Why go via SSL_CTX_ctrl and SSL_ctrl? In fact, why do those exist at all?
On Wed, Dec 26, 2012 at 2:25 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > OpenSSL CVS Repository > http://cvs.openssl.org/ > ____________________________________________________________________________ > > Server: cvs.openssl.org Name: Dr. Stephen Henson > Root: /v/openssl/cvs Email: st...@openssl.org > Module: openssl Date: 26-Dec-2012 15:25:40 > Branch: OpenSSL_1_0_2-stable Handle: 2012122614252009 > > Modified files: (Branch: OpenSSL_1_0_2-stable) > openssl CHANGES > openssl/apps s_client.c s_server.c > openssl/ssl s3_lib.c s3_srvr.c ssl.h ssl_cert.c ssl_locl.h > t1_lib.c tls1.h > > Log: > Add support for application defined signature algorithms for use with > TLS v1.2. These are sent as an extension for clients and during a > certificate > request for servers. > > TODO: add support for shared signature algorithms, respect shared > algorithms > when deciding which ciphersuites and certificates to permit. > (backport from HEAD) > > Summary: > Revision Changes Path > 1.1481.2.56.2.86.2.38+5 -0 openssl/CHANGES > 1.123.2.6.2.15.2.8+12 -0 openssl/apps/s_client.c > 1.136.2.15.2.18.2.11+21 -0 openssl/apps/s_server.c > 1.126.2.4.2.17.2.12+12 -0 openssl/ssl/s3_lib.c > 1.171.2.21.2.24.2.14+1 -1 openssl/ssl/s3_srvr.c > 1.221.2.24.2.29.2.15+11 -0 openssl/ssl/ssl.h > 1.68.2.3.2.1.2.11+20 -5 openssl/ssl/ssl_cert.c > 1.100.2.10.2.17.2.16+16 -4 openssl/ssl/ssl_locl.h > 1.64.2.14.2.32.2.17+147 -18 openssl/ssl/t1_lib.c > 1.40.2.3.2.14.2.3+8 -0 openssl/ssl/tls1.h > ____________________________________________________________________________ > > patch -p0 <<'@@ .' > Index: openssl/CHANGES > ============================================================================ > $ cvs diff -u -r1.1481.2.56.2.86.2.37 -r1.1481.2.56.2.86.2.38 CHANGES > --- openssl/CHANGES 26 Dec 2012 14:18:48 -0000 1.1481.2.56.2.86.2.37 > +++ openssl/CHANGES 26 Dec 2012 14:25:20 -0000 1.1481.2.56.2.86.2.38 > @@ -4,6 +4,11 @@ > > Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] > > + *) Add new functions to allow customised supported signature algorithms > + for SSL and SSL_CTX structures. Add options to s_client and s_server > + to support them. > + [Steve Henson] > + > *) New function SSL_certs_clear() to delete all references to > certificates > from an SSL structure. Before this once a certificate had been added > it couldn't be removed. > @@ . > patch -p0 <<'@@ .' > Index: openssl/apps/s_client.c > ============================================================================ > $ cvs diff -u -r1.123.2.6.2.15.2.7 -r1.123.2.6.2.15.2.8 s_client.c > --- openssl/apps/s_client.c 20 Nov 2012 00:28:22 -0000 > 1.123.2.6.2.15.2.7 > +++ openssl/apps/s_client.c 26 Dec 2012 14:25:21 -0000 > 1.123.2.6.2.15.2.8 > @@ -605,6 +605,7 @@ > #ifndef OPENSSL_NO_TLSEXT > char *servername = NULL; > char *curves=NULL; > + char *sigalgs=NULL; > tlsextctx tlsextcbp = > {NULL,0}; > # ifndef OPENSSL_NO_NEXTPROTONEG > @@ -948,6 +949,11 @@ > if (--argc < 1) goto bad; > curves= *(++argv); > } > + else if (strcmp(*argv,"-sigalgs") == 0) > + { > + if (--argc < 1) goto bad; > + sigalgs= *(++argv); > + } > #endif > #ifndef OPENSSL_NO_JPAKE > else if (strcmp(*argv,"-jpake") == 0) > @@ -1192,6 +1198,12 @@ > ERR_print_errors(bio_err); > goto end; > } > + if (sigalgs != NULL) > + if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) { > + BIO_printf(bio_err,"error setting signature algorithms > list\n"); > + ERR_print_errors(bio_err); > + goto end; > + } > if (servername != NULL) > { > tlsextcbp.biodebug = bio_err; > @@ . > patch -p0 <<'@@ .' > Index: openssl/apps/s_server.c > ============================================================================ > $ cvs diff -u -r1.136.2.15.2.18.2.10 -r1.136.2.15.2.18.2.11 s_server.c > --- openssl/apps/s_server.c 20 Nov 2012 00:28:22 -0000 > 1.136.2.15.2.18.2.10 > +++ openssl/apps/s_server.c 26 Dec 2012 14:25:21 -0000 > 1.136.2.15.2.18.2.11 > @@ -271,6 +271,7 @@ > #ifndef OPENSSL_NO_TLSEXT > static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; > static char *curves=NULL; > +static char *sigalgs=NULL; > #endif > static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL; > #ifdef FIONBIO > @@ -1193,6 +1194,11 @@ > if (--argc < 1) goto bad; > curves= *(++argv); > } > + else if (strcmp(*argv,"-sigalgs") == 0) > + { > + if (--argc < 1) goto bad; > + sigalgs= *(++argv); > + } > #endif > else if (strcmp(*argv,"-msg") == 0) > { s_msg=1; } > @@ -1888,6 +1894,21 @@ > goto end; > } > } > + if (sigalgs) > + { > + if(!SSL_CTX_set1_sigalgs_list(ctx,sigalgs)) > + { > + BIO_printf(bio_err,"error setting signature > algorithms\n"); > + ERR_print_errors(bio_err); > + goto end; > + } > + if(ctx2 && !SSL_CTX_set1_sigalgs_list(ctx2,sigalgs)) > + { > + BIO_printf(bio_err,"error setting signature > algorithms\n"); > + ERR_print_errors(bio_err); > + goto end; > + } > + } > #endif > SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); > > SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/s3_lib.c > ============================================================================ > $ cvs diff -u -r1.126.2.4.2.17.2.11 -r1.126.2.4.2.17.2.12 s3_lib.c > --- openssl/ssl/s3_lib.c 11 Jun 2012 09:23:38 -0000 > 1.126.2.4.2.17.2.11 > +++ openssl/ssl/s3_lib.c 26 Dec 2012 14:25:23 -0000 > 1.126.2.4.2.17.2.12 > @@ -3414,6 +3414,12 @@ > s->cert->ecdh_tmp_auto = larg; > break; > > + case SSL_CTRL_SET_SIGALGS: > + return tls1_set_sigalgs(s->cert, parg, larg); > + > + case SSL_CTRL_SET_SIGALGS_LIST: > + return tls1_set_sigalgs_list(s->cert, parg); > + > default: > break; > } > @@ -3691,6 +3697,12 @@ > ctx->cert->ecdh_tmp_auto = larg; > break; > > + case SSL_CTRL_SET_SIGALGS: > + return tls1_set_sigalgs(ctx->cert, parg, larg); > + > + case SSL_CTRL_SET_SIGALGS_LIST: > + return tls1_set_sigalgs_list(ctx->cert, parg); > + > case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG: > ctx->tlsext_authz_server_audit_proof_cb_arg = parg; > break; > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/s3_srvr.c > ============================================================================ > $ cvs diff -u -r1.171.2.21.2.24.2.13 -r1.171.2.21.2.24.2.14 s3_srvr.c > --- openssl/ssl/s3_srvr.c 26 Nov 2012 15:47:44 -0000 > 1.171.2.21.2.24.2.13 > +++ openssl/ssl/s3_srvr.c 26 Dec 2012 14:25:24 -0000 > 1.171.2.21.2.24.2.14 > @@ -2069,7 +2069,7 @@ > > if (TLS1_get_version(s) >= TLS1_2_VERSION) > { > - nl = tls12_get_req_sig_algs(s, p + 2); > + nl = tls12_get_sig_algs(s, p + 2); > s2n(nl, p); > p += nl + 2; > n += nl + 2; > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/ssl.h > ============================================================================ > $ cvs diff -u -r1.221.2.24.2.29.2.14 -r1.221.2.24.2.29.2.15 ssl.h > --- openssl/ssl/ssl.h 26 Dec 2012 14:18:50 -0000 1.221.2.24.2.29.2.14 > +++ openssl/ssl/ssl.h 26 Dec 2012 14:25:26 -0000 1.221.2.24.2.29.2.15 > @@ -1634,6 +1634,8 @@ > #define SSL_CTRL_SET_CURVES_LIST 92 > #define SSL_CTRL_GET_SHARED_CURVE 93 > #define SSL_CTRL_SET_ECDH_AUTO 94 > +#define SSL_CTRL_SET_SIGALGS 97 > +#define SSL_CTRL_SET_SIGALGS_LIST 98 > > #define DTLSv1_get_timeout(ssl, arg) \ > SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) > @@ -1710,6 +1712,15 @@ > #define SSL_set_ecdh_auto(s, onoff) \ > SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) > > +#define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ > + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) > +#define SSL_CTX_set1_sigalgs_list(ctx, s) \ > + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) > +#define SSL_set1_sigalgs(ctx, slist, slistlen) \ > + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist) > +#define SSL_set1_sigalgs_list(ctx, s) \ > + SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) > + > #ifndef OPENSSL_NO_BIO > BIO_METHOD *BIO_f_ssl(void); > BIO *BIO_new_ssl(SSL_CTX *ctx,int client); > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/ssl_cert.c > ============================================================================ > $ cvs diff -u -r1.68.2.3.2.1.2.10 -r1.68.2.3.2.1.2.11 ssl_cert.c > --- openssl/ssl/ssl_cert.c 26 Dec 2012 14:18:50 -0000 > 1.68.2.3.2.1.2.10 > +++ openssl/ssl/ssl_cert.c 26 Dec 2012 14:25:26 -0000 > 1.68.2.3.2.1.2.11 > @@ -357,9 +357,22 @@ > * will be set during handshake. > */ > ssl_cert_set_default_md(ret); > - /* Sigalgs set to NULL as we get these from handshake too */ > - ret->sigalgs = NULL; > - ret->sigalgslen = 0; > + /* Peer sigalgs set to NULL as we get these from handshake too */ > + ret->peer_sigalgs = NULL; > + ret->peer_sigalgslen = 0; > + /* Configure sigalgs however we copy across */ > + if (cert->conf_sigalgs) > + { > + ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen > + * > sizeof(TLS_SIGALGS)); > + if (!ret->conf_sigalgs) > + goto err; > + memcpy(ret->conf_sigalgs, cert->conf_sigalgs, > + cert->conf_sigalgslen * sizeof(TLS_SIGALGS)); > + ret->conf_sigalgslen = cert->conf_sigalgslen; > + } > + else > + ret->conf_sigalgs = NULL; > > return(ret); > > @@ -447,8 +460,10 @@ > #endif > > ssl_cert_clear_certs(c); > - if (c->sigalgs) > - OPENSSL_free(c->sigalgs); > + if (c->peer_sigalgs) > + OPENSSL_free(c->peer_sigalgs); > + if (c->conf_sigalgs) > + OPENSSL_free(c->conf_sigalgs); > OPENSSL_free(c); > } > > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/ssl_locl.h > ============================================================================ > $ cvs diff -u -r1.100.2.10.2.17.2.15 -r1.100.2.10.2.17.2.16 ssl_locl.h > --- openssl/ssl/ssl_locl.h 26 Dec 2012 14:18:50 -0000 > 1.100.2.10.2.17.2.15 > +++ openssl/ssl/ssl_locl.h 26 Dec 2012 14:25:27 -0000 > 1.100.2.10.2.17.2.16 > @@ -519,10 +519,19 @@ > > CERT_PKEY pkeys[SSL_PKEY_NUM]; > > - /* Array of pairs of NIDs for signature algorithm extension */ > - TLS_SIGALGS *sigalgs; > + /* signature algorithms peer reports: e.g. supported signature > + * algorithms extension for server or as part of a certificate > + * request for client. > + */ > + TLS_SIGALGS *peer_sigalgs; > /* Size of above array */ > - size_t sigalgslen; > + size_t peer_sigalgslen; > + /* configured signature algorithms (can be NULL for default). > + * sent in signature algorithms extension or certificate request. > + */ > + TLS_SIGALGS *conf_sigalgs; > + /* Size of above array */ > + size_t conf_sigalgslen; > > int references; /* >1 only if SSL_copy_session_id is used */ > } CERT; > @@ -1164,6 +1173,9 @@ > int tls12_get_sigid(const EVP_PKEY *pk); > const EVP_MD *tls12_get_hash(unsigned char hash_alg); > > +int tls1_set_sigalgs_list(CERT *c, const char *str); > +int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen); > + > #endif > EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; > void ssl_clear_hash_ctx(EVP_MD_CTX **hash); > @@ -1177,7 +1189,7 @@ > int *al); > long ssl_get_algorithm2(SSL *s); > int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); > -int