Hello community,
here is the log from the commit of package perl-Net-SSLeay for openSUSE:Factory checked in at 2015-07-05 17:53:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Net-SSLeay (Old)
and /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Net-SSLeay"
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Net-SSLeay/perl-Net-SSLeay.changes 2015-04-10 09:48:51.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.perl-Net-SSLeay.new/perl-Net-SSLeay.changes 2015-07-05 17:53:53.000000000 +0200
@@ -1,0 +2,18 @@
+Wed Jun 24 08:05:15 UTC 2015 - meissner@suse.com
+
+- net-ssleay-no-ofb.patch: disable the OFB cipher, not exported by
+ our openssl 1.0.2 currently.
+
+-------------------------------------------------------------------
+Tue Jun 23 09:33:48 UTC 2015 - zaitor@opensuse.org
+
+- Update to version 1.69:
+ + Testing with OpenSSL 1.0.2, 1.0.2a. OK.
+ + Completed LibreSSL compatibility.
+ + Improved compatibility with OpenSSL 1.0.2a.
+ + Added the X509_check_* functions introduced in OpenSSL 1.0.2.
+ + Added support for X509_V_FLAG_TRUSTED_FIRST constant. Patch
+ allows get_keyblock_size to work correctly with OpenSSL 1.0.1
+ and later versions.
+
+-------------------------------------------------------------------
Old:
----
Net-SSLeay-1.68.tar.gz
New:
----
Net-SSLeay-1.69.tar.gz
net-ssleay-no-ofb.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Net-SSLeay.spec ++++++
--- /var/tmp/diff_new_pack.6jLO58/_old 2015-07-05 17:53:54.000000000 +0200
+++ /var/tmp/diff_new_pack.6jLO58/_new 2015-07-05 17:53:54.000000000 +0200
@@ -19,7 +19,7 @@
%bcond_with test
Name: perl-Net-SSLeay
-Version: 1.68
+Version: 1.69
Release: 0
%define cpan_name Net-SSLeay
Summary: Perl extension for using OpenSSL
@@ -27,6 +27,8 @@
Group: Development/Libraries/Perl
Url: http://search.cpan.org/dist/Net-SSLeay/
Source: http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
+# Broken by 1.0.2c openssl update ... probably an openssl bug. -Marcus
+Patch0: net-ssleay-no-ofb.patch
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: perl
@@ -51,6 +53,7 @@
%prep
%setup -q -n %{cpan_name}-%{version}
+%patch0 -p1
# replace rest of /usr/local/bin/perl with /usr/bin/perl
for f in $(find . -type f -exec grep -l "/usr/local/bin/perl" {} \; ); do
sed -i -e "s@/usr/local/bin/perl@perl@g" $f
++++++ Net-SSLeay-1.68.tar.gz -> Net-SSLeay-1.69.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/Changes new/Net-SSLeay-1.69/Changes
--- old/Net-SSLeay-1.68/Changes 2015-01-24 01:23:18.000000000 +0100
+++ new/Net-SSLeay-1.69/Changes 2015-06-03 23:44:05.000000000 +0200
@@ -1,5 +1,16 @@
Revision history for Perl extension Net::SSLeay.
+1.69 2015-06-04
+ Testing with OpenSSL 1.0.2, 1.0.2a. OK.
+ Completed LibreSSL compatibility with the kind assistance of Alexander
+ Bluhm.
+ Improved compatibility with OpenSSL 1.0.2a as suggested by Petr Pisar.
+ Added the X509_check_* functions introduced in OpenSSL 1.0.2, contributed
+ by Carsten Gaebler.
+ Added support for X509_V_FLAG_TRUSTED_FIRST constant, patch from Gisle Aas.
+ Patch allows get_keyblock_size to work correctly with
+ OpenSSL 1.0.1 and later versions. Contributed by Heikki Vatiainen.
+
1.68 2015-01-24
Fixed a problem on OSX when macports openssl 1.x is installed: headers from
macport were found but older OSX openssl libraries were linked, resulting
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/README new/Net-SSLeay-1.69/README
--- old/Net-SSLeay-1.68/README 2014-08-21 03:08:37.000000000 +0200
+++ new/Net-SSLeay-1.69/README 2015-02-14 22:57:30.000000000 +0100
@@ -1,5 +1,5 @@
README - Net::SSLeay Perl module for using OpenSSL
-$Id: README 426 2014-08-21 01:08:36Z mikem-guest $
+$Id: README 435 2015-02-14 21:57:30Z mikem-guest $
By popular demand...
--------------------
@@ -9,14 +9,14 @@
Prerequisites
-------------
-perl-5.6.1
- though anything starting from perl5.003 probably works.
-OpenSSL-0.9.6j or OpenSSL-0.9.7b
- (try http://www.openssl.org/) -
- This release has been tested with 0.9.6d and
- in historical light it seems likely that future versions
- will work as well (if major version number changes all bets
- are off, though)
+perl-5.6.1 though anything starting from perl5.003 probably works.
+
+OpenSSL-0.9.6j through to at least OpenSSL-1.0.2 and probably later
+ http://www.openssl.org/ - On Linux, you can either build and
+ install OpenSSL from scratch (its very portable) or you can
+ install the appropriate OpenSSL 'devel' package for your Linux
+ distribution: (rpm openssl-devel, deb libssl-dev).
+
Note: SSLeay is no longer supported. If you want to use Net::SSLeay with
SSLeay or early versions of OpenSSL, use version 1.03. The support
@@ -38,7 +38,7 @@
----------
Unix:
- # build OpenSSL as per instructions in that package
+ # build or install OpenSSL as per instructions in that package
gunzip = 0x1000200fL
+
+int
+X509_check_host(X509 *cert, const char *name, unsigned int flags = 0, SV *peername = &PL_sv_undef)
+ INIT:
+ char *c_peername = NULL;
+ CODE:
+ RETVAL = X509_check_host(cert, name, 0, flags, (items == 4) ? &c_peername : NULL);
+ if (items == 4)
+ sv_setpv(peername, c_peername);
+ OUTPUT:
+ RETVAL
+ CLEANUP:
+ if (c_peername)
+ OPENSSL_free(c_peername);
+
+int
+X509_check_email(X509 *cert, const char *address, unsigned int flags = 0)
+ CODE:
+ RETVAL = X509_check_email(cert, address, 0, flags);
+ OUTPUT:
+ RETVAL
+
+int
+X509_check_ip(X509 *cert, SV *address, unsigned int flags = 0)
+ INIT:
+ unsigned char *c_address;
+ size_t addresslen;
+ CODE:
+ c_address = SvPV(address, addresslen);
+ RETVAL = X509_check_ip(cert, c_address, addresslen, flags);
+ OUTPUT:
+ RETVAL
+
+int
+X509_check_ip_asc(X509 *cert, const char *address, unsigned int flags = 0)
+
+#endif
+
X509_NAME*
X509_get_issuer_name(cert)
X509 * cert
@@ -4853,16 +4888,22 @@
{
const EVP_CIPHER *c;
const EVP_MD *h;
+ int md_size = -1;
c = s->enc_read_ctx->cipher;
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ if (s->s3)
+ md_size = s->s3->tmp.new_mac_secret_size;
+#elif OPENSSL_VERSION_NUMBER >= 0x00909000L
h = EVP_MD_CTX_md(s->read_hash);
+ md_size = EVP_MD_size(h);
#else
h = s->read_hash;
+ md_size = EVP_MD_size(h);
#endif
-
- RETVAL = 2 * (EVP_CIPHER_key_length(c) +
- EVP_MD_size(h) +
- EVP_CIPHER_iv_length(c));
+ RETVAL = (md_size > 0) ? (2 * (EVP_CIPHER_key_length(c) +
+ md_size +
+ EVP_CIPHER_iv_length(c)))
+ : -1;
}
OUTPUT:
RETVAL
@@ -5773,7 +5814,7 @@
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_TLSEXT)
int
SSL_CTX_set_alpn_select_cb(ctx,callback,data=&PL_sv_undef)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/constants.c new/Net-SSLeay-1.69/constants.c
--- old/Net-SSLeay-1.68/constants.c 2014-07-13 23:40:34.000000000 +0200
+++ new/Net-SSLeay-1.69/constants.c 2015-05-29 02:52:14.000000000 +0200
@@ -4211,7 +4211,8 @@
NID_sha1WithRSAEncryption OP_MSIE_SSLV2_RSA_PADDING
OP_NETSCAPE_CHALLENGE_BUG R_BAD_AUTHENTICATION_TYPE
V_OCSP_CERTSTATUS_REVOKED V_OCSP_CERTSTATUS_UNKNOWN
- X509_V_FLAG_CRL_CHECK_ALL X509_V_FLAG_NOTIFY_POLICY */
+ X509_V_FLAG_CRL_CHECK_ALL X509_V_FLAG_NOTIFY_POLICY
+ X509_V_FLAG_TRUSTED_FIRST */
/* Offset 20 gives the best switch position. */
switch (name[20]) {
case '2':
@@ -4262,6 +4263,18 @@
}
break;
+ case 'F':
+ if (!memcmp(name, "X509_V_FLAG_TRUSTED_FIRST", 25)) {
+ /* ^ */
+
+#ifdef X509_V_FLAG_TRUSTED_FIRST
+ return X509_V_FLAG_TRUSTED_FIRST;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'K':
if (!memcmp(name, "V_OCSP_CERTSTATUS_UNKNOWN", 25)) {
/* ^ */
@@ -4781,12 +4794,12 @@
/* F_SSL_USE_RSAPRIVATEKEY_ASN1 F_SSL_USE_RSAPRIVATEKEY_FILE
NID_authority_key_identifier NID_netscape_ssl_server_name
NID_pbe_WithSHA1And128BitRC4 NID_pkcs7_signedAndEnveloped
- NID_private_key_usage_period */
- /* Offset 24 gives the best switch position. */
- switch (name[24]) {
- case 'A':
+ NID_private_key_usage_period X509_CHECK_FLAG_NO_WILDCARDS */
+ /* Offset 10 gives the best switch position. */
+ switch (name[10]) {
+ case 'R':
if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_ASN1", 28)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1
return SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1;
@@ -4795,10 +4808,8 @@
#endif
}
- break;
- case 'F':
if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_FILE", 28)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_FILE
return SSL_F_SSL_USE_RSAPRIVATEKEY_FILE;
@@ -4808,9 +4819,33 @@
}
break;
- case 'f':
+ case '_':
+ if (!memcmp(name, "X509_CHECK_FLAG_NO_WILDCARDS", 28)) {
+ /* ^ */
+
+#ifdef X509_CHECK_FLAG_NO_WILDCARDS
+ return X509_CHECK_FLAG_NO_WILDCARDS;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'e':
+ if (!memcmp(name, "NID_private_key_usage_period", 28)) {
+ /* ^ */
+
+#ifdef NID_private_key_usage_period
+ return NID_private_key_usage_period;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'i':
if (!memcmp(name, "NID_authority_key_identifier", 28)) {
- /* ^ */
+ /* ^ */
#ifdef NID_authority_key_identifier
return NID_authority_key_identifier;
@@ -4820,9 +4855,9 @@
}
break;
- case 'n':
+ case 'p':
if (!memcmp(name, "NID_netscape_ssl_server_name", 28)) {
- /* ^ */
+ /* ^ */
#ifdef NID_netscape_ssl_server_name
return NID_netscape_ssl_server_name;
@@ -4832,9 +4867,9 @@
}
break;
- case 'o':
+ case 's':
if (!memcmp(name, "NID_pkcs7_signedAndEnveloped", 28)) {
- /* ^ */
+ /* ^ */
#ifdef NID_pkcs7_signedAndEnveloped
return NID_pkcs7_signedAndEnveloped;
@@ -4844,21 +4879,9 @@
}
break;
- case 'r':
- if (!memcmp(name, "NID_private_key_usage_period", 28)) {
- /* ^ */
-
-#ifdef NID_private_key_usage_period
- return NID_private_key_usage_period;
-#else
- goto not_there;
-#endif
-
- }
- break;
case 't':
if (!memcmp(name, "NID_pbe_WithSHA1And128BitRC4", 28)) {
- /* ^ */
+ /* ^ */
#ifdef NID_pbe_WithSHA1And128BitRC4
return NID_pbe_WithSHA1And128BitRC4;
@@ -5183,25 +5206,80 @@
}
break;
case 36:
- if (!memcmp(name, "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", 36)) {
-
+ /* Names all of length 36. */
+ /* OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+ X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS */
+ /* Offset 31 gives the best switch position. */
+ switch (name[31]) {
+ case 'A':
+ if (!memcmp(name, "OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION", 36)) {
+ /* ^ */
+
#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
return SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
#else
goto not_there;
#endif
+ }
+ break;
+ case 'B':
+ if (!memcmp(name, "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT", 36)) {
+ /* ^ */
+
+#ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ return X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'C':
+ if (!memcmp(name, "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS", 36)) {
+ /* ^ */
+
+#ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ return X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
}
break;
case 37:
- if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST", 37)) {
-
+ /* Names all of length 37. */
+ /* OCSP_RESPONSE_STATUS_MALFORMEDREQUEST
+ X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS */
+ /* Offset 36 gives the best switch position. */
+ switch (name[36]) {
+ case 'S':
+ if (!memcmp(name, "X509_CHECK_FLAG_MULTI_LABEL_WILDCARD", 36)) {
+ /* S */
+
+#ifdef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ return X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'T':
+ if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUES", 36)) {
+ /* T */
+
#ifdef OCSP_RESPONSE_STATUS_MALFORMEDREQUEST
return OCSP_RESPONSE_STATUS_MALFORMEDREQUEST;
#else
goto not_there;
#endif
+ }
+ break;
}
break;
case 38:
@@ -5236,6 +5314,17 @@
break;
}
break;
+ case 39:
+ if (!memcmp(name, "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS", 39)) {
+
+#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ return X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 41:
/* Names all of length 41. */
/* OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/helper_script/regen_openssl_constants.pl new/Net-SSLeay-1.69/helper_script/regen_openssl_constants.pl
--- old/Net-SSLeay-1.68/helper_script/regen_openssl_constants.pl 2014-07-13 23:36:10.000000000 +0200
+++ new/Net-SSLeay-1.69/helper_script/regen_openssl_constants.pl 2015-05-29 02:48:22.000000000 +0200
@@ -530,6 +530,11 @@
SSL_VERIFY_PEER
SSL_WRITING
SSL_X509_LOOKUP
+X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+X509_CHECK_FLAG_NO_WILDCARDS
+X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
X509_PURPOSE_ANY
X509_PURPOSE_CRL_SIGN
X509_PURPOSE_NS_SSL_SERVER
@@ -560,6 +565,7 @@
X509_V_FLAG_NOTIFY_POLICY
X509_V_FLAG_POLICY_CHECK
X509_V_FLAG_POLICY_MASK
+X509_V_FLAG_TRUSTED_FIRST
X509_V_FLAG_USE_CHECK_TIME
X509_V_FLAG_USE_DELTAS
X509_V_FLAG_X509_STRICT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/lib/Net/SSLeay.pm new/Net-SSLeay-1.69/lib/Net/SSLeay.pm
