC R_PUBLIC_KEY_ENCRYPT_ERROR + F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD5AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA + F_SSL_SESSION_NEW NID_pbeWithMD5AndRC2_CBC R_READ_WRONG_PACKET_TYPE + F_SSL_SESSION_PRINT_FP NID_pbeWithSHA1AndDES_CBC R_SHORT_READ + F_SSL_SET_FD NID_pbeWithSHA1AndRC2_CBC R_SSL_SESSION_ID_IS_DIFFERENT + F_SSL_SET_RFD NID_pbe_WithSHA1And128BitRC2_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY + F_SSL_SET_WFD NID_pbe_WithSHA1And128BitRC4 R_UNKNOWN_REMOTE_ERROR_TYPE + F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNKNOWN_STATE + F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_X509_LIB + F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And40BitRC2_CBC SENT_SHUTDOWN + F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And40BitRC4 SESSION_ASN1_VERSION + F_SSL_USE_PRIVATEKEY_ASN1 NID_pbes2 ST_ACCEPT + F_SSL_USE_PRIVATEKEY_FILE NID_pbmac1 ST_BEFORE + F_SSL_USE_RSAPRIVATEKEY NID_pkcs ST_CONNECT + F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pkcs3 ST_INIT + F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs7 ST_OK + F_WRITE_PENDING NID_pkcs7_data ST_READ_BODY + GEN_DIRNAME NID_pkcs7_digest ST_READ_HEADER + GEN_DNS NID_pkcs7_encrypted TLSEXT_STATUSTYPE_ocsp + GEN_EDIPARTY NID_pkcs7_enveloped VERIFY_CLIENT_ONCE + GEN_EMAIL NID_pkcs7_signed VERIFY_FAIL_IF_NO_PEER_CERT + GEN_IPADD NID_pkcs7_signedAndEnveloped VERIFY_NONE + GEN_OTHERNAME NID_pkcs8ShroudedKeyBag VERIFY_PEER + GEN_RID NID_pkcs9 V_OCSP_CERTSTATUS_GOOD + GEN_URI NID_pkcs9_challengePassword V_OCSP_CERTSTATUS_REVOKED + GEN_X400 NID_pkcs9_contentType V_OCSP_CERTSTATUS_UNKNOWN + LIBRESSL_VERSION_NUMBER NID_pkcs9_countersignature WRITING + MBSTRING_ASC NID_pkcs9_emailAddress X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + MBSTRING_BMP NID_pkcs9_extCertAttributes X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + MBSTRING_FLAG NID_pkcs9_messageDigest X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + MBSTRING_UNIV NID_pkcs9_signingTime X509_CHECK_FLAG_NO_WILDCARDS + MBSTRING_UTF8 NID_pkcs9_unstructuredAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_unstructuredName X509_LOOKUP + MODE_ACCEPT_MOVING_WRITE_BUFFER NID_private_key_usage_period X509_PURPOSE_ANY + MODE_AUTO_RETRY NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN + MODE_ENABLE_PARTIAL_WRITE NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER + MODE_RELEASE_BUFFERS NID_rc2_cbc X509_PURPOSE_OCSP_HELPER + NID_OCSP_sign NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT + NID_SMIMECapabilities NID_rc2_ecb X509_PURPOSE_SMIME_SIGN + NID_X500 NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT + NID_X509 NID_rc4 X509_PURPOSE_SSL_SERVER + NID_ad_OCSP NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN + NID_ad_ca_issuers NID_rc5_cbc X509_TRUST_COMPAT + NID_algorithm NID_rc5_cfb64 X509_TRUST_EMAIL + NID_authority_key_identifier NID_rc5_ecb X509_TRUST_OBJECT_SIGN + NID_basic_constraints NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST + NID_bf_cbc NID_ripemd160 X509_TRUST_OCSP_SIGN + NID_bf_cfb64 NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT + NID_bf_ecb NID_rle_compression X509_TRUST_SSL_SERVER + NID_bf_ofb64 NID_rsa