radsecproxy.git, branch openssl11

Require libnettle unconditionally.

2016-09-13T15:59:13+00:00

Use libnettle instead of libcrypto (from openssl) for MD5 and HMAC(MD5).

2016-09-13T10:02:50+00:00

The HMAC_ and EVP_MD_ API:s changed in OpenSSL 1.1 in a way that made
it unfeasable to support both older and newer OpenSSL.

Radsecproxy already depends on libnettle for Fticks.
Moving away from libcrypto makes it easier to add support for other
TLS libraries than OpenSSL.

EVP_MD_CTX and HMAC_CTX are now pointers.

2016-09-01T14:09:09+00:00

NOTE: pwdcrypt(), msmppencrypt(), msmppdecrypt(), _checkmsgauth(),
_validauth() _createmessageauth() and _radsign() all become slightly
more expensive since we're now allocating and freeing an EVP_MD_CTX or
HMAC_CTX on each invocation.

Remove openssl thread lock handling.

2016-08-31T14:21:34+00:00

openssl-1.1 uses a new threading API which makes manual locking wrt
openssl not necessary.

ASN1_STRING_data() -> ASN1_STRING_get0_data().

2016-08-31T13:58:57+00:00

ASN1_STRING_data was deprecated in openssl-1.1, see
https://www.openssl.org/docs/manmaster/crypto/ASN1_STRING_data.html

Don't call ERR_remove_thread_state().

2016-08-31T13:49:11+00:00

Not needed as of openssl-1.1, see
https://www.openssl.org/docs/man1.1.0/crypto/ERR_remove_thread_state.html

Use ERR_remove_thread_state() instead of ERR_remove_state().

2016-08-31T13:45:49+00:00

Stop accessing ssl->rbio directly.

2016-08-31T13:45:49+00:00

Fix spelling.

2016-03-23T09:55:42+00:00

Pointed out by Faidon Liambotis.

Add changes from 1.6.7.

2016-03-14T11:45:06+00:00