--- old/Net-SSLeay-1.68/lib/Net/SSLeay.pm 2015-01-24 01:24:24.000000000 +0100
+++ new/Net-SSLeay-1.69/lib/Net/SSLeay.pm 2015-06-03 23:45:58.000000000 +0200
@@ -4,7 +4,7 @@
# Copyright (C) 2005 Florian Ragwitz , All Rights Reserved.
# Copyright (C) 2005 Mike McCauley , All Rights Reserved.
#
-# $Id: SSLeay.pm 434 2015-01-24 00:24:24Z mikem-guest $
+# $Id: SSLeay.pm 445 2015-06-03 21:45:57Z mikem-guest $
#
# Change data removed from here. See Changes
# The distribution and use of this module are subject to the conditions
@@ -63,7 +63,7 @@
$Net::SSLeay::random_device = '/dev/urandom';
$Net::SSLeay::how_random = 512;
-$VERSION = '1.68'; # Dont forget to set version in META.yml too
+$VERSION = '1.69'; # Dont forget to set version in META.yml too
@ISA = qw(Exporter);
#BEWARE:
@@ -72,149 +72,150 @@
# if you add/remove any constant you need to update it manually
@EXPORT_OK = qw(
- ASN1_STRFLGS_ESC_CTRL NID_dsa_2 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- ASN1_STRFLGS_ESC_MSB NID_email_protect OP_CIPHER_SERVER_PREFERENCE
- ASN1_STRFLGS_ESC_QUOTE NID_ext_key_usage OP_CISCO_ANYCONNECT
- ASN1_STRFLGS_RFC2253 NID_ext_req OP_COOKIE_EXCHANGE
- CB_ACCEPT_EXIT NID_friendlyName OP_CRYPTOPRO_TLSEXT_BUG
- CB_ACCEPT_LOOP NID_givenName OP_DONT_INSERT_EMPTY_FRAGMENTS
- CB_ALERT NID_hmacWithSHA1 OP_EPHEMERAL_RSA
- CB_CONNECT_EXIT NID_id_ad OP_LEGACY_SERVER_CONNECT
- CB_CONNECT_LOOP NID_id_ce OP_MICROSOFT_BIG_SSLV3_BUFFER
- CB_EXIT NID_id_kp OP_MICROSOFT_SESS_ID_BUG
- CB_HANDSHAKE_DONE NID_id_pbkdf2 OP_MSIE_SSLV2_RSA_PADDING
- CB_HANDSHAKE_START NID_id_pe OP_NETSCAPE_CA_DN_BUG
- CB_LOOP NID_id_pkix OP_NETSCAPE_CHALLENGE_BUG
- CB_READ NID_id_qt_cps OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
- CB_READ_ALERT NID_id_qt_unotice OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- CB_WRITE NID_idea_cbc OP_NON_EXPORT_FIRST
- CB_WRITE_ALERT NID_idea_cfb64 OP_NO_COMPRESSION
- ERROR_NONE NID_idea_ecb OP_NO_QUERY_MTU
- ERROR_SSL NID_idea_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- ERROR_SYSCALL NID_info_access OP_NO_SSLv2
- ERROR_WANT_ACCEPT NID_initials OP_NO_SSLv3
- ERROR_WANT_CONNECT NID_invalidity_date OP_NO_TICKET
- ERROR_WANT_READ NID_issuer_alt_name OP_NO_TLSv1
- ERROR_WANT_WRITE NID_keyBag OP_NO_TLSv1_1
- ERROR_WANT_X509_LOOKUP NID_key_usage OP_NO_TLSv1_2
- ERROR_ZERO_RETURN NID_localKeyID OP_PKCS1_CHECK_1
- EVP_PKS_DSA NID_localityName OP_PKCS1_CHECK_2
- EVP_PKS_EC NID_md2 OP_SINGLE_DH_USE
- EVP_PKS_RSA NID_md2WithRSAEncryption OP_SINGLE_ECDH_USE
- EVP_PKT_ENC NID_md5 OP_SSLEAY_080_CLIENT_DH_BUG
- EVP_PKT_EXCH NID_md5WithRSA OP_SSLREF2_REUSE_CERT_TYPE_BUG
- EVP_PKT_EXP NID_md5WithRSAEncryption OP_TLS_BLOCK_PADDING_BUG
- EVP_PKT_SIGN NID_md5_sha1 OP_TLS_D5_BUG
- EVP_PK_DH NID_mdc2 OP_TLS_ROLLBACK_BUG
- EVP_PK_DSA NID_mdc2WithRSA READING
- EVP_PK_EC NID_ms_code_com RECEIVED_SHUTDOWN
- EVP_PK_RSA NID_ms_code_ind RSA_3
- FILETYPE_ASN1 NID_ms_ctl_sign RSA_F4
- FILETYPE_PEM NID_ms_efs R_BAD_AUTHENTICATION_TYPE
- F_CLIENT_CERTIFICATE NID_ms_ext_req R_BAD_CHECKSUM
- F_CLIENT_HELLO NID_ms_sgc R_BAD_MAC_DECODE
- F_CLIENT_MASTER_KEY NID_name R_BAD_RESPONSE_ARGUMENT
- F_D2I_SSL_SESSION NID_netscape R_BAD_SSL_FILETYPE
- F_GET_CLIENT_FINISHED NID_netscape_base_url R_BAD_SSL_SESSION_ID_LENGTH
- F_GET_CLIENT_HELLO NID_netscape_ca_policy_url R_BAD_STATE
- F_GET_CLIENT_MASTER_KEY NID_netscape_ca_revocation_url R_BAD_WRITE_RETRY
- F_GET_SERVER_FINISHED NID_netscape_cert_extension R_CHALLENGE_IS_DIFFERENT
- F_GET_SERVER_HELLO NID_netscape_cert_sequence R_CIPHER_TABLE_SRC_ERROR
- F_GET_SERVER_VERIFY NID_netscape_cert_type R_INVALID_CHALLENGE_LENGTH
- F_I2D_SSL_SESSION NID_netscape_comment R_NO_CERTIFICATE_SET
- F_READ_N NID_netscape_data_type R_NO_CERTIFICATE_SPECIFIED
- F_REQUEST_CERTIFICATE NID_netscape_renewal_url R_NO_CIPHER_LIST
- F_SERVER_HELLO NID_netscape_revocation_url R_NO_CIPHER_MATCH
- F_SSL_CERT_NEW NID_netscape_ssl_server_name R_NO_PRIVATEKEY
- F_SSL_GET_NEW_SESSION NID_ns_sgc R_NO_PUBLICKEY
- F_SSL_NEW NID_organizationName R_NULL_SSL_CTX
- F_SSL_READ NID_organizationalUnitName R_PEER_DID_NOT_RETURN_A_CERTIFICATE
- F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD2AndDES_CBC R_PEER_ERROR
- F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_CERTIFICATE
- F_SSL_SESSION_NEW NID_pbeWithMD5AndCast5_CBC R_PEER_ERROR_NO_CIPHER
- F_SSL_SESSION_PRINT_FP NID_pbeWithMD5AndDES_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
- F_SSL_SET_FD NID_pbeWithMD5AndRC2_CBC R_PUBLIC_KEY_ENCRYPT_ERROR
- F_SSL_SET_RFD NID_pbeWithSHA1AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA
- F_SSL_SET_WFD NID_pbeWithSHA1AndRC2_CBC R_READ_WRONG_PACKET_TYPE
- F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And128BitRC2_CBC R_SHORT_READ
- F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And128BitRC4 R_SSL_SESSION_ID_IS_DIFFERENT
- F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY
- F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_UNKNOWN_REMOTE_ERROR_TYPE
- F_SSL_USE_PRIVATEKEY_ASN1 NID_pbe_WithSHA1And40BitRC2_CBC R_UNKNOWN_STATE
- F_SSL_USE_PRIVATEKEY_FILE NID_pbe_WithSHA1And40BitRC4 R_X509_LIB
- F_SSL_USE_RSAPRIVATEKEY NID_pbes2 SENT_SHUTDOWN
- F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pbmac1 SESSION_ASN1_VERSION
- F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs ST_ACCEPT
- F_WRITE_PENDING NID_pkcs3 ST_BEFORE
- GEN_DIRNAME NID_pkcs7 ST_CONNECT
- GEN_DNS NID_pkcs7_data ST_INIT
- GEN_EDIPARTY NID_pkcs7_digest ST_OK
- GEN_EMAIL NID_pkcs7_encrypted ST_READ_BODY
- GEN_IPADD NID_pkcs7_enveloped ST_READ_HEADER
- GEN_OTHERNAME NID_pkcs7_signed TLSEXT_STATUSTYPE_ocsp
- GEN_RID NID_pkcs7_signedAndEnveloped VERIFY_CLIENT_ONCE
- GEN_URI NID_pkcs8ShroudedKeyBag VERIFY_FAIL_IF_NO_PEER_CERT
- GEN_X400 NID_pkcs9 VERIFY_NONE
- LIBRESSL_VERSION_NUMBER NID_pkcs9_challengePassword VERIFY_PEER
- MBSTRING_ASC NID_pkcs9_contentType V_OCSP_CERTSTATUS_GOOD
- MBSTRING_BMP NID_pkcs9_countersignature V_OCSP_CERTSTATUS_REVOKED
- MBSTRING_FLAG NID_pkcs9_emailAddress V_OCSP_CERTSTATUS_UNKNOWN
- MBSTRING_UNIV NID_pkcs9_extCertAttributes WRITING
- MBSTRING_UTF8 NID_pkcs9_messageDigest X509_LOOKUP
- MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_signingTime X509_PURPOSE_ANY
- MODE_ACCEPT_MOVING_WRITE_BUFFER NID_pkcs9_unstructuredAddress X509_PURPOSE_CRL_SIGN
- MODE_AUTO_RETRY NID_pkcs9_unstructuredName X509_PURPOSE_NS_SSL_SERVER
- MODE_ENABLE_PARTIAL_WRITE NID_private_key_usage_period X509_PURPOSE_OCSP_HELPER
- MODE_RELEASE_BUFFERS NID_rc2_40_cbc X509_PURPOSE_SMIME_ENCRYPT
- NID_OCSP_sign NID_rc2_64_cbc X509_PURPOSE_SMIME_SIGN
- NID_SMIMECapabilities NID_rc2_cbc X509_PURPOSE_SSL_CLIENT
- NID_X500 NID_rc2_cfb64 X509_PURPOSE_SSL_SERVER
- NID_X509 NID_rc2_ecb X509_PURPOSE_TIMESTAMP_SIGN
- NID_ad_OCSP NID_rc2_ofb64 X509_TRUST_COMPAT
- NID_ad_ca_issuers NID_rc4 X509_TRUST_EMAIL
- NID_algorithm NID_rc4_40 X509_TRUST_OBJECT_SIGN
- NID_authority_key_identifier NID_rc5_cbc X509_TRUST_OCSP_REQUEST
- NID_basic_constraints NID_rc5_cfb64 X509_TRUST_OCSP_SIGN
- NID_bf_cbc NID_rc5_ecb X509_TRUST_SSL_CLIENT
- NID_bf_cfb64 NID_rc5_ofb64 X509_TRUST_SSL_SERVER
- NID_bf_ecb NID_ripemd160 X509_TRUST_TSA
- NID_bf_ofb64 NID_ripemd160WithRSA X509_V_FLAG_ALLOW_PROXY_CERTS
- NID_cast5_cbc NID_rle_compression X509_V_FLAG_CB_ISSUER_CHECK
- NID_cast5_cfb64 NID_rsa X509_V_FLAG_CHECK_SS_SIGNATURE
- NID_cast5_ecb NID_rsaEncryption X509_V_FLAG_CRL_CHECK
- NID_cast5_ofb64 NID_rsadsi X509_V_FLAG_CRL_CHECK_ALL
- NID_certBag NID_safeContentsBag X509_V_FLAG_EXPLICIT_POLICY
- NID_certificate_policies NID_sdsiCertificate X509_V_FLAG_EXTENDED_CRL_SUPPORT
- NID_client_auth NID_secretBag X509_V_FLAG_IGNORE_CRITICAL
- NID_code_sign NID_serialNumber X509_V_FLAG_INHIBIT_ANY
- NID_commonName NID_server_auth X509_V_FLAG_INHIBIT_MAP
- NID_countryName NID_sha X509_V_FLAG_NOTIFY_POLICY
- NID_crlBag NID_sha1 X509_V_FLAG_POLICY_CHECK
- NID_crl_distribution_points NID_sha1WithRSA X509_V_FLAG_POLICY_MASK
- NID_crl_number NID_sha1WithRSAEncryption X509_V_FLAG_USE_CHECK_TIME
- NID_crl_reason NID_shaWithRSAEncryption X509_V_FLAG_USE_DELTAS
- NID_delta_crl NID_stateOrProvinceName X509_V_FLAG_X509_STRICT
- NID_des_cbc NID_subject_alt_name X509_V_OK
- NID_des_cfb64 NID_subject_key_identifier XN_FLAG_COMPAT
- NID_des_ecb NID_surname XN_FLAG_DN_REV
- NID_des_ede NID_sxnet XN_FLAG_DUMP_UNKNOWN_FIELDS
- NID_des_ede3 NID_time_stamp XN_FLAG_FN_ALIGN
- NID_des_ede3_cbc NID_title XN_FLAG_FN_LN
- NID_des_ede3_cfb64 NID_undef XN_FLAG_FN_MASK
