This should be fix the bug that apache enabled SSL may exhaust its
file descriptors. Noted by TAKANO Yuji <takachan@running-dog.net>
on apache@ecc.u-tokyo.ac.jp, apache mailing list in Japanese.
He had already sent a bug report to openssl-dev@openssl.org, but it
wasn't fixed in openssl-0.9.6. :-(
the value of IgnoreRhosts. with `IgnoreRhosts yes' and `IgnoreRootRhosts no'
you get similar behaviour to the `-l' flag on rshd(8). this is based on
similar modification i made which appeared in ssh 1.2.27 (?)
- document that IgnoreRhosts now doesn't apply to root.
- clarify that /etc/s?hosts.equiv doesn't apply to root (it didn't before
my modification either).
- crank the version to 20001003
don't use unsigned long where 32bit unsigned variable is asked for.
use u_int32_t. (not sure if uint32_t is better or not, but anyway,
u_int32_t <-> uint32_t should not raise binary compatibility issue)
PR10921.
TODO: have arch-dependent Makefiles where we supply -DFOO for optimization.
(do not change size of variable though)
XXX: we should actually nuke all other #ifdef in /usr/include/openssl/*.h,
however, that needs a lot of work and will make future openssl upgrade harder.
remove RC5 and IDEA by default. build them separately as
libcrypto_{rc5,idea}.a. put dummy function, which is "warning to stderr
and exit(1)". NOCRYPTO_{RC5,IDEA} are obsoleted.
PR10883.
the ref count is 0, and in close if the ref count is 0 and the
ID is dead (i.e. has been previously destroyed).
- Don't use temp files to generate unique MCC names; use ASCII
representations of pointers to the malloc'd IDs, which is
unique enough for our purposes.
- Dead IDs cause an ENOENT error, as would a dead FCC ID.
Per discussion w/ Johan Danielsson <joda@pdc.kth.se>.
API but not in Heimdal, and add commented out empty versions of
krb5_princ_set_realm_length(), krb5_princ_set_realm_data(),
krb5_princ_name(), and krb5_princ_component(), which also appear
in the MIT API, but which cannot be implemented in Heimdal until
a change is made to how some data is represented internally (as
these API functions expose that, as foolish as that is, but
that's how MIT did it, and some applications use it).
realm is correct, check to see if we can find a KDC for it. If
not, it can't possibly be the default realm, and we should return
the NO.DEFAULT.REALM error condition.
Per a discussion w/ Thor Simon <tls@netbsd.org>.