Relative to the repository as it was this morning around 10:00 +0200:
INSTALL.VMS needed to get updated:
Index: INSTALL.VMS
===================================================================
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/INSTALL.VMS,v
retrieving revision 1.1.1.1
retrieving revision 1.6
diff -u -r1.1.1.1 -r1.6
--- INSTALL.VMS 1999/05/17 12:05:54 1.1.1.1
+++ INSTALL.VMS 1999/05/20 16:33:34 1.6
@@ -127,15 +127,29 @@
SSLROOT a dotted concealed logical name pointing at the
root directory.
- SSLLIB points at the directory where CRYPTORTL.OLB and
- SSLRTL.OLB are installed.
- SSLINCLUDE points at the directory where the header files are
- installed.
- SSLEXE points at the directory where the applications are
- installed.
- SSLCERTS the place where the certificates are stored.
- SSLPRIVATE I'm actually not sure what this is used for.
+ SSLCERTS Initially an empty directory, this is the default
+ location for certificate files.
+ SSLMISC Various scripts.
+ SSLPRIVATE Initially an empty directory, this is the default
+ location for private key files.
+
+ SSLEXE Contains the openssl binary and a few other utility
+ programs.
+ SSLINCLUDE Contains the header files needed if you want to
+ compile programs with libcrypto or libssl.
+ SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
+ and LIBSSL.OLB) themselves.
+
+ OPENSSL Same as SSLINCLUDE. This is because the standard
+ way to include OpenSSL header files from version
+ 0.9.3 and on is:
+
+ #include <openssl/header.h>
+
+ For more info on this issue, see the INSTALL. file
+ (the NOTE in section 4 of "Installation in Detail").
+ You don't need to "deleting old header files"!!!
Backward portability:
=====================
install.com and makevms.com got syncronised with the latest changes in
Makefile.org:
Index: install.com
===================================================================
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/install.com,v
retrieving revision 1.1.1.1
retrieving revision 1.7
diff -u -r1.1.1.1 -r1.7
--- install.com 1999/05/17 12:06:01 1.1.1.1
+++ install.com 1999/05/20 00:21:21 1.7
@@ -53,7 +53,7 @@
CREATE/DIR/LOG WRK_SSLROOT:[VMS]
$
$ SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS
-$ EXHEADER := e_os.h
+$ EXHEADER := e_os.h,e_os2.h
$
$ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
$
Index: makevms.com
===================================================================
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/makevms.com,v
retrieving revision 1.1.1.2
retrieving revision 1.17
diff -u -r1.1.1.2 -r1.17
--- makevms.com 1999/05/17 12:06:02 1.1.1.2
+++ makevms.com 1999/05/20 00:21:21 1.17
@@ -220,7 +220,7 @@
$!
$! Copy All The ".H" Files From The Main Directory.
$!
-$ EXHEADER := e_os.h
+$ EXHEADER := e_os.h,e_os2.h
$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
$!
$! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
apps/openssl-vms.cnf got syncronised with openssl.cnf:
Index: apps/openssl-vms.cnf
===================================================================
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/apps/openssl-vms.cnf,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- apps/openssl-vms.cnf 1999/05/17 12:06:34 1.1.1.1
+++ apps/openssl-vms.cnf 1999/05/20 16:35:17 1.3
@@ -3,10 +3,17 @@
# This is mostly being used for generation of certificate requests.
#
-RANDFILE = $ENV::HOME.rnd
-oid_file = $ENV::HOME.oid
+RANDFILE = $ENV::HOME/.rnd
+oid_file = $ENV::HOME/.oid
oid_section = new_oids
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
@@ -35,6 +42,11 @@
RANDFILE = $dir.private].rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions = crl_ext
+
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
@@ -123,31 +135,33 @@
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
-#nsCertType = server
+# nsCertType = server
# For an object signing certificate this would be used.
-#nsCertType = objsign
+# nsCertType = objsign
# For normal client use this is typical
-#nsCertType = client, email
+# nsCertType = client, email
-# This is typical also
+# and for everything including object signing:
+# nsCertType = client, email, objsign
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
-# PKIX recommendations
+# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
+# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
+# subjectAltName=email:copy
-subjectAltName=email:copy
-
# Copy subject details
-
-issuerAltName=issuer:copy
+# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
@@ -160,8 +174,6 @@
# Extensions for a typical CA
-# It's a CA certificate
-basicConstraints = CA:true
# PKIX recommendation.
@@ -172,19 +184,31 @@
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
-# Key usage: again this should really be critical.
-keyUsage = cRLSign, keyCertSign
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
# Some might want this also
-#nsCertType = sslCA, emailCA
+# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
-subjectAltName=email:copy
+# subjectAltName=email:copy
# Copy issuer details
-issuerAltName=issuer:copy
+# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# You can even override a supported extension:
# basicConstraints= critical, RAW:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
VMS needs the flat include model, for technical reasons. It's
possible that I'll do some work to avoid this in the future, unless
this becomes standard in OpenSSL (as the latest discussion on e_os.h
seems to indicate):
Index: crypto/md5/md5_locl.h
===================================================================
RCS file: /afs/stacken.kth.se/src/SourceRepository/OpenSSL/crypto/md5/md5_locl.h,v
retrieving revision 1.1.1.5
retrieving revision 1.2
diff -u -r1.1.1.5 -r1.2
--- crypto/md5/md5_locl.h 1999/05/18 13:14:49 1.1.1.5
+++ crypto/md5/md5_locl.h 1999/05/20 00:21:39 1.2
@@ -127,7 +127,11 @@
*/
#endif
+#ifndef FLAT_INC
#include "../md32_common.h"
+#else
+#include "md32_common.h"
+#endif
/*
#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-161 43 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
