On Solaris, the memset_s() prototype is only visible if _STDC_C11_BCI
is defined.
93518bfab4 ("use memset_s")
introduced warnings on Solaris
warning: implicit declaration of function âmemset_sâ;
did you mean âmemsetâ? [-Wimplicit-function-declaration]
Change-Id: Ia02db5e96021a26fb30aa1a593ef6a2b3e3a5b5f
We no longer use it since removing ftp from appl/.
Note that expansion of ~username/ couldn't have been working because
k_getpwnam() was being called with an unsigned short * that was forcibly
cast to char *, but it really was shorts, not chars... Anyone who ever
feels like reviving lib/roken/glob.[ch] will want to fix that...
depending what's available when you compile for iOS it's possible to
be __APPLE__ and not have CF; actually test for it instead of blythely
assuming it can be used
cf/make-proto.pl copies Doxygen docs to -private and -protos headers.
We need to either extract these from those files but not source files,
or only from source files but not the generated headers. This commit
does the latter.
Newer versions of SQLite3 have a number of new features that are
desirable to users who host other DBs in the same file as the HDB (for
example), as well as performance and bug fixes.
We should consider switching the SQLite3 backend for HDB to WITHOUT
ROWID tables for performance reasons. We should also consider using
foreign keys instead of triggers. Making any such changes requires care
to permit both, upgrade and downgrade.
We might want to use the SQLite3 session extension for a SQLite3-
specific, low-level replication (iprop). Given conflict resultion code,
or a sufficiently normalized schema, the session extension would make it
easy to create a multi-master replication system, not unlike what one
would expect of an LDAP setup, though with none of the atomicity that
LDAP is supposed to provide (specifically, O_EXCL semantics for creates
and predicates for updates) unless we were to add a locking protocol.
Note that as of 3.14, the session extension is mutually exclusive of
WITHOUT ROWID tables.
For consistency make "-I" part of the macro value set by autoconf.
For now, don't attempt to handle OpenSSL rpath in cf/crypto.m4.
That's much easier by just setting LDFLAGS when running configure.
Otherwise too many Makefiles to edit and libtool and automake do
their best to undo the rpath.
This adds a new backend for libhcrypto: the OpenSSL backend.
Now libhcrypto has these backends:
- hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
- Common Crypto (OS X)
- PKCS#11 (specifically for Solaris, but not Solaris-specific)
- Windows CNG (Windows)
- OpenSSL (generic)
The ./configure --with-openssl=... option no longer disables the use of
hcrypto. Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto. The libhcrypto framework is now always used.
OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.
Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC. Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