tls12_get_req_sig_algs(SSL *s, unsigned char *p); > +size_t tls12_get_sig_algs(SSL *s, unsigned char *p); > > int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, > int maxlen); > int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int > len,int *al); > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/t1_lib.c > ============================================================================ > $ cvs diff -u -r1.64.2.14.2.32.2.16 -r1.64.2.14.2.32.2.17 t1_lib.c > --- openssl/ssl/t1_lib.c 22 Nov 2012 14:15:36 -0000 > 1.64.2.14.2.32.2.16 > +++ openssl/ssl/t1_lib.c 26 Dec 2012 14:25:27 -0000 > 1.64.2.14.2.32.2.17 > @@ -629,9 +629,29 @@ > #endif > }; > > -int tls12_get_req_sig_algs(SSL *s, unsigned char *p) > +size_t tls12_get_sig_algs(SSL *s, unsigned char *p) > { > - size_t slen = sizeof(tls12_sigalgs); > + TLS_SIGALGS *sptr = s->cert->conf_sigalgs; > + size_t slen; > + > + /* Use custom signature algorithms if any are set */ > + > + if (sptr) > + { > + slen = s->cert->conf_sigalgslen; > + if (p) > + { > + size_t i; > + for (i = 0; i < slen; i++, sptr++) > + { > + *p++ = sptr->rhash; > + *p++ = sptr->rsign; > + } > + } > + return slen * 2; > + } > + > + slen = sizeof(tls12_sigalgs); > #ifdef OPENSSL_FIPS > /* If FIPS mode don't include MD5 which is last */ > if (FIPS_mode()) > @@ -639,7 +659,7 @@ > #endif > if (p) > memcpy(p, tls12_sigalgs, slen); > - return (int)slen; > + return slen; > } > > /* byte_compare is a compare function for qsort(3) that compares bytes. */ > @@ -874,13 +894,15 @@ > > if (TLS1_get_client_version(s) >= TLS1_2_VERSION) > { > - if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) > + size_t salglen; > + salglen = tls12_get_sig_algs(s, NULL); > + if ((size_t)(limit - ret) < salglen + 6) > return NULL; > s2n(TLSEXT_TYPE_signature_algorithms,ret); > - s2n(sizeof(tls12_sigalgs) + 2, ret); > - s2n(sizeof(tls12_sigalgs), ret); > - memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); > - ret += sizeof(tls12_sigalgs); > + s2n(salglen + 2, ret); > + s2n(salglen, ret); > + tls12_get_sig_algs(s, ret); > + ret += salglen; > } > > #ifdef TLSEXT_TYPE_opaque_prf_input > @@ -2896,14 +2918,14 @@ > c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; > c->pkeys[SSL_PKEY_ECC].digest = NULL; > > - if (c->sigalgs) > - OPENSSL_free(c->sigalgs); > - c->sigalgs = OPENSSL_malloc((dsize/2) * sizeof(TLS_SIGALGS)); > - if (!c->sigalgs) > + if (c->peer_sigalgs) > + OPENSSL_free(c->peer_sigalgs); > + c->peer_sigalgs = OPENSSL_malloc((dsize/2) * sizeof(TLS_SIGALGS)); > + if (!c->peer_sigalgs) > return 0; > - c->sigalgslen = dsize/2; > + c->peer_sigalgslen = dsize/2; > > - for (i = 0, sigptr = c->sigalgs; i < dsize; i += 2, sigptr++) > + for (i = 0, sigptr = c->peer_sigalgs; i < dsize; i += 2, sigptr++) > { > sigptr->rhash = data[i]; > sigptr->rsign = data[i + 1]; > @@ -2977,14 +2999,14 @@ > int *psign, int *phash, int *psignandhash, > unsigned char *rsig, unsigned char *rhash) > { > - if (s->cert->sigalgs == NULL) > + if (s->cert->peer_sigalgs == NULL) > return 0; > if (idx >= 0) > { > TLS_SIGALGS *psig; > - if (idx >= (int)s->cert->sigalgslen) > + if (idx >= (int)s->cert->peer_sigalgslen) > return 0; > - psig = s->cert->sigalgs + idx; > + psig = s->cert->peer_sigalgs + idx; > if (psign) > *psign = psig->sign_nid; > if (phash) > @@ -2996,7 +3018,7 @@ > if (rhash) > *rhash = psig->rhash; > } > - return s->cert->sigalgslen; > + return s->cert->peer_sigalgslen; > } > > > @@ -3144,3 +3166,110 @@ > return ret; > } > #endif > + > +#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num *2) > + > +typedef struct > + { > + size_t sigalgcnt; > + int sigalgs[MAX_SIGALGLEN]; > + } sig_cb_st; > + > +static int sig_cb(const char *elem, int len, void *arg) > + { > + sig_cb_st *sarg = arg; > + size_t i; > + char etmp[20], *p; > + int sig_alg, hash_alg; > + if (sarg->sigalgcnt == MAX_SIGALGLEN) > + return 0; > + if (len > (int)(sizeof(etmp) - 1)) > + return 0; > + memcpy(etmp, elem, len); > + etmp[len] = 0; > + p = strchr(etmp, '+'); > + if (!p) > + return 0; > + *p = 0; > + p++; > + if (!