eighthave
diff --git a/‎README.android‎
Lines changed: 35 additions & 7 deletions b/‎README.android‎
Lines changed: 35 additions & 7 deletions
diff --git a/‎android-config.mk‎
Lines changed: 8 additions & 7 deletions b/‎android-config.mk‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎android.testssl/CAss.cnf‎
Lines changed: 76 additions & 0 deletions b/‎android.testssl/CAss.cnf‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎android.testssl/Uss.cnf‎
Lines changed: 36 additions & 0 deletions b/‎android.testssl/Uss.cnf‎
Lines changed: 36 additions & 0 deletions
@@ -10,22 +10,48 @@ Porting New Versions of OpenSSL.
 The following steps are recommended for porting new OpenSSL versions.
 
 1) Retrieve the appropriate version of the OpenSSL source from
-   www.openssl.org/source (in tar.gz format)
+   www.openssl.org/source (in openssl-*.tar.gz file). Check the PGP
+   signature (found in matching openssl-*.tar.gz.asc file) with:
 
-2) Update the variables in openssl.config as appropriate
+     gpg openssl-*.tar.gz
 
-3) Run ./import_openssl.sh openssl-*.tar.gz
+   If the public key is not found, import the the one with the
+   matching RSA key ID from http://www.openssl.org/about/, using:
+
+     gpg --import # paste PGP public key block on stdin
+
+2) Update the variables in openssl.config and openssl.version as appropriate.
+   At the very least you will need to update the openssl.version.
+
+3) Run:
+
+     ./import_openssl.sh import openssl-*.tar.gz
 
 4) If there are any errors, then modify openssl.config, openssl.version
-   and patches in patches/ as appropriate.  Repeat step 3.
+   and patches in patches/ as appropriate.  You might want to use:
+
+     ./import_openssl.sh regenerate patches/*.patch
+
+   Repeat step 3.
 
-5) From the root of the android source tree, build openssl.  For
-   example, on the dream platform, run make
-   out/target/product/dream/obj/EXECUTABLES/openssl_intermediates/LINKED/openssl
+5) Cleanup before building with:
+
+     m -j16 clean-openssl clean-libcrypto clean-libssl
+
+6) Build openssl from the external/openssl directory with:
+
+     mm -j16
 
    If there are build errors, then patches/*.mk, openssl.config, or
    android-config.mk may need updating.
 
+7) Run tests to make sure things are working:
+
+     (cd android.testssl/ && ./testssl.sh)
+
+8) Do a full build before checking in:
+
+     m clobber && m -j16
 
 Optionally, check whether build flags (located in android-config.mk
 need to be updated.  Doing this step will help ensure that the
@@ -39,3 +65,5 @@ d) ./Configure $CONFIGURE_ARGS
 e) examine Makefile and compare with ../android-config.mk
 f) modify ../openssl.config as appropriate and go to step 3) above.
 
+Alternatively, ."/import_openssl.sh import" now prints the
+post-Configure Makefile for review before deleting in on import.
@@ -7,10 +7,11 @@
 # in the openssl distribution directory
 #
 
-LOCAL_CFLAGS += -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H \
-	-DL_ENDIAN -DOPENSSL_NO_HW -DOPENSSL_NO_BF -DOPENSSL_NO_CAMELLIA \
-	-DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CAST -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP \
-	-DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 \
-	-DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT \
-	-DOPENSSL_NO_MD2 -DOPENSSL_NO_ENGINE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH \
-	-DOPENSSL_NO_ECDSA -DOPENSSL_NO_OCSP -DZLIB
+# From CLFAG=	
+LOCAL_CFLAGS += -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN #-DTERMIO
+
+# From DEPFLAG=
+LOCAL_CFLAGS += -DOPENSSL_NO_BF -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CAST -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED 
+
+# Extra
+LOCAL_CFLAGS += -DOPENSSL_NO_HW -DOPENSSL_NO_TLSEXT -DOPENSSL_NO_ENGINE -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_OCSP -DZLIB
@@ -0,0 +1,76 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= /mnt/sdcard/android.testssl/.rnd
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= sha1
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName		= Organization Name (eg, company)
+organizationName_value		= Dodgy Brothers
+
+commonName			= Common Name (eg, YOUR name)
+commonName_value		= Dodgy CA
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= v3_ca			# The extentions to add to the cert
+
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+policy		= policy_anything
+
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+
+
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true,pathlen:1
+keyUsage = cRLSign, keyCertSign
+issuerAltName=issuer:copy
@@ -0,0 +1,36 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= /mnt/sdcard/android.testssl/.rnd
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= keySS.pem
+distinguished_name	= req_distinguished_name
+encrypt_rsa_key		= no
+default_md		= md2
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_value		= AU
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Dodgy Brothers
+
+0.commonName			= Common Name (eg, YOUR name)
+0.commonName_value		= Brother 1
+
+1.commonName			= Common Name (eg, YOUR name)
+1.commonName_value		= Brother 2
+
+[ v3_ee ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+basicConstraints = CA:false
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+issuerAltName=issuer:copy
+