- NID_des_ede3_ofb64 NID_uniqueIdentifier XN_FLAG_FN_NONE
- NID_des_ede_cbc NID_x509Certificate XN_FLAG_FN_OID
- NID_des_ede_cfb64 NID_x509Crl XN_FLAG_FN_SN
- NID_des_ede_ofb64 NID_zlib_compression XN_FLAG_MULTILINE
- NID_des_ofb64 NOTHING XN_FLAG_ONELINE
- NID_description OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_RFC2253
- NID_desx_cbc OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_SEP_COMMA_PLUS
- NID_dhKeyAgreement OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_SEP_CPLUS_SPC
- NID_dnQualifier OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_SEP_MASK
- NID_dsa OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_SEP_MULTILINE
- NID_dsaWithSHA OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_SPLUS_SPC
- NID_dsaWithSHA1 OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ
- NID_dsaWithSHA1_2 OP_ALL
-
+ ASN1_STRFLGS_ESC_CTRL NID_ext_key_usage OP_CRYPTOPRO_TLSEXT_BUG
+ ASN1_STRFLGS_ESC_MSB NID_ext_req OP_DONT_INSERT_EMPTY_FRAGMENTS
+ ASN1_STRFLGS_ESC_QUOTE NID_friendlyName OP_EPHEMERAL_RSA
+ ASN1_STRFLGS_RFC2253 NID_givenName OP_LEGACY_SERVER_CONNECT
+ CB_ACCEPT_EXIT NID_hmacWithSHA1 OP_MICROSOFT_BIG_SSLV3_BUFFER
+ CB_ACCEPT_LOOP NID_id_ad OP_MICROSOFT_SESS_ID_BUG
+ CB_ALERT NID_id_ce OP_MSIE_SSLV2_RSA_PADDING
+ CB_CONNECT_EXIT NID_id_kp OP_NETSCAPE_CA_DN_BUG
+ CB_CONNECT_LOOP NID_id_pbkdf2 OP_NETSCAPE_CHALLENGE_BUG
+ CB_EXIT NID_id_pe OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+ CB_HANDSHAKE_DONE NID_id_pkix OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ CB_HANDSHAKE_START NID_id_qt_cps OP_NON_EXPORT_FIRST
+ CB_LOOP NID_id_qt_unotice OP_NO_COMPRESSION
+ CB_READ NID_idea_cbc OP_NO_QUERY_MTU
+ CB_READ_ALERT NID_idea_cfb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ CB_WRITE NID_idea_ecb OP_NO_SSLv2
+ CB_WRITE_ALERT NID_idea_ofb64 OP_NO_SSLv3
+ ERROR_NONE NID_info_access OP_NO_TICKET
+ ERROR_SSL NID_initials OP_NO_TLSv1
+ ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1
+ ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2
+ ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1
+ ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2
+ ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE
+ ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE
+ ERROR_ZERO_RETURN NID_md2 OP_SSLEAY_080_CLIENT_DH_BUG
+ EVP_PKS_DSA NID_md2WithRSAEncryption OP_SSLREF2_REUSE_CERT_TYPE_BUG
+ EVP_PKS_EC NID_md5 OP_TLS_BLOCK_PADDING_BUG
+ EVP_PKS_RSA NID_md5WithRSA OP_TLS_D5_BUG
+ EVP_PKT_ENC NID_md5WithRSAEncryption OP_TLS_ROLLBACK_BUG
+ EVP_PKT_EXCH NID_md5_sha1 READING
+ EVP_PKT_EXP NID_mdc2 RECEIVED_SHUTDOWN
+ EVP_PKT_SIGN NID_mdc2WithRSA RSA_3
+ EVP_PK_DH NID_ms_code_com RSA_F4
+ EVP_PK_DSA NID_ms_code_ind R_BAD_AUTHENTICATION_TYPE
+ EVP_PK_EC NID_ms_ctl_sign R_BAD_CHECKSUM
+ EVP_PK_RSA NID_ms_efs R_BAD_MAC_DECODE
+ FILETYPE_ASN1 NID_ms_ext_req R_BAD_RESPONSE_ARGUMENT
+ FILETYPE_PEM NID_ms_sgc R_BAD_SSL_FILETYPE
+ F_CLIENT_CERTIFICATE NID_name R_BAD_SSL_SESSION_ID_LENGTH
+ F_CLIENT_HELLO NID_netscape R_BAD_STATE
+ F_CLIENT_MASTER_KEY NID_netscape_base_url R_BAD_WRITE_RETRY
+ F_D2I_SSL_SESSION NID_netscape_ca_policy_url R_CHALLENGE_IS_DIFFERENT
+ F_GET_CLIENT_FINISHED NID_netscape_ca_revocation_url R_CIPHER_TABLE_SRC_ERROR
+ F_GET_CLIENT_HELLO NID_netscape_cert_extension R_INVALID_CHALLENGE_LENGTH
+ F_GET_CLIENT_MASTER_KEY NID_netscape_cert_sequence R_NO_CERTIFICATE_SET
+ F_GET_SERVER_FINISHED NID_netscape_cert_type R_NO_CERTIFICATE_SPECIFIED
+ F_GET_SERVER_HELLO NID_netscape_comment R_NO_CIPHER_LIST
+ F_GET_SERVER_VERIFY NID_netscape_data_type R_NO_CIPHER_MATCH
+ F_I2D_SSL_SESSION NID_netscape_renewal_url R_NO_PRIVATEKEY
+ F_READ_N NID_netscape_revocation_url R_NO_PUBLICKEY
+ F_REQUEST_CERTIFICATE NID_netscape_ssl_server_name R_NULL_SSL_CTX
+ F_SERVER_HELLO NID_ns_sgc R_PEER_DID_NOT_RETURN_A_CERTIFICATE
+ F_SSL_CERT_NEW NID_organizationName R_PEER_ERROR
+ F_SSL_GET_NEW_SESSION NID_organizationalUnitName R_PEER_ERROR_CERTIFICATE
+ F_SSL_NEW NID_pbeWithMD2AndDES_CBC R_PEER_ERROR_NO_CIPHER
+ F_SSL_READ NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
+ F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD5AndCast5_CBC R_PUBLIC_KEY_ENCRYPT_ERROR
+ F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD5AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA
+ F_SSL_SESSION_NEW NID_pbeWithMD5AndRC2_CBC R_READ_WRONG_PACKET_TYPE
+ F_SSL_SESSION_PRINT_FP NID_pbeWithSHA1AndDES_CBC R_SHORT_READ
+ F_SSL_SET_FD NID_pbeWithSHA1AndRC2_CBC R_SSL_SESSION_ID_IS_DIFFERENT
+ F_SSL_SET_RFD NID_pbe_WithSHA1And128BitRC2_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY
+ F_SSL_SET_WFD NID_pbe_WithSHA1And128BitRC4 R_UNKNOWN_REMOTE_ERROR_TYPE
+ F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNKNOWN_STATE
+ F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_X509_LIB
+ F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And40BitRC2_CBC SENT_SHUTDOWN
+ F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And40BitRC4 SESSION_ASN1_VERSION
+ F_SSL_USE_PRIVATEKEY_ASN1 NID_pbes2 ST_ACCEPT
+ F_SSL_USE_PRIVATEKEY_FILE NID_pbmac1 ST_BEFORE
+ F_SSL_USE_RSAPRIVATEKEY NID_pkcs ST_CONNECT
+ F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pkcs3 ST_INIT
+ F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs7 ST_OK
+ F_WRITE_PENDING NID_pkcs7_data ST_READ_BODY
+ GEN_DIRNAME NID_pkcs7_digest ST_READ_HEADER
+ GEN_DNS NID_pkcs7_encrypted TLSEXT_STATUSTYPE_ocsp
+ GEN_EDIPARTY NID_pkcs7_enveloped VERIFY_CLIENT_ONCE
+ GEN_EMAIL NID_pkcs7_signed VERIFY_FAIL_IF_NO_PEER_CERT
+ GEN_IPADD NID_pkcs7_signedAndEnveloped VERIFY_NONE
+ GEN_OTHERNAME NID_pkcs8ShroudedKeyBag VERIFY_PEER
+ GEN_RID NID_pkcs9 V_OCSP_CERTSTATUS_GOOD
+ GEN_URI NID_pkcs9_challengePassword V_OCSP_CERTSTATUS_REVOKED
+ GEN_X400 NID_pkcs9_contentType V_OCSP_CERTSTATUS_UNKNOWN
+ LIBRESSL_VERSION_NUMBER NID_pkcs9_countersignature WRITING
+ MBSTRING_ASC NID_pkcs9_emailAddress X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ MBSTRING_BMP NID_pkcs9_extCertAttributes X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ MBSTRING_FLAG NID_pkcs9_messageDigest X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ MBSTRING_UNIV NID_pkcs9_signingTime X509_CHECK_FLAG_NO_WILDCARDS
+ MBSTRING_UTF8 NID_pkcs9_unstructuredAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_unstructuredName X509_LOOKUP
+ MODE_ACCEPT_MOVING_WRITE_BUFFER NID_private_key_usage_period X509_PURPOSE_ANY
+ MODE_AUTO_RETRY NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN
+ MODE_ENABLE_PARTIAL_WRITE NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER
+ MODE_RELEASE_BUFFERS NID_rc2_cbc X509_PURPOSE_OCSP_HELPER
+ NID_OCSP_sign NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT
+ NID_SMIMECapabilities NID_rc2_ecb X509_PURPOSE_SMIME_SIGN
+ NID_X500 NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT
+ NID_X509 NID_rc4 X509_PURPOSE_SSL_SERVER
+ NID_ad_OCSP NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN
+ NID_ad_ca_issuers NID_rc5_cbc X509_TRUST_COMPAT
+ NID_algorithm NID_rc5_cfb64 X509_TRUST_EMAIL
+ NID_authority_key_identifier NID_rc5_ecb X509_TRUST_OBJECT_SIGN
+ NID_basic_constraints NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST
+ NID_bf_cbc NID_ripemd160 X509_TRUST_OCSP_SIGN
+ NID_bf_cfb64 NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT
+ NID_bf_ecb NID_rle_compression X509_TRUST_SSL_SERVER
+ NID_bf_ofb64 NID_rsa X509_TRUST_TSA
+ NID_cast5_cbc NID_rsaEncryption X509_V_FLAG_ALLOW_PROXY_CERTS
+ NID_cast5_cfb64 NID_rsadsi X509_V_FLAG_CB_ISSUER_CHECK
+ NID_cast5_ecb NID_safeContentsBag X509_V_FLAG_CHECK_SS_SIGNATURE
+ NID_cast5_ofb64 NID_sdsiCertificate X509_V_FLAG_CRL_CHECK
+ NID_certBag NID_secretBag X509_V_FLAG_CRL_CHECK_ALL
+ NID_certificate_policies NID_serialNumber X509_V_FLAG_EXPLICIT_POLICY
+ NID_client_auth NID_server_auth X509_V_FLAG_EXTENDED_CRL_SUPPORT
+ NID_code_sign NID_sha X509_V_FLAG_IGNORE_CRITICAL
+ NID_commonName NID_sha1 X509_V_FLAG_INHIBIT_ANY
+ NID_countryName NID_sha1WithRSA X509_V_FLAG_INHIBIT_MAP
+ NID_crlBag NID_sha1WithRSAEncryption X509_V_FLAG_NOTIFY_POLICY
+ NID_crl_distribution_points NID_shaWithRSAEncryption X509_V_FLAG_POLICY_CHECK
+ NID_crl_number NID_stateOrProvinceName X509_V_FLAG_POLICY_MASK
+ NID_crl_reason NID_subject_alt_name X509_V_FLAG_TRUSTED_FIRST
+ NID_delta_crl NID_subject_key_identifier X509_V_FLAG_USE_CHECK_TIME
+ NID_des_cbc NID_surname X509_V_FLAG_USE_DELTAS
