Remove spkac subcommand

Google killed efforts to have SPKAC in html5 by zapping it from chrome
a decade ago. This effort doesn't look like it's going anywhere:

https://datatracker.ietf.org/doc/draf

Remove spkac subcommand

Google killed efforts to have SPKAC in html5 by zapping it from chrome
a decade ago. This effort doesn't look like it's going anywhere:

https://datatracker.ietf.org/doc/draft-leggett-spkac/

Unfortunately, PHP and Ruby still support NETSCAPE_SPKI, so we can't
kill that code, but I see no real reason we need to support this in our
openssl command. If the need should arise we can write a somewhat less
poor version of this.

ok jsing

show more ...

openssl: enable -Wshadow for clang

ok job jsing

Remove the nseq command

Hook openssl(1) cms back up.

Switch to -Werror with clang for libressl.

Discussed with beck@ and jsing@
ok beck@

remove redundant variable declarations in Makefiles, since those are
the default.

okay millert@

Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoid
failed builds with different compilers.

ok jsing@

bye bye cms. send it to the attic
ok jsing@

Remove engine command and parameters from openssl(1).

We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.

ok jsing@

Introduce an openssl(1) certhash command.

This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of kno

Introduce an openssl(1) certhash command.

This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.

certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.

Further testing and improvements will happen in tree.

Discussed with tedu@

show more ...

Move Windows OS-specific functions to make porting easier.

Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patc

Move Windows OS-specific functions to make porting easier.

Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.

Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on
Windows. Sorry, these are no-op on other platforms.

ok jsing@ deraadt@

show more ...

Disable -Wshadow again, since it breaks builds on vax with gcc3.

Enable -Wshadow in openssl(1) and fix a few shadow warnings.

ok jsing@

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more a

Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.

ok deraadt@ miod@

show more ...