X509_TRUST_TSA + NID_cast5_cbc NID_rsaEncryption X509_V_FLAG_ALLOW_PROXY_CERTS + NID_cast5_cfb64 NID_rsadsi X509_V_FLAG_CB_ISSUER_CHECK + NID_cast5_ecb NID_safeContentsBag X509_V_FLAG_CHECK_SS_SIGNATURE + NID_cast5_ofb64 NID_sdsiCertificate X509_V_FLAG_CRL_CHECK + NID_certBag NID_secretBag X509_V_FLAG_CRL_CHECK_ALL + NID_certificate_policies NID_serialNumber X509_V_FLAG_EXPLICIT_POLICY + NID_client_auth NID_server_auth X509_V_FLAG_EXTENDED_CRL_SUPPORT + NID_code_sign NID_sha X509_V_FLAG_IGNORE_CRITICAL + NID_commonName NID_sha1 X509_V_FLAG_INHIBIT_ANY + NID_countryName NID_sha1WithRSA X509_V_FLAG_INHIBIT_MAP + NID_crlBag NID_sha1WithRSAEncryption X509_V_FLAG_NOTIFY_POLICY + NID_crl_distribution_points NID_shaWithRSAEncryption X509_V_FLAG_POLICY_CHECK + NID_crl_number NID_stateOrProvinceName X509_V_FLAG_POLICY_MASK + NID_crl_reason NID_subject_alt_name X509_V_FLAG_TRUSTED_FIRST + NID_delta_crl NID_subject_key_identifier X509_V_FLAG_USE_CHECK_TIME + NID_des_cbc NID_surname X509_V_FLAG_USE_DELTAS + NID_des_cfb64 NID_sxnet X509_V_FLAG_X509_STRICT + NID_des_ecb NID_time_stamp X509_V_OK + NID_des_ede NID_title XN_FLAG_COMPAT + NID_des_ede3 NID_undef XN_FLAG_DN_REV + NID_des_ede3_cbc NID_uniqueIdentifier XN_FLAG_DUMP_UNKNOWN_FIELDS + NID_des_ede3_cfb64 NID_x509Certificate XN_FLAG_FN_ALIGN + NID_des_ede3_ofb64 NID_x509Crl XN_FLAG_FN_LN + NID_des_ede_cbc NID_zlib_compression XN_FLAG_FN_MASK + NID_des_ede_cfb64 NOTHING XN_FLAG_FN_NONE + NID_des_ede_ofb64 OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_FN_OID + NID_des_ofb64 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_FN_SN + NID_description OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_MULTILINE + NID_desx_cbc OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_ONELINE + NID_dhKeyAgreement OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_RFC2253 + NID_dnQualifier OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_COMMA_PLUS + NID_dsa OPENSSL_VERSION_NUMBER XN_FLAG_SEP_CPLUS_SPC + NID_dsaWithSHA OP_ALL XN_FLAG_SEP_MASK + NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE + NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC + NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ + NID_email_protect OP_COOKIE_EXCHANGE =head2 INTERNAL ONLY functions (do not use these) The following functions are not intended for use from outside of L<Net::SSLeay> module. @@ -8262,6 +8337,10 @@ =head1 KNOWN BUGS AND CAVEATS +An OpenSSL bug CVE-2015-0290 "OpenSSL Multiblock Corrupted Pointer Issue" +can cause POST requests of over 90kB to fail or crash. This bug is reported to be fixed in +OpenSSL 1.0.2a. + Autoloader emits a Argument "xxx" isn't numeric in entersub at blib/lib/Net/SSLeay.pm' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/t/local/21_constants.t new/Net-SSLeay-1.69/t/local/21_constants.t --- old/Net-SSLeay-1.68/t/local/21_constants.t 2014-07-13 23:41:53.000000000 +0200 +++ new/Net-SSLeay-1.69/t/local/21_constants.t 2015-05-29 02:51:39.000000000 +0200 @@ -13,152 +13,154 @@ } else { - eval 'use Test::More tests => 426;'; + eval 'use Test::More tests => 432;'; } my @c = (qw/ - ASN1_STRFLGS_ESC_CTRL NID_dsa_2 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION - ASN1_STRFLGS_ESC_MSB