+ NID_des_cfb64 NID_sxnet X509_V_FLAG_X509_STRICT
+ NID_des_ecb NID_time_stamp X509_V_OK
+ NID_des_ede NID_title XN_FLAG_COMPAT
+ NID_des_ede3 NID_undef XN_FLAG_DN_REV
+ NID_des_ede3_cbc NID_uniqueIdentifier XN_FLAG_DUMP_UNKNOWN_FIELDS
+ NID_des_ede3_cfb64 NID_x509Certificate XN_FLAG_FN_ALIGN
+ NID_des_ede3_ofb64 NID_x509Crl XN_FLAG_FN_LN
+ NID_des_ede_cbc NID_zlib_compression XN_FLAG_FN_MASK
+ NID_des_ede_cfb64 NOTHING XN_FLAG_FN_NONE
+ NID_des_ede_ofb64 OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_FN_OID
+ NID_des_ofb64 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_FN_SN
+ NID_description OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_MULTILINE
+ NID_desx_cbc OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_ONELINE
+ NID_dhKeyAgreement OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_RFC2253
+ NID_dnQualifier OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_COMMA_PLUS
+ NID_dsa OPENSSL_VERSION_NUMBER XN_FLAG_SEP_CPLUS_SPC
+ NID_dsaWithSHA OP_ALL XN_FLAG_SEP_MASK
+ NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE
+ NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC
+ NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ
+ NID_email_protect OP_COOKIE_EXCHANGE
BIO_eof
BIO_f_ssl
BIO_free
@@ -250,6 +251,10 @@
X509_STORE_CTX_set_flags
X509_STORE_add_cert
X509_STORE_add_crl
+ X509_check_email
+ X509_check_host
+ X509_check_ip
+ X509_check_ip_asc
X509_free
X509_get_issuer_name
X509_get_subject_name
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/lib/Net/SSLeay.pod new/Net-SSLeay-1.69/lib/Net/SSLeay.pod
--- old/Net-SSLeay-1.68/lib/Net/SSLeay.pod 2015-01-24 01:22:39.000000000 +0100
+++ new/Net-SSLeay-1.69/lib/Net/SSLeay.pod 2015-05-29 02:57:02.000000000 +0200
@@ -4955,6 +4955,80 @@
Check openssl doc Lhttp://www.openssl.org/docs/crypto/X509_new.html|http://www.openssl.org/docs/crypto/X509_new.html
+=item * X509_check_host
+
+BCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at
+least OpenSSL 1.0.2.
+
+Checks f the certificate Subject Alternative Name (SAN) or Subject CommonName
+(CN) matches the specified host name.
+
+ my $rv = Net::SSLeay::X509_check_host($cert, $name, $flags, $peername);
+ # $cert - value corresponding to openssl's X509 structure
+ # $name - host name to check
+ # $flags (optional, default: 0) - can be the bitwise OR of:
+ # &Net::SSLeay::X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ # &Net::SSLeay::X509_CHECK_FLAG_NO_WILDCARDS
+ # &Net::SSLeay::X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ # &Net::SSLeay::X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ # &Net::SSLeay::X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ # $peername (optional) - If not omitted and $host matches $cert,
+ # a copy of the matching SAN or CN from
+ # the peer certificate is stored in $peername.
+ #
+ # returns:
+ # 1 for a successful match
+ # 0 for a failed match
+ # -1 for an internal error
+ # -2 if the input is malformed
+
+Check openssl doc Lhttps://www.openssl.org/docs/crypto/X509_check_host.html.
+
+=item * X509_check_email
+
+BCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.
+
+Checks if the certificate matches the specified email address.
+
+ my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags);
+ # $cert - value corresponding to openssl's X509 structure
+ # $address - email address to check
+ # $flags (optional, default: 0) - see X509_check_host()
+ #
+ # returns: see X509_check_host()
+
+Check openssl doc Lhttps://www.openssl.org/docs/crypto/X509_check_email.html.
+
+=item * X509_check_ip
+
+BCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.
+
+Checks if the certificate matches the specified IPv4 or IPv6 address.
+
+ my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags);
+ # $cert - value corresponding to openssl's X509 structure
+ # $address - IP address to check in binary format, in network byte order
+ # $flags (optional, default: 0) - see X509_check_host()
+ #
+ # returns: see X509_check_host()
+
+Check openssl doc Lhttps://www.openssl.org/docs/crypto/X509_check_ip.html.
+
+=item * X509_check_ip_asc
+
+BCOMPATIBILITY: not available in Net-SSLeay-1.68 and before; requires at least OpenSSL 1.0.2.
+
+Checks if the certificate matches the specified IPv4 or IPv6 address.
+
+ my $rv = Net::SSLeay::X509_check_email($cert, $address, $flags);
+ # $cert - value corresponding to openssl's X509 structure
+ # $address - IP address to check in text representation
+ # $flags (optional, default: 0) - see X509_check_host()
+ #
+ # returns: see X509_check_host()
+
+Check openssl doc Lhttps://www.openssl.org/docs/crypto/X509_check_ip_asc.html.
+
=item * X509_certificate_type
BCOMPATIBILITY: not available in Net-SSLeay-1.45 and before
@@ -7900,149 +7974,150 @@
=for comment the next part is the output of: perl helper_script/regen_openssl_constants.pl -gen-pod
- ASN1_STRFLGS_ESC_CTRL NID_dsa_2 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- ASN1_STRFLGS_ESC_MSB NID_email_protect OP_CIPHER_SERVER_PREFERENCE
- ASN1_STRFLGS_ESC_QUOTE NID_ext_key_usage OP_CISCO_ANYCONNECT
- ASN1_STRFLGS_RFC2253 NID_ext_req OP_COOKIE_EXCHANGE
- CB_ACCEPT_EXIT NID_friendlyName OP_CRYPTOPRO_TLSEXT_BUG
- CB_ACCEPT_LOOP NID_givenName OP_DONT_INSERT_EMPTY_FRAGMENTS
- CB_ALERT NID_hmacWithSHA1 OP_EPHEMERAL_RSA
- CB_CONNECT_EXIT NID_id_ad OP_LEGACY_SERVER_CONNECT
- CB_CONNECT_LOOP NID_id_ce OP_MICROSOFT_BIG_SSLV3_BUFFER
- CB_EXIT NID_id_kp OP_MICROSOFT_SESS_ID_BUG
- CB_HANDSHAKE_DONE NID_id_pbkdf2 OP_MSIE_SSLV2_RSA_PADDING
- CB_HANDSHAKE_START NID_id_pe OP_NETSCAPE_CA_DN_BUG
- CB_LOOP NID_id_pkix OP_NETSCAPE_CHALLENGE_BUG
- CB_READ NID_id_qt_cps OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
- CB_READ_ALERT NID_id_qt_unotice OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- CB_WRITE NID_idea_cbc OP_NON_EXPORT_FIRST
- CB_WRITE_ALERT NID_idea_cfb64 OP_NO_COMPRESSION
- ERROR_NONE NID_idea_ecb OP_NO_QUERY_MTU
- ERROR_SSL NID_idea_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- ERROR_SYSCALL NID_info_access OP_NO_SSLv2
- ERROR_WANT_ACCEPT NID_initials OP_NO_SSLv3
- ERROR_WANT_CONNECT NID_invalidity_date OP_NO_TICKET
- ERROR_WANT_READ NID_issuer_alt_name OP_NO_TLSv1
- ERROR_WANT_WRITE NID_keyBag OP_NO_TLSv1_1
- ERROR_WANT_X509_LOOKUP NID_key_usage OP_NO_TLSv1_2
- ERROR_ZERO_RETURN NID_localKeyID OP_PKCS1_CHECK_1
- EVP_PKS_DSA NID_localityName OP_PKCS1_CHECK_2
- EVP_PKS_EC NID_md2 OP_SINGLE_DH_USE
- EVP_PKS_RSA NID_md2WithRSAEncryption OP_SINGLE_ECDH_USE
- EVP_PKT_ENC NID_md5 OP_SSLEAY_080_CLIENT_DH_BUG
- EVP_PKT_EXCH NID_md5WithRSA OP_SSLREF2_REUSE_CERT_TYPE_BUG
- EVP_PKT_EXP NID_md5WithRSAEncryption OP_TLS_BLOCK_PADDING_BUG
- EVP_PKT_SIGN NID_md5_sha1 OP_TLS_D5_BUG
- EVP_PK_DH NID_mdc2 OP_TLS_ROLLBACK_BUG
- EVP_PK_DSA NID_mdc2WithRSA READING
- EVP_PK_EC NID_ms_code_com RECEIVED_SHUTDOWN
- EVP_PK_RSA NID_ms_code_ind RSA_3
- FILETYPE_ASN1 NID_ms_ctl_sign RSA_F4
- FILETYPE_PEM NID_ms_efs R_BAD_AUTHENTICATION_TYPE
- F_CLIENT_CERTIFICATE NID_ms_ext_req R_BAD_CHECKSUM
- F_CLIENT_HELLO NID_ms_sgc R_BAD_MAC_DECODE
- F_CLIENT_MASTER_KEY NID_name R_BAD_RESPONSE_ARGUMENT
- F_D2I_SSL_SESSION NID_netscape R_BAD_SSL_FILETYPE
- F_GET_CLIENT_FINISHED NID_netscape_base_url R_BAD_SSL_SESSION_ID_LENGTH
- F_GET_CLIENT_HELLO NID_netscape_ca_policy_url R_BAD_STATE
- F_GET_CLIENT_MASTER_KEY NID_netscape_ca_revocation_url R_BAD_WRITE_RETRY
- F_GET_SERVER_FINISHED NID_netscape_cert_extension R_CHALLENGE_IS_DIFFERENT
- F_GET_SERVER_HELLO NID_netscape_cert_sequence R_CIPHER_TABLE_SRC_ERROR
- F_GET_SERVER_VERIFY NID_netscape_cert_type R_INVALID_CHALLENGE_LENGTH
- F_I2D_SSL_SESSION NID_netscape_comment R_NO_CERTIFICATE_SET
- F_READ_N NID_netscape_data_type R_NO_CERTIFICATE_SPECIFIED
- F_REQUEST_CERTIFICATE NID_netscape_renewal_url R_NO_CIPHER_LIST
- F_SERVER_HELLO NID_netscape_revocation_url R_NO_CIPHER_MATCH
- F_SSL_CERT_NEW NID_netscape_ssl_server_name R_NO_PRIVATEKEY
- F_SSL_GET_NEW_SESSION NID_ns_sgc R_NO_PUBLICKEY
- F_SSL_NEW NID_organizationName R_NULL_SSL_CTX
- F_SSL_READ NID_organizationalUnitName R_PEER_DID_NOT_RETURN_A_CERTIFICATE
- F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD2AndDES_CBC R_PEER_ERROR
- F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_CERTIFICATE
- F_SSL_SESSION_NEW NID_pbeWithMD5AndCast5_CBC R_PEER_ERROR_NO_CIPHER
- F_SSL_SESSION_PRINT_FP NID_pbeWithMD5AndDES_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
- F_SSL_SET_FD NID_pbeWithMD5AndRC2_CBC R_PUBLIC_KEY_ENCRYPT_ERROR
