./net/ucspi-ssl, Command-line tools for SSL client-server applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.99b, Package name: ucspi-ssl-0.99b, Maintainer: schmonz

sslserver and sslclient are command-line tools for building SSL
client-server applications. They conform to the UNIX Client-Server
Program Interface, UCSPI.

sslserver listens for connections, and runs a program for each
connection it accepts. The program environment includes variables
that hold the local and remote host names, IP addresses, and port
numbers. sslserver offers a concurrency limit on acceptance of new
connections, and selective handling of connections based on client

sslclient requests a connection to a TCP socket, and runs a program.
The program environment includes the same variables as for sslserver.

Required to build:

Package options: djbware-errno-hack

Master sites:

SHA1: a3022e1a3d39165f5388a87be398510228634884
RMD160: 337f968bd66a6340c4ca4f37d302de64d14abac2
Filesize: 110 KB

Version history: (Expand)

CVS history: (Expand)

   2017-07-22 04:58:09 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 0.99b. From the changelog:

- Included PID in sslserver + sslhandle abend logs in case of SSL failure.
- Removed references to 'gcc' and used 'cc' instead.
- New build with better error log for ssl abends.
   2017-06-17 05:49:04 by Amitai Schleier | Files touched by this commit (3)
Log message:
Rather than try to detect -ldl, use known values. Fixes NetBSD build.
   2017-06-05 16:25:36 by Ryo ONODERA | Files touched by this commit (2298)
Log message:
Recursive revbump from lang/perl5 5.26.0
   2017-05-20 03:39:12 by Amitai Schleier | Files touched by this commit (3) | Package updated
Log message:
Update to 0.99 (new upstream). From the changelog:

Included ucspi-ssl-0.70_ucspitls-0.6.patch (STARTTLS support)
originally designed and provided by Scott Gifford (FEH).

Added Certchain support for sslserver and sslclient (FEH).

Integration and added man-pages (FEH).

Synced with ucspi-tcp6-0.95.

Fixed integration bug in ssl_very.c.
Included patches from Peter Conrad.

Bug fix in sslserver. Several small

Fix for large X509 serial numbers on x86 (tx. Peter Conrad).
SAN DNSname has precedence over CN in subject.
Re-edited man pages and rts tests.

Added IPv6 support (tx. to Felix von Leitner and Brandon Turner).
UI: Changed sslserver client cert call from '-i/-I' to '-z/-Z'
for compatibility reasons.
Added '-4/-6' support for client scripts.

Added output environment variables TCP6* for sslserver.
sslperl, sslhandle, and sslprint are not IPv6 ready yet.

Added IPv6 capabilities to sslhandle, sslprint, sslperl.
Changed verification of X.509 certs.
Removed obsolete socket_4 calls in sslserver.

Streamlined code with ucspi-tcp6-1.00.
Supplied new certs with customized SAN.
Make rts working (at least some how).

Added support for personalized client certs.
New option '-m' in sslserver, complementing '-z'.
CCAFILE='-' disables client cert request.

Added verbose log output for SSL connection informations.

Fixed wrongly nested CONNECT error code for sslclient.c
producing wrong warning messages while connecting to
an IPv4 address.
Added call of '-ldl' in ssl.lib.

Mitigation of SSL connection hanging during
coincident change of daylight-saving settings.

Fixed bug in sslserver's dnsip lookup in case of paranoid settings
and additonal existance of IPv6 AAAA records for incoming IPv4 connection.

Serveral fixes from 'troy@' included to cope with compiler errors and
to solve a bug in function getbitasaddress in ip4_bit.c (= ucspi-tcp6-1.02).
Reordered conf-* variables in main dir to allow easier generation of
packages (i.e. RPM). Fixed script to identify different HW architecture
and OS. This version works in 32 bit mode on Raspian Linux / RasPi 7.

Added ECDH capabilites (tx to Frank Bergmann for the patches).

Added compatibility with LibreSSL.
Fixed missing negative return call treatment from 'poll' (tx Frank Bergmann).
Tentative 'emake' fix for Gentoo build.

Added OpenSSL 1.1 tweaks -- works under Debian (9) 'Stretch'.
   2016-12-15 13:18:45 by Amitai Schleier | Files touched by this commit (1)
Log message:
Add SHA512 digest for patch.
   2016-06-08 21:25:20 by Thomas Klausner | Files touched by this commit (2236) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.