*p) > + return 0; > + > + if (!strcmp(etmp, "RSA")) > + sig_alg = EVP_PKEY_RSA; > + else if (!strcmp(etmp, "DSA")) > + sig_alg = EVP_PKEY_DSA; > + else if (!strcmp(etmp, "ECDSA")) > + sig_alg = EVP_PKEY_EC; > + else return 0; > + > + hash_alg = OBJ_sn2nid(p); > + if (hash_alg == NID_undef) > + hash_alg = OBJ_ln2nid(p); > + if (hash_alg == NID_undef) > + return 0; > + > + for (i = 0; i < sarg->sigalgcnt; i+=2) > + { > + if (sarg->sigalgs[i] == sig_alg > + && sarg->sigalgs[i + 1] == hash_alg) > + return 0; > + } > + sarg->sigalgs[sarg->sigalgcnt++] = hash_alg; > + sarg->sigalgs[sarg->sigalgcnt++] = sig_alg; > + return 1; > + } > + > +/* Set suppored signature algorithms based on a colon separated list > + * of the form sig+hash e.g. RSA+SHA512:DSA+SHA512 */ > +int tls1_set_sigalgs_list(CERT *c, const char *str) > + { > + sig_cb_st sig; > + sig.sigalgcnt = 0; > + if (!CONF_parse_list(str, ':', 1, sig_cb, &sig)) > + return 0; > + return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt); > + } > + > +int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen) > + { > + TLS_SIGALGS *sigalgs, *sptr; > + int rhash, rsign; > + size_t i; > + if (salglen & 1) > + return 0; > + salglen /= 2; > + sigalgs = OPENSSL_malloc(sizeof(TLS_SIGALGS) * salglen); > + if (sigalgs == NULL) > + return 0; > + for (i = 0, sptr = sigalgs; i < salglen; i++, sptr++) > + { > + sptr->hash_nid = *salg++; > + sptr->sign_nid = *salg++; > + rhash = tls12_find_id(sptr->hash_nid, tls12_md, > + > sizeof(tls12_md)/sizeof(tls12_lookup)); > + rsign = tls12_find_id(sptr->sign_nid, tls12_sig, > + sizeof(tls12_sig)/sizeof(tls12_lookup)); > + > + if (rhash == -1 || rsign == -1) > + goto err; > + > + if (!OBJ_find_sigid_by_algs(&sptr->signandhash_nid, > + sptr->hash_nid, > + sptr->sign_nid)) > + sptr->signandhash_nid = NID_undef; > + sptr->rhash = rhash; > + sptr->rsign = rsign; > + } > + > + if (c->conf_sigalgs) > + OPENSSL_free(c->conf_sigalgs); > + > + c->conf_sigalgs = sigalgs; > + c->conf_sigalgslen = salglen; > + return 1; > + > + err: > + OPENSSL_free(sigalgs); > + return 0; > + } > @@ . > patch -p0 <<'@@ .' > Index: openssl/ssl/tls1.h > ============================================================================ > $ cvs diff -u -r1.40.2.3.2.14.2.2 -r1.40.2.3.2.14.2.3 tls1.h > --- openssl/ssl/tls1.h 29 May 2012 17:27:48 -0000 > 1.40.2.3.2.14.2.2 > +++ openssl/ssl/tls1.h 26 Dec 2012 14:25:29 -0000 > 1.40.2.3.2.14.2.3 > @@ -267,6 +267,9 @@ > #define TLSEXT_signature_dsa 2 > #define TLSEXT_signature_ecdsa 3 > > +/* Total number of different signature algorithms */ > +#define TLSEXT_signature_num 4 > + > #define TLSEXT_hash_none 0 > #define TLSEXT_hash_md5 1 > #define TLSEXT_hash_sha1 2 > @@ -274,6 +277,11 @@ > #define TLSEXT_hash_sha256 4 > #define TLSEXT_hash_sha384 5 > #define TLSEXT_hash_sha512 6 > + > +/* Total number of different digest algorithms */ > + > +#define TLSEXT_hash_num 7 > + > /* Flag set for unrecognised algorithms */ > #define TLSEXT_nid_unknown 0x1000000 > > @@ . > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > CVS Repository Commit List openssl-...@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org