First cut of a cleanup for apps/. First the `ssleay' program is now named

`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.

Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.

CHANGES

@@ -5,6 +5,12 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall]
+
   *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
      BIT STRING wrapper always have zero unused bits.
      [Steve Henson]

apps/.cvsignore

-ssleay
+openssl

apps/Makefile.ssl

 #
-# SSLeay/apps/Makefile.ssl
+#  apps/Makefile.ssl
 #
 
 DIR=		apps
@@ -25,18 +25,18 @@ DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 
-SSLEAY= ssleay
+PROGRAM= openssl
 
-SCRIPTS=CA.sh der_chop CA.pl
+SCRIPTS=CA.sh CA.pl der_chop
 
-EXE= $(SSLEAY)
+EXE= $(PROGRAM)
 
 E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
 	rsa dsa dsaparam \
 	x509 genrsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers
 
-PROGS= $(SSLEAY).c
+PROGS= $(PROGRAM).c
 
 A_OBJ=apps.o
 A_SRC=apps.c
@@ -86,18 +86,15 @@ sreq.o: req.c
 files:
 	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-install: mklinks
-	@for i in $(EXE) $(SCRIPTS) mklinks; \
+install:
+	@for i in $(EXE) $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
 	 cp $$i $(INSTALLTOP)/bin/$$i; \
 	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
 	 done; \
-	cp ssleay.cnf $(INSTALLTOP)/lib
-	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
-	cd $(INSTALLTOP)/bin; \
-	/bin/sh ./mklinks; \
-	/bin/rm -f ./mklinks
+	cp openssl.cnf $(INSTALLTOP)/lib; \
+	chmod 644 $(INSTALLTOP)/lib/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -130,15 +127,12 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ../crypto; $(MAKE))
 
-$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(SSLEAY)
-	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
+	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 
 progs.h:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
-	$(RM) $(SSLEAY).o
-
-mklinks:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
+	perl ./progs.pl $(E_EXE) >progs.h
+	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

apps/ext.v3

-2.99999.3	SET.ex3		SET x509v3 extension 3
-

apps/g_ssleay.pl

-#!/usr/local/bin/perl
-
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
-
-grep(s/^asn1pars$/asn1parse/,@ARGV);
-
-foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
-
-print <<'EOF';
-
-#ifdef SSLEAY_SRC
-
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-
-typedef struct {
-	int type;
-	char *name;
-	int (*func)();
-	} FUNCTION;
-
-FUNCTION functions[] = {
-EOF
-
-foreach (@ARGV)
-	{
-	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
-	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
-		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
-	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
-		{ print "#ifndef NO_DH\n${str}#endif\n"; }
-	else
-		{ print $str; }
-	}
-
-foreach ("md2","md5","sha","sha1","mdc2","rmd160")
-	{
-	push(@files,$_);
-	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
-	}
-
-foreach (
-	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
-	"des-ecb", "des-ede",    "des-ede3",
-	"des-cbc", "des-ede-cbc","des-ede3-cbc",
-	"des-cfb", "des-ede-cfb","des-ede3-cfb",
-	"des-ofb", "des-ede-ofb","des-ede3-ofb",
-	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
-	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
-	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
-	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
-	{
-	push(@files,$_);
-
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
-	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
-	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
-	print $t;
-	}
-
-print "\t{0,NULL,NULL}\n\t};\n";
-print "#endif\n\n";
-
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);

apps/mklinks

-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done

apps/openssl.c

-/* apps/ssleay.c */
+/* apps/openssl.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -152,12 +152,14 @@ char *Argv[];
 	ERR_load_crypto_strings();
 
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
 		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
 
@@ -191,7 +193,7 @@ char *Argv[];
 		goto end;
 		}
 
-	/* ok, lets enter the old 'SSLeay>' mode */
+	/* ok, lets enter the old 'OpenSSL>' mode */
 	
 	for (;;)
 		{
@@ -204,7 +206,7 @@ char *Argv[];
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else	prompt="SSLeay>";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -278,10 +280,10 @@ char *argv[];
 		}
 	else
 		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
+		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
-		fp=functions;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
@@ -299,17 +301,17 @@ char *argv[];
 					{
 					i=1;
 					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
+						"\nMessage Digest commands (see the `dgst' command for more details)\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
-		BIO_printf(bio_err,"\nquit\n");
+		BIO_printf(bio_err,"\n\n");
 		ret=0;
 		}
 end:

apps/openssl.cnf

 #
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 
@@ -80,7 +80,7 @@ localityName			= Locality Name (eg, city)
 
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
+#1.organizationName_default	= World Wide Web Pty Ltd
 