NID_email_protect OP_CIPHER_SERVER_PREFERENCE - ASN1_STRFLGS_ESC_QUOTE NID_ext_key_usage OP_CISCO_ANYCONNECT - ASN1_STRFLGS_RFC2253 NID_ext_req OP_COOKIE_EXCHANGE - CB_ACCEPT_EXIT NID_friendlyName OP_CRYPTOPRO_TLSEXT_BUG - CB_ACCEPT_LOOP NID_givenName OP_DONT_INSERT_EMPTY_FRAGMENTS - CB_ALERT NID_hmacWithSHA1 OP_EPHEMERAL_RSA - CB_CONNECT_EXIT NID_id_ad OP_LEGACY_SERVER_CONNECT - CB_CONNECT_LOOP NID_id_ce OP_MICROSOFT_BIG_SSLV3_BUFFER - CB_EXIT NID_id_kp OP_MICROSOFT_SESS_ID_BUG - CB_HANDSHAKE_DONE NID_id_pbkdf2 OP_MSIE_SSLV2_RSA_PADDING - CB_HANDSHAKE_START NID_id_pe OP_NETSCAPE_CA_DN_BUG - CB_LOOP NID_id_pkix OP_NETSCAPE_CHALLENGE_BUG - CB_READ NID_id_qt_cps OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - CB_READ_ALERT NID_id_qt_unotice OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - CB_WRITE NID_idea_cbc OP_NON_EXPORT_FIRST - CB_WRITE_ALERT NID_idea_cfb64 OP_NO_COMPRESSION - ERROR_NONE NID_idea_ecb OP_NO_QUERY_MTU - ERROR_SSL NID_idea_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - ERROR_SYSCALL NID_info_access OP_NO_SSLv2 - ERROR_WANT_ACCEPT NID_initials OP_NO_SSLv3 - ERROR_WANT_CONNECT NID_invalidity_date OP_NO_TICKET - ERROR_WANT_READ NID_issuer_alt_name OP_NO_TLSv1 - ERROR_WANT_WRITE NID_keyBag OP_NO_TLSv1_1 - ERROR_WANT_X509_LOOKUP NID_key_usage OP_NO_TLSv1_2 - ERROR_ZERO_RETURN NID_localKeyID OP_PKCS1_CHECK_1 - EVP_PKS_DSA NID_localityName OP_PKCS1_CHECK_2 - EVP_PKS_EC NID_md2 OP_SINGLE_DH_USE - EVP_PKS_RSA NID_md2WithRSAEncryption OP_SINGLE_ECDH_USE - EVP_PKT_ENC NID_md5 OP_SSLEAY_080_CLIENT_DH_BUG - EVP_PKT_EXCH NID_md5WithRSA OP_SSLREF2_REUSE_CERT_TYPE_BUG - EVP_PKT_EXP NID_md5WithRSAEncryption OP_TLS_BLOCK_PADDING_BUG - EVP_PKT_SIGN NID_md5_sha1 OP_TLS_D5_BUG - EVP_PK_DH NID_mdc2 OP_TLS_ROLLBACK_BUG - EVP_PK_DSA NID_mdc2WithRSA READING - EVP_PK_EC NID_ms_code_com RECEIVED_SHUTDOWN - EVP_PK_RSA NID_ms_code_ind RSA_3 - FILETYPE_ASN1 NID_ms_ctl_sign RSA_F4 - FILETYPE_PEM NID_ms_efs R_BAD_AUTHENTICATION_TYPE - F_CLIENT_CERTIFICATE NID_ms_ext_req R_BAD_CHECKSUM - F_CLIENT_HELLO NID_ms_sgc R_BAD_MAC_DECODE - F_CLIENT_MASTER_KEY NID_name R_BAD_RESPONSE_ARGUMENT - F_D2I_SSL_SESSION NID_netscape R_BAD_SSL_FILETYPE - F_GET_CLIENT_FINISHED NID_netscape_base_url R_BAD_SSL_SESSION_ID_LENGTH - F_GET_CLIENT_HELLO NID_netscape_ca_policy_url R_BAD_STATE - F_GET_CLIENT_MASTER_KEY NID_netscape_ca_revocation_url R_BAD_WRITE_RETRY - F_GET_SERVER_FINISHED NID_netscape_cert_extension R_CHALLENGE_IS_DIFFERENT - F_GET_SERVER_HELLO NID_netscape_cert_sequence R_CIPHER_TABLE_SRC_ERROR - F_GET_SERVER_VERIFY NID_netscape_cert_type R_INVALID_CHALLENGE_LENGTH - F_I2D_SSL_SESSION NID_netscape_comment R_NO_CERTIFICATE_SET - F_READ_N NID_netscape_data_type R_NO_CERTIFICATE_SPECIFIED - F_REQUEST_CERTIFICATE NID_netscape_renewal_url R_NO_CIPHER_LIST - F_SERVER_HELLO NID_netscape_revocation_url R_NO_CIPHER_MATCH - F_SSL_CERT_NEW NID_netscape_ssl_server_name R_NO_PRIVATEKEY - F_SSL_GET_NEW_SESSION NID_ns_sgc R_NO_PUBLICKEY - F_SSL_NEW NID_organizationName R_NULL_SSL_CTX - F_SSL_READ NID_organizationalUnitName R_PEER_DID_NOT_RETURN_A_CERTIFICATE - F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD2AndDES_CBC R_PEER_ERROR - F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_CERTIFICATE - F_SSL_SESSION_NEW NID_pbeWithMD5AndCast5_CBC R_PEER_ERROR_NO_CIPHER - F_SSL_SESSION_PRINT_FP NID_pbeWithMD5AndDES_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE - F_SSL_SET_FD NID_pbeWithMD5AndRC2_CBC R_PUBLIC_KEY_ENCRYPT_ERROR - F_SSL_SET_RFD NID_pbeWithSHA1AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA - F_SSL_SET_WFD NID_pbeWithSHA1AndRC2_CBC R_READ_WRONG_PACKET_TYPE - F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And128BitRC2_CBC R_SHORT_READ - F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And128BitRC4 R_SSL_SESSION_ID_IS_DIFFERENT - F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY - F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_UNKNOWN_REMOTE_ERROR_TYPE - F_SSL_USE_PRIVATEKEY_ASN1 NID_pbe_WithSHA1And40BitRC2_CBC R_UNKNOWN_STATE - F_SSL_USE_PRIVATEKEY_FILE NID_pbe_WithSHA1And40BitRC4 R_X509_LIB - F_SSL_USE_RSAPRIVATEKEY NID_pbes2 SENT_SHUTDOWN - F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pbmac1 SESSION_ASN1_VERSION - F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs ST_ACCEPT - F_WRITE_PENDING NID_pkcs3 ST_BEFORE - GEN_DIRNAME NID_pkcs7 ST_CONNECT - GEN_DNS NID_pkcs7_data ST_INIT - GEN_EDIPARTY NID_pkcs7_digest ST_OK - GEN_EMAIL NID_pkcs7_encrypted ST_READ_BODY - GEN_IPADD NID_pkcs7_enveloped ST_READ_HEADER - GEN_OTHERNAME NID_pkcs7_signed TLSEXT_STATUSTYPE_ocsp - GEN_RID NID_pkcs7_signedAndEnveloped VERIFY_CLIENT_ONCE - GEN_URI NID_pkcs8ShroudedKeyBag VERIFY_FAIL_IF_NO_PEER_CERT - GEN_X400 NID_pkcs9 VERIFY_NONE - LIBRESSL_VERSION_NUMBER NID_pkcs9_challengePassword VERIFY_PEER - MBSTRING_ASC NID_pkcs9_contentType V_OCSP_CERTSTATUS_GOOD - MBSTRING_BMP NID_pkcs9_countersignature V_OCSP_CERTSTATUS_REVOKED - MBSTRING_FLAG NID_pkcs9_emailAddress V_OCSP_CERTSTATUS_UNKNOWN - MBSTRING_UNIV NID_pkcs9_extCertAttributes WRITING - MBSTRING_UTF8 NID_pkcs9_messageDigest X509_LOOKUP - MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_signingTime X509_PURPOSE_ANY - MODE_ACCEPT_MOVING_WRITE_BUFFER NID_pkcs9_unstructuredAddress X509_PURPOSE_CRL_SIGN - MODE_AUTO_RETRY NID_pkcs9_unstructuredName X509_PURPOSE_NS_SSL_SERVER - MODE_ENABLE_PARTIAL_WRITE NID_private_key_usage_period X509_PURPOSE_OCSP_HELPER - MODE_RELEASE_BUFFERS NID_rc2_40_cbc X509_PURPOSE_SMIME_ENCRYPT - NID_OCSP_sign NID_rc2_64_cbc X509_PURPOSE_SMIME_SIGN - NID_SMIMECapabilities NID_rc2_cbc X509_PURPOSE_SSL_CLIENT - NID_X500 NID_rc2_cfb64 X509_PURPOSE_SSL_SERVER - NID_X509 NID_rc2_ecb X509_PURPOSE_TIMESTAMP_SIGN - NID_ad_OCSP NID_rc2_ofb64 X509_TRUST_COMPAT - NID_ad_ca_issuers NID_rc4 X509_TRUST_EMAIL - NID_algorithm NID_rc4_40 X509_TRUST_OBJECT_SIGN - NID_authority_key_identifier NID_rc5_cbc X509_TRUST_OCSP_REQUEST - NID_basic_constraints NID_rc5_cfb64 X509_TRUST_OCSP_SIGN - NID_bf_cbc NID_rc5_ecb X509_TRUST_SSL_CLIENT - NID_bf_cfb64 NID_rc5_ofb64 X509_TRUST_SSL_SERVER - NID_bf_ecb NID_ripemd160 X509_TRUST_TSA - NID_bf_ofb64 NID_ripemd160WithRSA X509_V_FLAG_ALLOW_PROXY_CERTS - NID_cast5_cbc NID_rle_compression X509_V_FLAG_CB_ISSUER_CHECK - NID_cast5_cfb64 NID_rsa X509_V_FLAG_CHECK_SS_SIGNATURE - NID_cast5_ecb NID_rsaEncryption X509_V_FLAG_CRL_CHECK - NID_cast5_ofb64 NID_rsadsi X509_V_FLAG_CRL_CHECK_ALL - NID_certBag NID_safeContentsBag