- F_SSL_SET_RFD NID_pbeWithSHA1AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA
- F_SSL_SET_WFD NID_pbeWithSHA1AndRC2_CBC R_READ_WRONG_PACKET_TYPE
- F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And128BitRC2_CBC R_SHORT_READ
- F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And128BitRC4 R_SSL_SESSION_ID_IS_DIFFERENT
- F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY
- F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_UNKNOWN_REMOTE_ERROR_TYPE
- F_SSL_USE_PRIVATEKEY_ASN1 NID_pbe_WithSHA1And40BitRC2_CBC R_UNKNOWN_STATE
- F_SSL_USE_PRIVATEKEY_FILE NID_pbe_WithSHA1And40BitRC4 R_X509_LIB
- F_SSL_USE_RSAPRIVATEKEY NID_pbes2 SENT_SHUTDOWN
- F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pbmac1 SESSION_ASN1_VERSION
- F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs ST_ACCEPT
- F_WRITE_PENDING NID_pkcs3 ST_BEFORE
- GEN_DIRNAME NID_pkcs7 ST_CONNECT
- GEN_DNS NID_pkcs7_data ST_INIT
- GEN_EDIPARTY NID_pkcs7_digest ST_OK
- GEN_EMAIL NID_pkcs7_encrypted ST_READ_BODY
- GEN_IPADD NID_pkcs7_enveloped ST_READ_HEADER
- GEN_OTHERNAME NID_pkcs7_signed TLSEXT_STATUSTYPE_ocsp
- GEN_RID NID_pkcs7_signedAndEnveloped VERIFY_CLIENT_ONCE
- GEN_URI NID_pkcs8ShroudedKeyBag VERIFY_FAIL_IF_NO_PEER_CERT
- GEN_X400 NID_pkcs9 VERIFY_NONE
- LIBRESSL_VERSION_NUMBER NID_pkcs9_challengePassword VERIFY_PEER
- MBSTRING_ASC NID_pkcs9_contentType V_OCSP_CERTSTATUS_GOOD
- MBSTRING_BMP NID_pkcs9_countersignature V_OCSP_CERTSTATUS_REVOKED
- MBSTRING_FLAG NID_pkcs9_emailAddress V_OCSP_CERTSTATUS_UNKNOWN
- MBSTRING_UNIV NID_pkcs9_extCertAttributes WRITING
- MBSTRING_UTF8 NID_pkcs9_messageDigest X509_LOOKUP
- MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_signingTime X509_PURPOSE_ANY
- MODE_ACCEPT_MOVING_WRITE_BUFFER NID_pkcs9_unstructuredAddress X509_PURPOSE_CRL_SIGN
- MODE_AUTO_RETRY NID_pkcs9_unstructuredName X509_PURPOSE_NS_SSL_SERVER
- MODE_ENABLE_PARTIAL_WRITE NID_private_key_usage_period X509_PURPOSE_OCSP_HELPER
- MODE_RELEASE_BUFFERS NID_rc2_40_cbc X509_PURPOSE_SMIME_ENCRYPT
- NID_OCSP_sign NID_rc2_64_cbc X509_PURPOSE_SMIME_SIGN
- NID_SMIMECapabilities NID_rc2_cbc X509_PURPOSE_SSL_CLIENT
- NID_X500 NID_rc2_cfb64 X509_PURPOSE_SSL_SERVER
- NID_X509 NID_rc2_ecb X509_PURPOSE_TIMESTAMP_SIGN
- NID_ad_OCSP NID_rc2_ofb64 X509_TRUST_COMPAT
- NID_ad_ca_issuers NID_rc4 X509_TRUST_EMAIL
- NID_algorithm NID_rc4_40 X509_TRUST_OBJECT_SIGN
- NID_authority_key_identifier NID_rc5_cbc X509_TRUST_OCSP_REQUEST
- NID_basic_constraints NID_rc5_cfb64 X509_TRUST_OCSP_SIGN
- NID_bf_cbc NID_rc5_ecb X509_TRUST_SSL_CLIENT
- NID_bf_cfb64 NID_rc5_ofb64 X509_TRUST_SSL_SERVER
- NID_bf_ecb NID_ripemd160 X509_TRUST_TSA
- NID_bf_ofb64 NID_ripemd160WithRSA X509_V_FLAG_ALLOW_PROXY_CERTS
- NID_cast5_cbc NID_rle_compression X509_V_FLAG_CB_ISSUER_CHECK
- NID_cast5_cfb64 NID_rsa X509_V_FLAG_CHECK_SS_SIGNATURE
- NID_cast5_ecb NID_rsaEncryption X509_V_FLAG_CRL_CHECK
- NID_cast5_ofb64 NID_rsadsi X509_V_FLAG_CRL_CHECK_ALL
- NID_certBag NID_safeContentsBag X509_V_FLAG_EXPLICIT_POLICY
- NID_certificate_policies NID_sdsiCertificate X509_V_FLAG_EXTENDED_CRL_SUPPORT
- NID_client_auth NID_secretBag X509_V_FLAG_IGNORE_CRITICAL
- NID_code_sign NID_serialNumber X509_V_FLAG_INHIBIT_ANY
- NID_commonName NID_server_auth X509_V_FLAG_INHIBIT_MAP
- NID_countryName NID_sha X509_V_FLAG_NOTIFY_POLICY
- NID_crlBag NID_sha1 X509_V_FLAG_POLICY_CHECK
- NID_crl_distribution_points NID_sha1WithRSA X509_V_FLAG_POLICY_MASK
- NID_crl_number NID_sha1WithRSAEncryption X509_V_FLAG_USE_CHECK_TIME
- NID_crl_reason NID_shaWithRSAEncryption X509_V_FLAG_USE_DELTAS
- NID_delta_crl NID_stateOrProvinceName X509_V_FLAG_X509_STRICT
- NID_des_cbc NID_subject_alt_name X509_V_OK
- NID_des_cfb64 NID_subject_key_identifier XN_FLAG_COMPAT
- NID_des_ecb NID_surname XN_FLAG_DN_REV
- NID_des_ede NID_sxnet XN_FLAG_DUMP_UNKNOWN_FIELDS
- NID_des_ede3 NID_time_stamp XN_FLAG_FN_ALIGN
- NID_des_ede3_cbc NID_title XN_FLAG_FN_LN
- NID_des_ede3_cfb64 NID_undef XN_FLAG_FN_MASK
- NID_des_ede3_ofb64 NID_uniqueIdentifier XN_FLAG_FN_NONE
- NID_des_ede_cbc NID_x509Certificate XN_FLAG_FN_OID
- NID_des_ede_cfb64 NID_x509Crl XN_FLAG_FN_SN
- NID_des_ede_ofb64 NID_zlib_compression XN_FLAG_MULTILINE
- NID_des_ofb64 NOTHING XN_FLAG_ONELINE
- NID_description OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_RFC2253
- NID_desx_cbc OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_SEP_COMMA_PLUS
- NID_dhKeyAgreement OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_SEP_CPLUS_SPC
- NID_dnQualifier OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_SEP_MASK
- NID_dsa OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_SEP_MULTILINE
- NID_dsaWithSHA OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_SPLUS_SPC
- NID_dsaWithSHA1 OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ
- NID_dsaWithSHA1_2 OP_ALL
-
+ ASN1_STRFLGS_ESC_CTRL NID_ext_key_usage OP_CRYPTOPRO_TLSEXT_BUG
+ ASN1_STRFLGS_ESC_MSB NID_ext_req OP_DONT_INSERT_EMPTY_FRAGMENTS
+ ASN1_STRFLGS_ESC_QUOTE NID_friendlyName OP_EPHEMERAL_RSA
+ ASN1_STRFLGS_RFC2253 NID_givenName OP_LEGACY_SERVER_CONNECT
+ CB_ACCEPT_EXIT NID_hmacWithSHA1 OP_MICROSOFT_BIG_SSLV3_BUFFER
+ CB_ACCEPT_LOOP NID_id_ad OP_MICROSOFT_SESS_ID_BUG
+ CB_ALERT NID_id_ce OP_MSIE_SSLV2_RSA_PADDING
+ CB_CONNECT_EXIT NID_id_kp OP_NETSCAPE_CA_DN_BUG
+ CB_CONNECT_LOOP NID_id_pbkdf2 OP_NETSCAPE_CHALLENGE_BUG
+ CB_EXIT NID_id_pe OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+ CB_HANDSHAKE_DONE NID_id_pkix OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ CB_HANDSHAKE_START NID_id_qt_cps OP_NON_EXPORT_FIRST
+ CB_LOOP NID_id_qt_unotice OP_NO_COMPRESSION
+ CB_READ NID_idea_cbc OP_NO_QUERY_MTU
+ CB_READ_ALERT NID_idea_cfb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ CB_WRITE NID_idea_ecb OP_NO_SSLv2
+ CB_WRITE_ALERT NID_idea_ofb64 OP_NO_SSLv3
+ ERROR_NONE NID_info_access OP_NO_TICKET
+ ERROR_SSL NID_initials OP_NO_TLSv1
+ ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1
+ ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2
+ ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1
+ ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2
+ ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE
+ ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE
+ ERROR_ZERO_RETURN NID_md2 OP_SSLEAY_080_CLIENT_DH_BUG
+ EVP_PKS_DSA NID_md2WithRSAEncryption OP_SSLREF2_REUSE_CERT_TYPE_BUG
+ EVP_PKS_EC NID_md5 OP_TLS_BLOCK_PADDING_BUG
+ EVP_PKS_RSA NID_md5WithRSA OP_TLS_D5_BUG
+ EVP_PKT_ENC NID_md5WithRSAEncryption OP_TLS_ROLLBACK_BUG
+ EVP_PKT_EXCH NID_md5_sha1 READING
+ EVP_PKT_EXP NID_mdc2 RECEIVED_SHUTDOWN
+ EVP_PKT_SIGN NID_mdc2WithRSA RSA_3
+ EVP_PK_DH NID_ms_code_com RSA_F4
+ EVP_PK_DSA NID_ms_code_ind R_BAD_AUTHENTICATION_TYPE
+ EVP_PK_EC NID_ms_ctl_sign R_BAD_CHECKSUM
+ EVP_PK_RSA NID_ms_efs R_BAD_MAC_DECODE
+ FILETYPE_ASN1 NID_ms_ext_req R_BAD_RESPONSE_ARGUMENT
+ FILETYPE_PEM NID_ms_sgc R_BAD_SSL_FILETYPE
+ F_CLIENT_CERTIFICATE NID_name R_BAD_SSL_SESSION_ID_LENGTH
+ F_CLIENT_HELLO NID_netscape R_BAD_STATE
+ F_CLIENT_MASTER_KEY NID_netscape_base_url R_BAD_WRITE_RETRY
+ F_D2I_SSL_SESSION NID_netscape_ca_policy_url R_CHALLENGE_IS_DIFFERENT
+ F_GET_CLIENT_FINISHED NID_netscape_ca_revocation_url R_CIPHER_TABLE_SRC_ERROR
+ F_GET_CLIENT_HELLO NID_netscape_cert_extension R_INVALID_CHALLENGE_LENGTH
+ F_GET_CLIENT_MASTER_KEY NID_netscape_cert_sequence R_NO_CERTIFICATE_SET
+ F_GET_SERVER_FINISHED NID_netscape_cert_type R_NO_CERTIFICATE_SPECIFIED
+ F_GET_SERVER_HELLO NID_netscape_comment R_NO_CIPHER_LIST
+ F_GET_SERVER_VERIFY NID_netscape_data_type R_NO_CIPHER_MATCH
+ F_I2D_SSL_SESSION NID_netscape_renewal_url R_NO_PRIVATEKEY
+ F_READ_N NID_netscape_revocation_url R_NO_PUBLICKEY
+ F_REQUEST_CERTIFICATE NID_netscape_ssl_server_name R_NULL_SSL_CTX
+ F_SERVER_HELLO NID_ns_sgc R_PEER_DID_NOT_RETURN_A_CERTIFICATE
+ F_SSL_CERT_NEW NID_organizationName R_PEER_ERROR
+ F_SSL_GET_NEW_SESSION NID_organizationalUnitName R_PEER_ERROR_CERTIFICATE
+ F_SSL_NEW NID_pbeWithMD2AndDES_CBC R_PEER_ERROR_NO_CIPHER
+ F_SSL_READ NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
+ F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD5AndCast5_CBC R_PUBLIC_KEY_ENCRYPT_ERROR
+ F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD5AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA
+ F_SSL_SESSION_NEW NID_pbeWithMD5AndRC2_CBC R_READ_WRONG_PACKET_TYPE
+ F_SSL_SESSION_PRINT_FP NID_pbeWithSHA1AndDES_CBC R_SHORT_READ