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
@@ -102,7 +102,7 @@ unstructuredName		= An optional company name
 
 [ x509v3_extensions ]
 
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
+nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 nsComment			= "This is a comment"
 
 # under ASN.1, the 0 bit would be encoded as 80

apps/progs.pl

 #!/usr/local/bin/perl
 
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
 print "#ifndef NOPROTO\n";
 
 grep(s/^asn1pars$/asn1parse/,@ARGV);
@@ -38,8 +35,7 @@ foreach (@ARGV)
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
 		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) 
 		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
 		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
@@ -84,31 +80,3 @@ foreach (
 print "\t{0,NULL,NULL}\n\t};\n";
 print "#endif\n\n";
 
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);

apps/req.c

@@ -357,12 +357,14 @@ bad:
 
 #ifndef MONOLITH
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
+	if (p == NULL)
+		p=getenv("SSLEAY_CONF");
 	if (p == NULL)
 		{
 		strcpy(config_name,X509_get_default_cert_area());
 		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
+		strcat(config_name,OPENSSL_CONF);
 		p=config_name;
 		}
         default_config_file=p;

apps/rmlinks

-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
-do
-echo removing $i
-/bin/rm -f $i
-done

apps/ssleay.c

-/* apps/ssleay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef DEBUG
-#undef DEBUG
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#define SSLEAY	/* turn off a few special case MONOLITH macros */
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define SSLEAY_SRC
-#include "apps.h"
-#include "s_apps.h"
-#include "err.h"
-
-/*
-#ifdef WINDOWS
-#include "bss_file.c"
-#endif
-*/
-
-#ifndef NOPROTO
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-#endif
-
-LHASH *config=NULL;
-char *default_config_file=NULL;
-
-#ifdef DEBUG
-static void sig_stop(i)
-int i;
-	{
-	char *a=NULL;
-
-	*a='\0';
-	}
-#endif
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-BIO *bio_err=NULL;
-#endif
-
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
-	{
-	ARGS arg;
-#define PROG_NAME_SIZE	16
-	char pname[PROG_NAME_SIZE];
-	FUNCTION f,*fp;
-	MS_STATIC char *prompt,buf[1024],config_name[256];
-	int n,i,ret=0;
-	int argc;
-	char **argv,*p;
-	LHASH *prog=NULL;
-	long errline;
- 
-	arg.data=NULL;
-	arg.count=0;
-
-	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
-	apps_startup();
-
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
-	signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
-	signal(SIGSEGV,sig_stop);
-#endif
-#endif
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-
-	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
-	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
-		p=config_name;
-		}
-
-	default_config_file=p;
-
-	config=CONF_load(config,p,&errline);
-	if (config == NULL) ERR_clear_error();
-
-	prog=prog_init();
-
-	/* first check the program name */
-	program_name(Argv[0],pname,PROG_NAME_SIZE);
-
-	f.name=pname;
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		Argv[0]=pname;
-		ret=fp->func(Argc,Argv);
-		goto end;
-		}
-
-	/* ok, now check that there are not arguments, if there are,
-	 * run with them, shifting the ssleay off the front */
-	if (Argc != 1)
-		{
-		Argc--;
-		Argv++;
-		ret=do_cmd(prog,Argc,Argv);
-		if (ret < 0) ret=0;
-		goto end;
-		}
-
-	/* ok, lets enter the old 'SSLeay>' mode */
-	
-	for (;;)
-		{
-		ret=0;
-		p=buf;
-		n=1024;
-		i=0;
-		for (;;)
-			{
-			p[0]='\0';
-			if (i++)
-				prompt=">";
-			else	prompt="SSLeay>";
-			fputs(prompt,stdout);
-			fflush(stdout);
-			fgets(p,n,stdin);
-			if (p[0] == '\0') goto end;
-			i=strlen(p);
-			if (i <= 1) break;
-			if (p[i-2] != '\\') break;
-			i-=2;
-			p+=i;
-			n-=i;
-			}
-		if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
-		ret=do_cmd(prog,argc,argv);
-		if (ret < 0)
-			{
-			ret=0;
-			goto end;
-			}
-		if (ret != 0)
-			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		BIO_flush(bio_err);
-		}
-	BIO_printf(bio_err,"bad exit\n");
-	ret=1;
-end:
-	if (config != NULL)
-		{
-		CONF_free(config);
-		config=NULL;
-		}
-	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) Free(arg.data);
-	ERR_remove_state(0);
-
-	EVP_cleanup();
-	ERR_free_strings();
-
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err=NULL;
-		}
-	EXIT(ret);
-	}
-
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
-	{
-	FUNCTION f,*fp;
-	int i,ret=1,tp,nl;
-
-	if ((argc <= 0) || (argv[0] == NULL))
-		{ ret=0; goto end; }
-	f.name=argv[0];
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		ret=fp->func(argc,argv);
-		}
-	else if ((strcmp(argv[0],"quit") == 0) ||
-		(strcmp(argv[0],"q") == 0) ||
-		(strcmp(argv[0],"exit") == 0) ||
-		(strcmp(argv[0],"bye") == 0))
-		{
-		ret= -1;
-		goto end;
-		}
-	else
-		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
-			argv[0]);
-		i=0;
-		fp=functions;
-		tp=0;
-		for (fp=functions; fp->name != NULL; fp++)
-			{
-			nl=0;
-			if (((i++) % 5) == 0)
-				{
-				BIO_printf(bio_err,"\n");
-				nl=1;
-				}
-			if (fp->type != tp)
-				{
-				tp=fp->type;
-				if (!nl) BIO_printf(bio_err,"\n");
-				if (tp == FUNC_TYPE_MD)
-					{
-					i=1;
-					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
-					}
-				else if (tp == FUNC_TYPE_CIPHER)
-					{
-					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
-					}
-				}
-			BIO_printf(bio_err,"%-15s",fp->name);
-			}
-		BIO_printf(bio_err,"\nquit\n");
-		ret=0;
-		}
-end:
-	return(ret);
-	}
-
-static LHASH *prog_init()
-	{
-	LHASH *ret;
-	FUNCTION *f;
-
-	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
-
-	for (f=functions; f->name != NULL; f++)
-		lh_insert(ret,(char *)f);
-	return(ret);
-	}
-
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
-	{
-	return(strncmp(a->name,b->name,8));
-	}
-
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
-	{
-	return(lh_strhash(a->name));
-	}
-
-#undef SSLEAY

apps/ssleay.cnf

-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $ENV::HOME/.rnd
-oid_file		= $ENV::HOME/.oid
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-SET-ex3				= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ x509v3_extensions ]
-
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
-
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
-
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
-

crypto/objects/obj_dat.h

@@ -61,12 +61,12 @@
  * perl obj_dat.pl < objects.h > obj_dat.h
  */
 
-#define NUM_NID 126
-#define NUM_SN 97
-#define NUM_LN 124
-#define NUM_OBJ 98
+#define NUM_NID 127
+#define NUM_SN 98
+#define NUM_LN 125
+#define NUM_OBJ 99
 
-static unsigned char lvalues[611]={
+static unsigned char lvalues[614]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -165,6 +165,7 @@ static unsigned char lvalues[611]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [592] OBJ_rc5_cbc */
 0x29,0x01,0x01,0x85,0x1A,                    /* [600] OBJ_rle_compression */
 0x29,0x01,0x01,0x85,0x1A,                    /* [605] OBJ_zlib_compression */
+0x55,0x1D,0x25,                              /* [610] OBJ_ext_key_usage */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -336,6 +337,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
 {"RLE","run length compression",NID_rle_compression,5,&(lvalues[600]),0},
 {"ZLIB","zlib compression",NID_zlib_compression,5,&(lvalues[605]),0},
+{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
+	&(lvalues[610]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -419,6 +422,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[89]),/* "certificatePolicies" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[126]),/* "extendedKeyUsage" */
 &(nid_objs[86]),/* "issuerAltName" */
 &(nid_objs[83]),/* "keyUsage" */
 &(nid_objs[81]),/* "ld-ce" */
@@ -458,6 +462,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
 &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
@@ -593,11 +598,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
 &(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
+&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */

e_os.h

@@ -172,7 +172,8 @@ extern "C" {
 #ifndef R_OK
 #  define R_OK	4
 #endif
-#  define SSLEAY_CONF	"ssleay.cnf"
+#  define OPENSSL_CONF	"openssl.cnf"
+#  define SSLEAY_CONF	OPENSSL_CONF
 #  define NUL_DEV	"nul"
 #  define RFILE		".rnd"
 
@@ -184,7 +185,8 @@ extern "C" {
 #    include <unistd.h>
 #  endif
 
-#  define SSLEAY_CONF	"ssleay.cnf"
+#  define OPENSSL_CONF	"openssl.cnf"
+#  define SSLEAY_CONF	OPENSSL_CONF
 #  define RFILE		".rnd"
 #  define LIST_SEPARATOR_CHAR ':'
 #  ifndef MONOLITH