X509_V_FLAG_EXPLICIT_POLICY - NID_certificate_policies NID_sdsiCertificate X509_V_FLAG_EXTENDED_CRL_SUPPORT - NID_client_auth NID_secretBag X509_V_FLAG_IGNORE_CRITICAL - NID_code_sign NID_serialNumber X509_V_FLAG_INHIBIT_ANY - NID_commonName NID_server_auth X509_V_FLAG_INHIBIT_MAP - NID_countryName NID_sha X509_V_FLAG_NOTIFY_POLICY - NID_crlBag NID_sha1 X509_V_FLAG_POLICY_CHECK - NID_crl_distribution_points NID_sha1WithRSA X509_V_FLAG_POLICY_MASK - NID_crl_number NID_sha1WithRSAEncryption X509_V_FLAG_USE_CHECK_TIME - NID_crl_reason NID_shaWithRSAEncryption X509_V_FLAG_USE_DELTAS - NID_delta_crl NID_stateOrProvinceName X509_V_FLAG_X509_STRICT - NID_des_cbc NID_subject_alt_name X509_V_OK - NID_des_cfb64 NID_subject_key_identifier XN_FLAG_COMPAT - NID_des_ecb NID_surname XN_FLAG_DN_REV - NID_des_ede NID_sxnet XN_FLAG_DUMP_UNKNOWN_FIELDS - NID_des_ede3 NID_time_stamp XN_FLAG_FN_ALIGN - NID_des_ede3_cbc NID_title XN_FLAG_FN_LN - NID_des_ede3_cfb64 NID_undef XN_FLAG_FN_MASK - NID_des_ede3_ofb64 NID_uniqueIdentifier XN_FLAG_FN_NONE - NID_des_ede_cbc NID_x509Certificate XN_FLAG_FN_OID - NID_des_ede_cfb64 NID_x509Crl XN_FLAG_FN_SN - NID_des_ede_ofb64 NID_zlib_compression XN_FLAG_MULTILINE - NID_des_ofb64 NOTHING XN_FLAG_ONELINE - NID_description OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_RFC2253 - NID_desx_cbc OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_SEP_COMMA_PLUS - NID_dhKeyAgreement OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_SEP_CPLUS_SPC - NID_dnQualifier OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_SEP_MASK - NID_dsa OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_SEP_MULTILINE - NID_dsaWithSHA OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_SPLUS_SPC - NID_dsaWithSHA1 OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ - NID_dsaWithSHA1_2 OP_ALL + ASN1_STRFLGS_ESC_CTRL NID_ext_key_usage OP_CRYPTOPRO_TLSEXT_BUG + ASN1_STRFLGS_ESC_MSB NID_ext_req OP_DONT_INSERT_EMPTY_FRAGMENTS + ASN1_STRFLGS_ESC_QUOTE NID_friendlyName OP_EPHEMERAL_RSA + ASN1_STRFLGS_RFC2253 NID_givenName OP_LEGACY_SERVER_CONNECT + CB_ACCEPT_EXIT NID_hmacWithSHA1 OP_MICROSOFT_BIG_SSLV3_BUFFER + CB_ACCEPT_LOOP NID_id_ad OP_MICROSOFT_SESS_ID_BUG + CB_ALERT NID_id_ce OP_MSIE_SSLV2_RSA_PADDING + CB_CONNECT_EXIT NID_id_kp OP_NETSCAPE_CA_DN_BUG + CB_CONNECT_LOOP NID_id_pbkdf2 OP_NETSCAPE_CHALLENGE_BUG + CB_EXIT NID_id_pe OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG + CB_HANDSHAKE_DONE NID_id_pkix OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + CB_HANDSHAKE_START NID_id_qt_cps OP_NON_EXPORT_FIRST + CB_LOOP NID_id_qt_unotice OP_NO_COMPRESSION + CB_READ NID_idea_cbc OP_NO_QUERY_MTU + CB_READ_ALERT NID_idea_cfb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + CB_WRITE NID_idea_ecb OP_NO_SSLv2 + CB_WRITE_ALERT NID_idea_ofb64 OP_NO_SSLv3 + ERROR_NONE NID_info_access OP_NO_TICKET + ERROR_SSL NID_initials OP_NO_TLSv1 + ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1 + ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2 + ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1 + ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2 + ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE + ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE + ERROR_ZERO_RETURN NID_md2 OP_SSLEAY_080_CLIENT_DH_BUG + EVP_PKS_DSA NID_md2WithRSAEncryption OP_SSLREF2_REUSE_CERT_TYPE_BUG + EVP_PKS_EC NID_md5 OP_TLS_BLOCK_PADDING_BUG + EVP_PKS_RSA NID_md5WithRSA OP_TLS_D5_BUG + EVP_PKT_ENC NID_md5WithRSAEncryption OP_TLS_ROLLBACK_BUG + EVP_PKT_EXCH NID_md5_sha1 READING + EVP_PKT_EXP NID_mdc2 RECEIVED_SHUTDOWN + EVP_PKT_SIGN NID_mdc2WithRSA RSA_3 + EVP_PK_DH NID_ms_code_com RSA_F4 + EVP_PK_DSA NID_ms_code_ind R_BAD_AUTHENTICATION_TYPE + EVP_PK_EC NID_ms_ctl_sign R_BAD_CHECKSUM + EVP_PK_RSA NID_ms_efs R_BAD_MAC_DECODE + FILETYPE_ASN1 NID_ms_ext_req R_BAD_RESPONSE_ARGUMENT + FILETYPE_PEM NID_ms_sgc R_BAD_SSL_FILETYPE + F_CLIENT_CERTIFICATE NID_name R_BAD_SSL_SESSION_ID_LENGTH + F_CLIENT_HELLO NID_netscape R_BAD_STATE + F_CLIENT_MASTER_KEY NID_netscape_base_url R_BAD_WRITE_RETRY + F_D2I_SSL_SESSION NID_netscape_ca_policy_url R_CHALLENGE_IS_DIFFERENT + F_GET_CLIENT_FINISHED NID_netscape_ca_revocation_url R_CIPHER_TABLE_SRC_ERROR + F_GET_CLIENT_HELLO NID_netscape_cert_extension R_INVALID_CHALLENGE_LENGTH + F_GET_CLIENT_MASTER_KEY NID_netscape_cert_sequence R_NO_CERTIFICATE_SET + F_GET_SERVER_FINISHED NID_netscape_cert_type R_NO_CERTIFICATE_SPECIFIED + F_GET_SERVER_HELLO NID_netscape_comment R_NO_CIPHER_LIST + F_GET_SERVER_VERIFY NID_netscape_data_type R_NO_CIPHER_MATCH + F_I2D_SSL_SESSION NID_netscape_renewal_url R_NO_PRIVATEKEY + F_READ_N NID_netscape_revocation_url R_NO_PUBLICKEY + F_REQUEST_CERTIFICATE NID_netscape_ssl_server_name R_NULL_SSL_CTX + F_SERVER_HELLO NID_ns_sgc R_PEER_DID_NOT_RETURN_A_CERTIFICATE + F_SSL_CERT_NEW NID_organizationName R_PEER_ERROR + F_SSL_GET_NEW_SESSION NID_organizationalUnitName R_PEER_ERROR_CERTIFICATE + F_SSL_NEW NID_pbeWithMD2AndDES_CBC R_PEER_ERROR_NO_CIPHER + F_SSL_READ NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE + F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD5AndCast5_CBC R_PUBLIC_KEY_ENCRYPT_ERROR + F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD5AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA + F_SSL_SESSION_NEW NID_pbeWithMD5AndRC2_CBC R_READ_WRONG_PACKET_TYPE + F_SSL_SESSION_PRINT_FP NID_pbeWithSHA1AndDES_CBC R_SHORT_READ + F_SSL_SET_FD NID_pbeWithSHA1AndRC2_CBC R_SSL_SESSION_ID_IS_DIFFERENT + F_SSL_SET_RFD NID_pbe_WithSHA1And128BitRC2_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY + F_SSL_SET_WFD NID_pbe_WithSHA1And128BitRC4 R_UNKNOWN_REMOTE_ERROR_TYPE + F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNKNOWN_STATE + F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_X509_LIB + F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And40BitRC2_CBC SENT_SHUTDOWN + F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And40BitRC4 SESSION_ASN1_VERSION + F_SSL_USE_PRIVATEKEY_ASN1 NID_pbes2 ST_ACCEPT + F_SSL_USE_PRIVATEKEY_FILE NID_pbmac1 ST_BEFORE + F_SSL_USE_RSAPRIVATEKEY NID_pkcs ST_CONNECT + F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pkcs3 ST_INIT + F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs7 ST_OK + F_WRITE_PENDING NID_pkcs7_data ST_READ_BODY + GEN_DIRNAME NID_pkcs7_digest ST_READ_HEADER + GEN_DNS NID_pkcs7_encrypted TLSEXT_STATUSTYPE_ocsp + GEN_EDIPARTY NID_pkcs7_enveloped VERIFY_CLIENT_ONCE + GEN_EMAIL NID_pkcs7_signed VERIFY_FAIL_IF_NO_PEER_CERT + GEN_IPADD NID_pkcs7_signedAndEnveloped VERIFY_NONE + GEN_OTHERNAME NID_pkcs8ShroudedKeyBag VERIFY_PEER + GEN_RID NID_pkcs9 V_OCSP_CERTSTATUS_GOOD + GEN_URI NID_pkcs9_challengePassword V_OCSP_CERTSTATUS_REVOKED + GEN_X400 NID_pkcs9_contentType V_OCSP_CERTSTATUS_UNKNOWN + LIBRESSL_VERSION_NUMBER NID_pkcs9_countersignature WRITING + MBSTRING_ASC NID_pkcs9_emailAddress X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT + MBSTRING_BMP NID_pkcs9_extCertAttributes X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS + MBSTRING_FLAG NID_pkcs9_messageDigest X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS + MBSTRING_UNIV NID_pkcs9_signingTime X509_CHECK_FLAG_NO_WILDCARDS + MBSTRING_UTF8 NID_pkcs9_unstructuredAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS + MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_unstructuredName X509_LOOKUP + MODE_ACCEPT_MOVING_WRITE_BUFFER NID_private_key_usage_period X509_PURPOSE_ANY + MODE_AUTO_RETRY NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN + MODE_ENABLE_PARTIAL_WRITE NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER + MODE_RELEASE_BUFFERS NID_rc2_cbc X509_PURPOSE_OCSP_HELPER + NID_OCSP_sign NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT + NID_SMIMECapabilities NID_rc2_ecb X509_PURPOSE_SMIME_SIGN + NID_X500 NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT + NID_X509 NID_rc4 X509_PURPOSE_SSL_SERVER + NID_ad_OCSP NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN + NID_ad_ca_issuers NID_rc5_cbc X509_TRUST_COMPAT + NID_algorithm NID_rc5_cfb64 X509_TRUST_EMAIL + NID_authority_key_identifier NID_rc5_ecb X509_TRUST_OBJECT_SIGN + NID_basic_constraints NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST + NID_bf_cbc NID_ripemd160 X509_TRUST_OCSP_SIGN + NID_bf_cfb64 NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT + NID_bf_ecb NID_rle_compression X509_TRUST_SSL_SERVER + NID_bf_ofb64 NID_rsa X509_TRUST_TSA + NID_cast5_cbc NID_rsaEncryption X509_V_FLAG_ALLOW_PROXY_CERTS + NID_cast5_cfb64 NID_rsadsi X509_V_FLAG_CB_ISSUER_CHECK + NID_cast5_ecb NID_safeContentsBag X509_V_FLAG_CHECK_SS_SIGNATURE + NID_cast5_ofb64 NID_sdsiCertificate X509_V_FLAG_CRL_CHECK + NID_certBag NID_secretBag X509_V_FLAG_CRL_CHECK_ALL + NID_certificate_policies NID_serialNumber X509_V_FLAG_EXPLICIT_POLICY + NID_client_auth NID_server_auth X509_V_FLAG_EXTENDED_CRL_SUPPORT + NID_code_sign NID_sha X509_V_FLAG_IGNORE_CRITICAL + NID_commonName NID_sha1 X509_V_FLAG_INHIBIT_ANY + NID_countryName NID_sha1WithRSA X509_V_FLAG_INHIBIT_MAP + NID_crlBag NID_sha1WithRSAEncryption X509_V_FLAG_NOTIFY_POLICY + NID_crl_distribution_points NID_shaWithRSAEncryption X509_V_FLAG_POLICY_CHECK + NID_crl_number NID_stateOrProvinceName X509_V_FLAG_POLICY_MASK + NID_crl_reason NID_subject_alt_name X509_V_FLAG_TRUSTED_FIRST + NID_delta_crl NID_subject_key_identifier X509_V_FLAG_USE_CHECK_TIME + NID_des_cbc NID_surname X509_V_FLAG_USE_DELTAS + NID_des_cfb64 NID_sxnet X509_V_FLAG_X509_STRICT + NID_des_ecb NID_time_stamp X509_V_OK + NID_des_ede NID_title XN_FLAG_COMPAT + NID_des_ede3 NID_undef XN_FLAG_DN_REV + NID_des_ede3_cbc NID_uniqueIdentifier XN_FLAG_DUMP_UNKNOWN_FIELDS + NID_des_ede3_cfb64 NID_x509Certificate XN_FLAG_FN_ALIGN + NID_des_ede3_ofb64 NID_x509Crl XN_FLAG_FN_LN + NID_des_ede_cbc NID_zlib_compression XN_FLAG_FN_MASK + NID_des_ede_cfb64 NOTHING XN_FLAG_FN_NONE + NID_des_ede_ofb64 OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_FN_OID + NID_des_ofb64 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_FN_SN + NID_description OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_MULTILINE + NID_desx_cbc OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_ONELINE + NID_dhKeyAgreement OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_RFC2253 + NID_dnQualifier OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_COMMA_PLUS + NID_dsa OPENSSL_VERSION_NUMBER XN_FLAG_SEP_CPLUS_SPC + NID_dsaWithSHA OP_ALL XN_FLAG_SEP_MASK + NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE + NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC + NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ + NID_email_protect OP_COOKIE_EXCHANGE /); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/t/local/35_ephemeral.t new/Net-SSLeay-1.69/t/local/35_ephemeral.t --- old/Net-SSLeay-1.68/t/local/35_ephemeral.t 2012-12-04 02:49:11.000000000 +0100 +++ new/Net-SSLeay-1.69/t/local/35_ephemeral.t 2015-05-18 23:06:15.000000000 +0200 @@ -2,9 +2,15 @@ use strict; use warnings; -use Test::More tests => 3; +use Test::More; use Net::SSLeay; +BEGIN { + plan skip_all => "libressl removed support for ephemeral/temporary RSA private keys" if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER"); +} + +plan tests => 3; + Net::SSLeay::randomize(); Net::SSLeay::load_error_strings(); Net::SSLeay::ERR_load_crypto_strings(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/t/local/41_alpn_support.t new/Net-SSLeay-1.69/t/local/41_alpn_support.t --- old/Net-SSLeay-1.68/t/local/41_alpn_support.t 2015-01-13 06:44:31.000000000 +0100 +++ new/Net-SSLeay-1.69/t/local/41_alpn_support.t 2015-05-18 09:01:38.000000000 +0200 @@ -11,7 +11,6 @@ BEGIN { plan skip_all => "openssl 1.0.2 required" unless Net::SSLeay::SSLeay >= 0x10002000; - plan skip_all => "libressl not supported" if defined &Net::SSLeay::LIBRESSL_VERSION_NUMBER; plan skip_all => "fork() not supported on $^O" unless $Config{d_fork}; } ++++++ net-ssleay-no-ofb.patch ++++++ Index: Net-SSLeay-1.69/t/local/33_x509_create_cert.t =================================================================== --- Net-SSLeay-1.69.orig/t/local/33_x509_create_cert.t +++ Net-SSLeay-1.69/t/local/33_x509_create_cert.t @@ -2,7 +2,7 @@ use strict; use warnings; -use Test::More tests => 123; +use Test::More tests => 121; use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/; use File::Spec; use utf8; @@ -100,8 +100,9 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer ok(my $alg1 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-CBC"), "EVP_get_cipherbyname"); like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); - ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname"); - like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); +# OFB is not in our openssl 1.0.2 - Marcus +# ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname"); +# like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");