+ F_SSL_SET_FD NID_pbeWithSHA1AndRC2_CBC R_SSL_SESSION_ID_IS_DIFFERENT
+ F_SSL_SET_RFD NID_pbe_WithSHA1And128BitRC2_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY
+ F_SSL_SET_WFD NID_pbe_WithSHA1And128BitRC4 R_UNKNOWN_REMOTE_ERROR_TYPE
+ F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNKNOWN_STATE
+ F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_X509_LIB
+ F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And40BitRC2_CBC SENT_SHUTDOWN
+ F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And40BitRC4 SESSION_ASN1_VERSION
+ F_SSL_USE_PRIVATEKEY_ASN1 NID_pbes2 ST_ACCEPT
+ F_SSL_USE_PRIVATEKEY_FILE NID_pbmac1 ST_BEFORE
+ F_SSL_USE_RSAPRIVATEKEY NID_pkcs ST_CONNECT
+ F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pkcs3 ST_INIT
+ F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs7 ST_OK
+ F_WRITE_PENDING NID_pkcs7_data ST_READ_BODY
+ GEN_DIRNAME NID_pkcs7_digest ST_READ_HEADER
+ GEN_DNS NID_pkcs7_encrypted TLSEXT_STATUSTYPE_ocsp
+ GEN_EDIPARTY NID_pkcs7_enveloped VERIFY_CLIENT_ONCE
+ GEN_EMAIL NID_pkcs7_signed VERIFY_FAIL_IF_NO_PEER_CERT
+ GEN_IPADD NID_pkcs7_signedAndEnveloped VERIFY_NONE
+ GEN_OTHERNAME NID_pkcs8ShroudedKeyBag VERIFY_PEER
+ GEN_RID NID_pkcs9 V_OCSP_CERTSTATUS_GOOD
+ GEN_URI NID_pkcs9_challengePassword V_OCSP_CERTSTATUS_REVOKED
+ GEN_X400 NID_pkcs9_contentType V_OCSP_CERTSTATUS_UNKNOWN
+ LIBRESSL_VERSION_NUMBER NID_pkcs9_countersignature WRITING
+ MBSTRING_ASC NID_pkcs9_emailAddress X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ MBSTRING_BMP NID_pkcs9_extCertAttributes X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ MBSTRING_FLAG NID_pkcs9_messageDigest X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ MBSTRING_UNIV NID_pkcs9_signingTime X509_CHECK_FLAG_NO_WILDCARDS
+ MBSTRING_UTF8 NID_pkcs9_unstructuredAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_unstructuredName X509_LOOKUP
+ MODE_ACCEPT_MOVING_WRITE_BUFFER NID_private_key_usage_period X509_PURPOSE_ANY
+ MODE_AUTO_RETRY NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN
+ MODE_ENABLE_PARTIAL_WRITE NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER
+ MODE_RELEASE_BUFFERS NID_rc2_cbc X509_PURPOSE_OCSP_HELPER
+ NID_OCSP_sign NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT
+ NID_SMIMECapabilities NID_rc2_ecb X509_PURPOSE_SMIME_SIGN
+ NID_X500 NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT
+ NID_X509 NID_rc4 X509_PURPOSE_SSL_SERVER
+ NID_ad_OCSP NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN
+ NID_ad_ca_issuers NID_rc5_cbc X509_TRUST_COMPAT
+ NID_algorithm NID_rc5_cfb64 X509_TRUST_EMAIL
+ NID_authority_key_identifier NID_rc5_ecb X509_TRUST_OBJECT_SIGN
+ NID_basic_constraints NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST
+ NID_bf_cbc NID_ripemd160 X509_TRUST_OCSP_SIGN
+ NID_bf_cfb64 NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT
+ NID_bf_ecb NID_rle_compression X509_TRUST_SSL_SERVER
+ NID_bf_ofb64 NID_rsa X509_TRUST_TSA
+ NID_cast5_cbc NID_rsaEncryption X509_V_FLAG_ALLOW_PROXY_CERTS
+ NID_cast5_cfb64 NID_rsadsi X509_V_FLAG_CB_ISSUER_CHECK
+ NID_cast5_ecb NID_safeContentsBag X509_V_FLAG_CHECK_SS_SIGNATURE
+ NID_cast5_ofb64 NID_sdsiCertificate X509_V_FLAG_CRL_CHECK
+ NID_certBag NID_secretBag X509_V_FLAG_CRL_CHECK_ALL
+ NID_certificate_policies NID_serialNumber X509_V_FLAG_EXPLICIT_POLICY
+ NID_client_auth NID_server_auth X509_V_FLAG_EXTENDED_CRL_SUPPORT
+ NID_code_sign NID_sha X509_V_FLAG_IGNORE_CRITICAL
+ NID_commonName NID_sha1 X509_V_FLAG_INHIBIT_ANY
+ NID_countryName NID_sha1WithRSA X509_V_FLAG_INHIBIT_MAP
+ NID_crlBag NID_sha1WithRSAEncryption X509_V_FLAG_NOTIFY_POLICY
+ NID_crl_distribution_points NID_shaWithRSAEncryption X509_V_FLAG_POLICY_CHECK
+ NID_crl_number NID_stateOrProvinceName X509_V_FLAG_POLICY_MASK
+ NID_crl_reason NID_subject_alt_name X509_V_FLAG_TRUSTED_FIRST
+ NID_delta_crl NID_subject_key_identifier X509_V_FLAG_USE_CHECK_TIME
+ NID_des_cbc NID_surname X509_V_FLAG_USE_DELTAS
+ NID_des_cfb64 NID_sxnet X509_V_FLAG_X509_STRICT
+ NID_des_ecb NID_time_stamp X509_V_OK
+ NID_des_ede NID_title XN_FLAG_COMPAT
+ NID_des_ede3 NID_undef XN_FLAG_DN_REV
+ NID_des_ede3_cbc NID_uniqueIdentifier XN_FLAG_DUMP_UNKNOWN_FIELDS
+ NID_des_ede3_cfb64 NID_x509Certificate XN_FLAG_FN_ALIGN
+ NID_des_ede3_ofb64 NID_x509Crl XN_FLAG_FN_LN
+ NID_des_ede_cbc NID_zlib_compression XN_FLAG_FN_MASK
+ NID_des_ede_cfb64 NOTHING XN_FLAG_FN_NONE
+ NID_des_ede_ofb64 OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_FN_OID
+ NID_des_ofb64 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_FN_SN
+ NID_description OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_MULTILINE
+ NID_desx_cbc OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_ONELINE
+ NID_dhKeyAgreement OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_RFC2253
+ NID_dnQualifier OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_COMMA_PLUS
+ NID_dsa OPENSSL_VERSION_NUMBER XN_FLAG_SEP_CPLUS_SPC
+ NID_dsaWithSHA OP_ALL XN_FLAG_SEP_MASK
+ NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE
+ NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC
+ NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ
+ NID_email_protect OP_COOKIE_EXCHANGE
=head2 INTERNAL ONLY functions (do not use these)
The following functions are not intended for use from outside of LNet::SSLeay module.
@@ -8262,6 +8337,10 @@
=head1 KNOWN BUGS AND CAVEATS
+An OpenSSL bug CVE-2015-0290 "OpenSSL Multiblock Corrupted Pointer Issue"
+can cause POST requests of over 90kB to fail or crash. This bug is reported to be fixed in
+OpenSSL 1.0.2a.
+
Autoloader emits a
Argument "xxx" isn't numeric in entersub at blib/lib/Net/SSLeay.pm'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/t/local/21_constants.t new/Net-SSLeay-1.69/t/local/21_constants.t
--- old/Net-SSLeay-1.68/t/local/21_constants.t 2014-07-13 23:41:53.000000000 +0200
+++ new/Net-SSLeay-1.69/t/local/21_constants.t 2015-05-29 02:51:39.000000000 +0200
@@ -13,152 +13,154 @@
}
else
{
- eval 'use Test::More tests => 426;';
+ eval 'use Test::More tests => 432;';
}
my @c = (qw/
- ASN1_STRFLGS_ESC_CTRL NID_dsa_2 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- ASN1_STRFLGS_ESC_MSB NID_email_protect OP_CIPHER_SERVER_PREFERENCE
- ASN1_STRFLGS_ESC_QUOTE NID_ext_key_usage OP_CISCO_ANYCONNECT
- ASN1_STRFLGS_RFC2253 NID_ext_req OP_COOKIE_EXCHANGE
- CB_ACCEPT_EXIT NID_friendlyName OP_CRYPTOPRO_TLSEXT_BUG
- CB_ACCEPT_LOOP NID_givenName OP_DONT_INSERT_EMPTY_FRAGMENTS
- CB_ALERT NID_hmacWithSHA1 OP_EPHEMERAL_RSA
- CB_CONNECT_EXIT NID_id_ad OP_LEGACY_SERVER_CONNECT
- CB_CONNECT_LOOP NID_id_ce OP_MICROSOFT_BIG_SSLV3_BUFFER
- CB_EXIT NID_id_kp OP_MICROSOFT_SESS_ID_BUG
- CB_HANDSHAKE_DONE NID_id_pbkdf2 OP_MSIE_SSLV2_RSA_PADDING
- CB_HANDSHAKE_START NID_id_pe OP_NETSCAPE_CA_DN_BUG
- CB_LOOP NID_id_pkix OP_NETSCAPE_CHALLENGE_BUG
- CB_READ NID_id_qt_cps OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
- CB_READ_ALERT NID_id_qt_unotice OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- CB_WRITE NID_idea_cbc OP_NON_EXPORT_FIRST
- CB_WRITE_ALERT NID_idea_cfb64 OP_NO_COMPRESSION
- ERROR_NONE NID_idea_ecb OP_NO_QUERY_MTU
- ERROR_SSL NID_idea_ofb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- ERROR_SYSCALL NID_info_access OP_NO_SSLv2
- ERROR_WANT_ACCEPT NID_initials OP_NO_SSLv3
- ERROR_WANT_CONNECT NID_invalidity_date OP_NO_TICKET
- ERROR_WANT_READ NID_issuer_alt_name OP_NO_TLSv1
- ERROR_WANT_WRITE NID_keyBag OP_NO_TLSv1_1
- ERROR_WANT_X509_LOOKUP NID_key_usage OP_NO_TLSv1_2
- ERROR_ZERO_RETURN NID_localKeyID OP_PKCS1_CHECK_1
- EVP_PKS_DSA NID_localityName OP_PKCS1_CHECK_2
- EVP_PKS_EC NID_md2 OP_SINGLE_DH_USE
- EVP_PKS_RSA NID_md2WithRSAEncryption OP_SINGLE_ECDH_USE
- EVP_PKT_ENC NID_md5 OP_SSLEAY_080_CLIENT_DH_BUG
- EVP_PKT_EXCH NID_md5WithRSA OP_SSLREF2_REUSE_CERT_TYPE_BUG
- EVP_PKT_EXP NID_md5WithRSAEncryption OP_TLS_BLOCK_PADDING_BUG
- EVP_PKT_SIGN NID_md5_sha1 OP_TLS_D5_BUG
- EVP_PK_DH NID_mdc2 OP_TLS_ROLLBACK_BUG
- EVP_PK_DSA NID_mdc2WithRSA READING
- EVP_PK_EC NID_ms_code_com RECEIVED_SHUTDOWN
- EVP_PK_RSA NID_ms_code_ind RSA_3
- FILETYPE_ASN1 NID_ms_ctl_sign RSA_F4
- FILETYPE_PEM NID_ms_efs R_BAD_AUTHENTICATION_TYPE
- F_CLIENT_CERTIFICATE NID_ms_ext_req R_BAD_CHECKSUM
- F_CLIENT_HELLO NID_ms_sgc R_BAD_MAC_DECODE
- F_CLIENT_MASTER_KEY NID_name R_BAD_RESPONSE_ARGUMENT
- F_D2I_SSL_SESSION NID_netscape R_BAD_SSL_FILETYPE
- F_GET_CLIENT_FINISHED NID_netscape_base_url R_BAD_SSL_SESSION_ID_LENGTH
