Документ взят из кэша поисковой машины. Адрес оригинального документа : http://comet.sai.msu.ru/docs/ssl/changes.html
Дата изменения: Tue Sep 9 17:47:40 1997
Дата индексирования: Mon Oct 1 21:24:14 2012
Кодировка:

Поисковые слова: m 5


Table of Contents




1. Documentation

I've added in a few more things to the documentation mainly in the area of error handling. A couple of typo's have been corrected. 


2. Ported Code

Some minor changes here to fix a few problems. 

2.1 telnetd

In SSLtelnet 0.2:

Changed telnetd to get it's certificates and keys from the same area using the new function X509_get_default_cert_area() that was added specifically for this purpose. You can now change the install location for this stuff in one place rsa/location.h.

Added as well command line options for overriding the "standard" locations

 -z cert=filename
 -z key=filename

Note: I still have not added in the real verification stuff here as it needs better documentation. At the moment you should simply read what Eric has in ssl/README and the code for ssl_client and ssl_server. 

2.1.1 Trusted certficates supported

In SSLtelnet 0.3:

Thanks to Steven Schoch <schoch@sheba.arc.nasa.gov> we now have a version of telnet and telnetd that can (as long as you enable it with a new server and client option) enable a user to telnet to the telnetd and not be asked for a password if they send a certificate that is signed by a trusted CA (which you naturally configure yourself) for those users in the new /etc/ssl.users file.

I've made some alterations to the patches to allow the server to set a flag to enable/disable this feature and to all comments in the ssl.users file ... all rather minor changes.

You login must support the -f flag ... or you need to use sralogin (which is included) and also need to define USE_SRALOGIN during making of telnetd (set it in the top level makefile).

 telnetd:
 -z certsok
 
 telnet:
 -z cert=filename
 -z key=filename


2.2 httpd

Did the same stuff as for telnetd.

SSLhttpd distribution includes the full sources for my current development version based on NCSA httpd 1.3 ... it has support for cgi's mostly working. 

2.3 ftp

SSLftp now exists ... and was used (unintentionally) to find some bugs in SSLeay [which Eric fixed quickly once found] ...

In SSLftp 0.3:

Fixed a bug in the client that seems to be common with lots of ftp clients based on the SRA stuff or the BSD/Net2 release ... wildcard directory searches broken. (Same bug in the ftp that comes with SOCKS too)