- F_GET_CLIENT_HELLO NID_netscape_ca_policy_url R_BAD_STATE
- F_GET_CLIENT_MASTER_KEY NID_netscape_ca_revocation_url R_BAD_WRITE_RETRY
- F_GET_SERVER_FINISHED NID_netscape_cert_extension R_CHALLENGE_IS_DIFFERENT
- F_GET_SERVER_HELLO NID_netscape_cert_sequence R_CIPHER_TABLE_SRC_ERROR
- F_GET_SERVER_VERIFY NID_netscape_cert_type R_INVALID_CHALLENGE_LENGTH
- F_I2D_SSL_SESSION NID_netscape_comment R_NO_CERTIFICATE_SET
- F_READ_N NID_netscape_data_type R_NO_CERTIFICATE_SPECIFIED
- F_REQUEST_CERTIFICATE NID_netscape_renewal_url R_NO_CIPHER_LIST
- F_SERVER_HELLO NID_netscape_revocation_url R_NO_CIPHER_MATCH
- F_SSL_CERT_NEW NID_netscape_ssl_server_name R_NO_PRIVATEKEY
- F_SSL_GET_NEW_SESSION NID_ns_sgc R_NO_PUBLICKEY
- F_SSL_NEW NID_organizationName R_NULL_SSL_CTX
- F_SSL_READ NID_organizationalUnitName R_PEER_DID_NOT_RETURN_A_CERTIFICATE
- F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD2AndDES_CBC R_PEER_ERROR
- F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_CERTIFICATE
- F_SSL_SESSION_NEW NID_pbeWithMD5AndCast5_CBC R_PEER_ERROR_NO_CIPHER
- F_SSL_SESSION_PRINT_FP NID_pbeWithMD5AndDES_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
- F_SSL_SET_FD NID_pbeWithMD5AndRC2_CBC R_PUBLIC_KEY_ENCRYPT_ERROR
- F_SSL_SET_RFD NID_pbeWithSHA1AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA
- F_SSL_SET_WFD NID_pbeWithSHA1AndRC2_CBC R_READ_WRONG_PACKET_TYPE
- F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And128BitRC2_CBC R_SHORT_READ
- F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And128BitRC4 R_SSL_SESSION_ID_IS_DIFFERENT
- F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY
- F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_UNKNOWN_REMOTE_ERROR_TYPE
- F_SSL_USE_PRIVATEKEY_ASN1 NID_pbe_WithSHA1And40BitRC2_CBC R_UNKNOWN_STATE
- F_SSL_USE_PRIVATEKEY_FILE NID_pbe_WithSHA1And40BitRC4 R_X509_LIB
- F_SSL_USE_RSAPRIVATEKEY NID_pbes2 SENT_SHUTDOWN
- F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pbmac1 SESSION_ASN1_VERSION
- F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs ST_ACCEPT
- F_WRITE_PENDING NID_pkcs3 ST_BEFORE
- GEN_DIRNAME NID_pkcs7 ST_CONNECT
- GEN_DNS NID_pkcs7_data ST_INIT
- GEN_EDIPARTY NID_pkcs7_digest ST_OK
- GEN_EMAIL NID_pkcs7_encrypted ST_READ_BODY
- GEN_IPADD NID_pkcs7_enveloped ST_READ_HEADER
- GEN_OTHERNAME NID_pkcs7_signed TLSEXT_STATUSTYPE_ocsp
- GEN_RID NID_pkcs7_signedAndEnveloped VERIFY_CLIENT_ONCE
- GEN_URI NID_pkcs8ShroudedKeyBag VERIFY_FAIL_IF_NO_PEER_CERT
- GEN_X400 NID_pkcs9 VERIFY_NONE
- LIBRESSL_VERSION_NUMBER NID_pkcs9_challengePassword VERIFY_PEER
- MBSTRING_ASC NID_pkcs9_contentType V_OCSP_CERTSTATUS_GOOD
- MBSTRING_BMP NID_pkcs9_countersignature V_OCSP_CERTSTATUS_REVOKED
- MBSTRING_FLAG NID_pkcs9_emailAddress V_OCSP_CERTSTATUS_UNKNOWN
- MBSTRING_UNIV NID_pkcs9_extCertAttributes WRITING
- MBSTRING_UTF8 NID_pkcs9_messageDigest X509_LOOKUP
- MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_signingTime X509_PURPOSE_ANY
- MODE_ACCEPT_MOVING_WRITE_BUFFER NID_pkcs9_unstructuredAddress X509_PURPOSE_CRL_SIGN
- MODE_AUTO_RETRY NID_pkcs9_unstructuredName X509_PURPOSE_NS_SSL_SERVER
- MODE_ENABLE_PARTIAL_WRITE NID_private_key_usage_period X509_PURPOSE_OCSP_HELPER
- MODE_RELEASE_BUFFERS NID_rc2_40_cbc X509_PURPOSE_SMIME_ENCRYPT
- NID_OCSP_sign NID_rc2_64_cbc X509_PURPOSE_SMIME_SIGN
- NID_SMIMECapabilities NID_rc2_cbc X509_PURPOSE_SSL_CLIENT
- NID_X500 NID_rc2_cfb64 X509_PURPOSE_SSL_SERVER
- NID_X509 NID_rc2_ecb X509_PURPOSE_TIMESTAMP_SIGN
- NID_ad_OCSP NID_rc2_ofb64 X509_TRUST_COMPAT
- NID_ad_ca_issuers NID_rc4 X509_TRUST_EMAIL
- NID_algorithm NID_rc4_40 X509_TRUST_OBJECT_SIGN
- NID_authority_key_identifier NID_rc5_cbc X509_TRUST_OCSP_REQUEST
- NID_basic_constraints NID_rc5_cfb64 X509_TRUST_OCSP_SIGN
- NID_bf_cbc NID_rc5_ecb X509_TRUST_SSL_CLIENT
- NID_bf_cfb64 NID_rc5_ofb64 X509_TRUST_SSL_SERVER
- NID_bf_ecb NID_ripemd160 X509_TRUST_TSA
- NID_bf_ofb64 NID_ripemd160WithRSA X509_V_FLAG_ALLOW_PROXY_CERTS
- NID_cast5_cbc NID_rle_compression X509_V_FLAG_CB_ISSUER_CHECK
- NID_cast5_cfb64 NID_rsa X509_V_FLAG_CHECK_SS_SIGNATURE
- NID_cast5_ecb NID_rsaEncryption X509_V_FLAG_CRL_CHECK
- NID_cast5_ofb64 NID_rsadsi X509_V_FLAG_CRL_CHECK_ALL
- NID_certBag NID_safeContentsBag X509_V_FLAG_EXPLICIT_POLICY
- NID_certificate_policies NID_sdsiCertificate X509_V_FLAG_EXTENDED_CRL_SUPPORT
- NID_client_auth NID_secretBag X509_V_FLAG_IGNORE_CRITICAL
- NID_code_sign NID_serialNumber X509_V_FLAG_INHIBIT_ANY
- NID_commonName NID_server_auth X509_V_FLAG_INHIBIT_MAP
- NID_countryName NID_sha X509_V_FLAG_NOTIFY_POLICY
- NID_crlBag NID_sha1 X509_V_FLAG_POLICY_CHECK
- NID_crl_distribution_points NID_sha1WithRSA X509_V_FLAG_POLICY_MASK
- NID_crl_number NID_sha1WithRSAEncryption X509_V_FLAG_USE_CHECK_TIME
- NID_crl_reason NID_shaWithRSAEncryption X509_V_FLAG_USE_DELTAS
- NID_delta_crl NID_stateOrProvinceName X509_V_FLAG_X509_STRICT
- NID_des_cbc NID_subject_alt_name X509_V_OK
- NID_des_cfb64 NID_subject_key_identifier XN_FLAG_COMPAT
- NID_des_ecb NID_surname XN_FLAG_DN_REV
- NID_des_ede NID_sxnet XN_FLAG_DUMP_UNKNOWN_FIELDS
- NID_des_ede3 NID_time_stamp XN_FLAG_FN_ALIGN
- NID_des_ede3_cbc NID_title XN_FLAG_FN_LN
- NID_des_ede3_cfb64 NID_undef XN_FLAG_FN_MASK
- NID_des_ede3_ofb64 NID_uniqueIdentifier XN_FLAG_FN_NONE
- NID_des_ede_cbc NID_x509Certificate XN_FLAG_FN_OID
- NID_des_ede_cfb64 NID_x509Crl XN_FLAG_FN_SN
- NID_des_ede_ofb64 NID_zlib_compression XN_FLAG_MULTILINE
- NID_des_ofb64 NOTHING XN_FLAG_ONELINE
- NID_description OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_RFC2253
- NID_desx_cbc OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_SEP_COMMA_PLUS
- NID_dhKeyAgreement OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_SEP_CPLUS_SPC
- NID_dnQualifier OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_SEP_MASK
- NID_dsa OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_SEP_MULTILINE
- NID_dsaWithSHA OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_SPLUS_SPC
- NID_dsaWithSHA1 OPENSSL_VERSION_NUMBER XN_FLAG_SPC_EQ
- NID_dsaWithSHA1_2 OP_ALL
+ ASN1_STRFLGS_ESC_CTRL NID_ext_key_usage OP_CRYPTOPRO_TLSEXT_BUG
+ ASN1_STRFLGS_ESC_MSB NID_ext_req OP_DONT_INSERT_EMPTY_FRAGMENTS
+ ASN1_STRFLGS_ESC_QUOTE NID_friendlyName OP_EPHEMERAL_RSA
+ ASN1_STRFLGS_RFC2253 NID_givenName OP_LEGACY_SERVER_CONNECT
+ CB_ACCEPT_EXIT NID_hmacWithSHA1 OP_MICROSOFT_BIG_SSLV3_BUFFER
+ CB_ACCEPT_LOOP NID_id_ad OP_MICROSOFT_SESS_ID_BUG
+ CB_ALERT NID_id_ce OP_MSIE_SSLV2_RSA_PADDING
+ CB_CONNECT_EXIT NID_id_kp OP_NETSCAPE_CA_DN_BUG
+ CB_CONNECT_LOOP NID_id_pbkdf2 OP_NETSCAPE_CHALLENGE_BUG
+ CB_EXIT NID_id_pe OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+ CB_HANDSHAKE_DONE NID_id_pkix OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ CB_HANDSHAKE_START NID_id_qt_cps OP_NON_EXPORT_FIRST
+ CB_LOOP NID_id_qt_unotice OP_NO_COMPRESSION
+ CB_READ NID_idea_cbc OP_NO_QUERY_MTU
+ CB_READ_ALERT NID_idea_cfb64 OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ CB_WRITE NID_idea_ecb OP_NO_SSLv2
+ CB_WRITE_ALERT NID_idea_ofb64 OP_NO_SSLv3
+ ERROR_NONE NID_info_access OP_NO_TICKET
+ ERROR_SSL NID_initials OP_NO_TLSv1
+ ERROR_SYSCALL NID_invalidity_date OP_NO_TLSv1_1
+ ERROR_WANT_ACCEPT NID_issuer_alt_name OP_NO_TLSv1_2
+ ERROR_WANT_CONNECT NID_keyBag OP_PKCS1_CHECK_1
+ ERROR_WANT_READ NID_key_usage OP_PKCS1_CHECK_2
+ ERROR_WANT_WRITE NID_localKeyID OP_SINGLE_DH_USE
+ ERROR_WANT_X509_LOOKUP NID_localityName OP_SINGLE_ECDH_USE
+ ERROR_ZERO_RETURN NID_md2 OP_SSLEAY_080_CLIENT_DH_BUG
+ EVP_PKS_DSA NID_md2WithRSAEncryption OP_SSLREF2_REUSE_CERT_TYPE_BUG
+ EVP_PKS_EC NID_md5 OP_TLS_BLOCK_PADDING_BUG
+ EVP_PKS_RSA NID_md5WithRSA OP_TLS_D5_BUG
+ EVP_PKT_ENC NID_md5WithRSAEncryption OP_TLS_ROLLBACK_BUG
+ EVP_PKT_EXCH NID_md5_sha1 READING
+ EVP_PKT_EXP NID_mdc2 RECEIVED_SHUTDOWN
+ EVP_PKT_SIGN NID_mdc2WithRSA RSA_3
+ EVP_PK_DH NID_ms_code_com RSA_F4
+ EVP_PK_DSA NID_ms_code_ind R_BAD_AUTHENTICATION_TYPE
+ EVP_PK_EC NID_ms_ctl_sign R_BAD_CHECKSUM
+ EVP_PK_RSA NID_ms_efs R_BAD_MAC_DECODE
+ FILETYPE_ASN1 NID_ms_ext_req R_BAD_RESPONSE_ARGUMENT
+ FILETYPE_PEM NID_ms_sgc R_BAD_SSL_FILETYPE
+ F_CLIENT_CERTIFICATE NID_name R_BAD_SSL_SESSION_ID_LENGTH
+ F_CLIENT_HELLO NID_netscape R_BAD_STATE
+ F_CLIENT_MASTER_KEY NID_netscape_base_url R_BAD_WRITE_RETRY
+ F_D2I_SSL_SESSION NID_netscape_ca_policy_url R_CHALLENGE_IS_DIFFERENT
+ F_GET_CLIENT_FINISHED NID_netscape_ca_revocation_url R_CIPHER_TABLE_SRC_ERROR
+ F_GET_CLIENT_HELLO NID_netscape_cert_extension R_INVALID_CHALLENGE_LENGTH
+ F_GET_CLIENT_MASTER_KEY NID_netscape_cert_sequence R_NO_CERTIFICATE_SET
+ F_GET_SERVER_FINISHED NID_netscape_cert_type R_NO_CERTIFICATE_SPECIFIED
+ F_GET_SERVER_HELLO NID_netscape_comment R_NO_CIPHER_LIST
+ F_GET_SERVER_VERIFY NID_netscape_data_type R_NO_CIPHER_MATCH
+ F_I2D_SSL_SESSION NID_netscape_renewal_url R_NO_PRIVATEKEY
+ F_READ_N NID_netscape_revocation_url R_NO_PUBLICKEY
+ F_REQUEST_CERTIFICATE NID_netscape_ssl_server_name R_NULL_SSL_CTX
+ F_SERVER_HELLO NID_ns_sgc R_PEER_DID_NOT_RETURN_A_CERTIFICATE
+ F_SSL_CERT_NEW NID_organizationName R_PEER_ERROR
+ F_SSL_GET_NEW_SESSION NID_organizationalUnitName R_PEER_ERROR_CERTIFICATE
+ F_SSL_NEW NID_pbeWithMD2AndDES_CBC R_PEER_ERROR_NO_CIPHER
+ F_SSL_READ NID_pbeWithMD2AndRC2_CBC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
+ F_SSL_RSA_PRIVATE_DECRYPT NID_pbeWithMD5AndCast5_CBC R_PUBLIC_KEY_ENCRYPT_ERROR
+ F_SSL_RSA_PUBLIC_ENCRYPT NID_pbeWithMD5AndDES_CBC R_PUBLIC_KEY_IS_NOT_RSA
+ F_SSL_SESSION_NEW NID_pbeWithMD5AndRC2_CBC R_READ_WRONG_PACKET_TYPE
+ F_SSL_SESSION_PRINT_FP NID_pbeWithSHA1AndDES_CBC R_SHORT_READ
+ F_SSL_SET_FD NID_pbeWithSHA1AndRC2_CBC R_SSL_SESSION_ID_IS_DIFFERENT
+ F_SSL_SET_RFD NID_pbe_WithSHA1And128BitRC2_CBC R_UNABLE_TO_EXTRACT_PUBLIC_KEY
+ F_SSL_SET_WFD NID_pbe_WithSHA1And128BitRC4 R_UNKNOWN_REMOTE_ERROR_TYPE
+ F_SSL_USE_CERTIFICATE NID_pbe_WithSHA1And2_Key_TripleDES_CBC R_UNKNOWN_STATE
+ F_SSL_USE_CERTIFICATE_ASN1 NID_pbe_WithSHA1And3_Key_TripleDES_CBC R_X509_LIB
+ F_SSL_USE_CERTIFICATE_FILE NID_pbe_WithSHA1And40BitRC2_CBC SENT_SHUTDOWN
+ F_SSL_USE_PRIVATEKEY NID_pbe_WithSHA1And40BitRC4 SESSION_ASN1_VERSION
+ F_SSL_USE_PRIVATEKEY_ASN1 NID_pbes2 ST_ACCEPT
+ F_SSL_USE_PRIVATEKEY_FILE NID_pbmac1 ST_BEFORE
+ F_SSL_USE_RSAPRIVATEKEY NID_pkcs ST_CONNECT
+ F_SSL_USE_RSAPRIVATEKEY_ASN1 NID_pkcs3 ST_INIT
+ F_SSL_USE_RSAPRIVATEKEY_FILE NID_pkcs7 ST_OK
+ F_WRITE_PENDING NID_pkcs7_data ST_READ_BODY
+ GEN_DIRNAME NID_pkcs7_digest ST_READ_HEADER
+ GEN_DNS NID_pkcs7_encrypted TLSEXT_STATUSTYPE_ocsp
+ GEN_EDIPARTY NID_pkcs7_enveloped VERIFY_CLIENT_ONCE
+ GEN_EMAIL NID_pkcs7_signed VERIFY_FAIL_IF_NO_PEER_CERT
+ GEN_IPADD NID_pkcs7_signedAndEnveloped VERIFY_NONE
+ GEN_OTHERNAME NID_pkcs8ShroudedKeyBag VERIFY_PEER
+ GEN_RID NID_pkcs9 V_OCSP_CERTSTATUS_GOOD
+ GEN_URI NID_pkcs9_challengePassword V_OCSP_CERTSTATUS_REVOKED
+ GEN_X400 NID_pkcs9_contentType V_OCSP_CERTSTATUS_UNKNOWN
+ LIBRESSL_VERSION_NUMBER NID_pkcs9_countersignature WRITING
+ MBSTRING_ASC NID_pkcs9_emailAddress X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
+ MBSTRING_BMP NID_pkcs9_extCertAttributes X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ MBSTRING_FLAG NID_pkcs9_messageDigest X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
+ MBSTRING_UNIV NID_pkcs9_signingTime X509_CHECK_FLAG_NO_WILDCARDS
+ MBSTRING_UTF8 NID_pkcs9_unstructuredAddress X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
+ MIN_RSA_MODULUS_LENGTH_IN_BYTES NID_pkcs9_unstructuredName X509_LOOKUP
+ MODE_ACCEPT_MOVING_WRITE_BUFFER NID_private_key_usage_period X509_PURPOSE_ANY
+ MODE_AUTO_RETRY NID_rc2_40_cbc X509_PURPOSE_CRL_SIGN
+ MODE_ENABLE_PARTIAL_WRITE NID_rc2_64_cbc X509_PURPOSE_NS_SSL_SERVER
+ MODE_RELEASE_BUFFERS NID_rc2_cbc X509_PURPOSE_OCSP_HELPER
+ NID_OCSP_sign NID_rc2_cfb64 X509_PURPOSE_SMIME_ENCRYPT
+ NID_SMIMECapabilities NID_rc2_ecb X509_PURPOSE_SMIME_SIGN
+ NID_X500 NID_rc2_ofb64 X509_PURPOSE_SSL_CLIENT
+ NID_X509 NID_rc4 X509_PURPOSE_SSL_SERVER
+ NID_ad_OCSP NID_rc4_40 X509_PURPOSE_TIMESTAMP_SIGN
+ NID_ad_ca_issuers NID_rc5_cbc X509_TRUST_COMPAT
+ NID_algorithm NID_rc5_cfb64 X509_TRUST_EMAIL
+ NID_authority_key_identifier NID_rc5_ecb X509_TRUST_OBJECT_SIGN
+ NID_basic_constraints NID_rc5_ofb64 X509_TRUST_OCSP_REQUEST
+ NID_bf_cbc NID_ripemd160 X509_TRUST_OCSP_SIGN
+ NID_bf_cfb64 NID_ripemd160WithRSA X509_TRUST_SSL_CLIENT
+ NID_bf_ecb NID_rle_compression X509_TRUST_SSL_SERVER
+ NID_bf_ofb64 NID_rsa X509_TRUST_TSA
+ NID_cast5_cbc NID_rsaEncryption X509_V_FLAG_ALLOW_PROXY_CERTS
+ NID_cast5_cfb64 NID_rsadsi X509_V_FLAG_CB_ISSUER_CHECK
+ NID_cast5_ecb NID_safeContentsBag X509_V_FLAG_CHECK_SS_SIGNATURE
+ NID_cast5_ofb64 NID_sdsiCertificate X509_V_FLAG_CRL_CHECK
+ NID_certBag NID_secretBag X509_V_FLAG_CRL_CHECK_ALL
+ NID_certificate_policies NID_serialNumber X509_V_FLAG_EXPLICIT_POLICY
+ NID_client_auth NID_server_auth X509_V_FLAG_EXTENDED_CRL_SUPPORT
+ NID_code_sign NID_sha X509_V_FLAG_IGNORE_CRITICAL
+ NID_commonName NID_sha1 X509_V_FLAG_INHIBIT_ANY
+ NID_countryName NID_sha1WithRSA X509_V_FLAG_INHIBIT_MAP
+ NID_crlBag NID_sha1WithRSAEncryption X509_V_FLAG_NOTIFY_POLICY
+ NID_crl_distribution_points NID_shaWithRSAEncryption X509_V_FLAG_POLICY_CHECK
+ NID_crl_number NID_stateOrProvinceName X509_V_FLAG_POLICY_MASK
+ NID_crl_reason NID_subject_alt_name X509_V_FLAG_TRUSTED_FIRST
+ NID_delta_crl NID_subject_key_identifier X509_V_FLAG_USE_CHECK_TIME
+ NID_des_cbc NID_surname X509_V_FLAG_USE_DELTAS
+ NID_des_cfb64 NID_sxnet X509_V_FLAG_X509_STRICT
+ NID_des_ecb NID_time_stamp X509_V_OK
+ NID_des_ede NID_title XN_FLAG_COMPAT
+ NID_des_ede3 NID_undef XN_FLAG_DN_REV
+ NID_des_ede3_cbc NID_uniqueIdentifier XN_FLAG_DUMP_UNKNOWN_FIELDS
+ NID_des_ede3_cfb64 NID_x509Certificate XN_FLAG_FN_ALIGN
+ NID_des_ede3_ofb64 NID_x509Crl XN_FLAG_FN_LN
+ NID_des_ede_cbc NID_zlib_compression XN_FLAG_FN_MASK
+ NID_des_ede_cfb64 NOTHING XN_FLAG_FN_NONE
+ NID_des_ede_ofb64 OCSP_RESPONSE_STATUS_INTERNALERROR XN_FLAG_FN_OID
+ NID_des_ofb64 OCSP_RESPONSE_STATUS_MALFORMEDREQUEST XN_FLAG_FN_SN
+ NID_description OCSP_RESPONSE_STATUS_SIGREQUIRED XN_FLAG_MULTILINE
+ NID_desx_cbc OCSP_RESPONSE_STATUS_SUCCESSFUL XN_FLAG_ONELINE
+ NID_dhKeyAgreement OCSP_RESPONSE_STATUS_TRYLATER XN_FLAG_RFC2253
+ NID_dnQualifier OCSP_RESPONSE_STATUS_UNAUTHORIZED XN_FLAG_SEP_COMMA_PLUS
+ NID_dsa OPENSSL_VERSION_NUMBER XN_FLAG_SEP_CPLUS_SPC
+ NID_dsaWithSHA OP_ALL XN_FLAG_SEP_MASK
+ NID_dsaWithSHA1 OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION XN_FLAG_SEP_MULTILINE
+ NID_dsaWithSHA1_2 OP_CIPHER_SERVER_PREFERENCE XN_FLAG_SEP_SPLUS_SPC
+ NID_dsa_2 OP_CISCO_ANYCONNECT XN_FLAG_SPC_EQ
+ NID_email_protect OP_COOKIE_EXCHANGE
/);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/t/local/35_ephemeral.t new/Net-SSLeay-1.69/t/local/35_ephemeral.t
--- old/Net-SSLeay-1.68/t/local/35_ephemeral.t 2012-12-04 02:49:11.000000000 +0100
+++ new/Net-SSLeay-1.69/t/local/35_ephemeral.t 2015-05-18 23:06:15.000000000 +0200
@@ -2,9 +2,15 @@
use strict;
use warnings;
-use Test::More tests => 3;
+use Test::More;
use Net::SSLeay;
+BEGIN {
+ plan skip_all => "libressl removed support for ephemeral/temporary RSA private keys" if Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER");
+}
+
+plan tests => 3;
+
Net::SSLeay::randomize();
Net::SSLeay::load_error_strings();
Net::SSLeay::ERR_load_crypto_strings();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Net-SSLeay-1.68/t/local/41_alpn_support.t new/Net-SSLeay-1.69/t/local/41_alpn_support.t
--- old/Net-SSLeay-1.68/t/local/41_alpn_support.t 2015-01-13 06:44:31.000000000 +0100
+++ new/Net-SSLeay-1.69/t/local/41_alpn_support.t 2015-05-18 09:01:38.000000000 +0200
@@ -11,7 +11,6 @@
BEGIN {
plan skip_all => "openssl 1.0.2 required" unless Net::SSLeay::SSLeay >= 0x10002000;
- plan skip_all => "libressl not supported" if defined &Net::SSLeay::LIBRESSL_VERSION_NUMBER;
plan skip_all => "fork() not supported on $^O" unless $Config{d_fork};
}
++++++ net-ssleay-no-ofb.patch ++++++
Index: Net-SSLeay-1.69/t/local/33_x509_create_cert.t
===================================================================
--- Net-SSLeay-1.69.orig/t/local/33_x509_create_cert.t
+++ Net-SSLeay-1.69/t/local/33_x509_create_cert.t
@@ -2,7 +2,7 @@
use strict;
use warnings;
-use Test::More tests => 123;
+use Test::More tests => 121;
use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/;
use File::Spec;
use utf8;
@@ -100,8 +100,9 @@ is(Net::SSLeay::X509_NAME_cmp($ca_issuer
ok(my $alg1 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-CBC"), "EVP_get_cipherbyname");
like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
- ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
- like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
+# OFB is not in our openssl 1.0.2 - Marcus
+# ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname");
+# like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg");
is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex");