Loading apps/s_server.c +1 −1 Original line number Diff line number Diff line Loading @@ -740,7 +740,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) if (servername) { if (strcmp(servername,p->servername)) if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { Loading crypto/bn/bn_lib.c +9 −0 Original line number Diff line number Diff line Loading @@ -324,6 +324,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } #ifdef PURIFY /* Valgrind complains in BN_consttime_swap because we process the whole * array even if it's not initialised yet. This doesn't matter in that * function - what's important is constant time operation (we're not * actually going to use the data) */ memset(a, 0, sizeof(BN_ULONG)*words); #endif #if 1 B=b->d; /* Check if the previous number needs to be copied */ Loading crypto/cms/cms_pwri.c +2 −1 Original line number Diff line number Diff line Loading @@ -93,9 +93,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; env = cms_get0_enveloped(cms); if (!env) goto err; return NULL; if (wrap_nid <= 0) wrap_nid = NID_id_alg_PWRI_KEK; Loading crypto/ui/ui_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -916,9 +916,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) break; } } } default: break; } } return 0; } doc/apps/s_client.pod +12 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ B<openssl> B<s_client> [B<-rand file(s)>] [B<-serverinfo types>] [B<-status>] [B<-nextprotoneg protocols>] =head1 DESCRIPTION Loading Loading @@ -333,6 +334,17 @@ file. sends a certificate status request to the server (OCSP stapling). The server response (if any) is printed out. =item B<-nextprotoneg protocols> enable Next Protocol Negotiation TLS extension and provide a list of comma-separated protocol names that the client should advertise support for. The list should contain most wanted protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". Empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after reciving ServerHello with a list of server supported protocols. =back =head1 CONNECTED COMMANDS Loading Loading
apps/s_server.c +1 −1 Original line number Diff line number Diff line Loading @@ -740,7 +740,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) if (servername) { if (strcmp(servername,p->servername)) if (strcasecmp(servername,p->servername)) return p->extension_error; if (ctx2) { Loading
crypto/bn/bn_lib.c +9 −0 Original line number Diff line number Diff line Loading @@ -324,6 +324,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } #ifdef PURIFY /* Valgrind complains in BN_consttime_swap because we process the whole * array even if it's not initialised yet. This doesn't matter in that * function - what's important is constant time operation (we're not * actually going to use the data) */ memset(a, 0, sizeof(BN_ULONG)*words); #endif #if 1 B=b->d; /* Check if the previous number needs to be copied */ Loading
crypto/cms/cms_pwri.c +2 −1 Original line number Diff line number Diff line Loading @@ -93,9 +93,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; env = cms_get0_enveloped(cms); if (!env) goto err; return NULL; if (wrap_nid <= 0) wrap_nid = NID_id_alg_PWRI_KEK; Loading
crypto/ui/ui_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -916,9 +916,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) break; } } } default: break; } } return 0; }
doc/apps/s_client.pod +12 −0 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ B<openssl> B<s_client> [B<-rand file(s)>] [B<-serverinfo types>] [B<-status>] [B<-nextprotoneg protocols>] =head1 DESCRIPTION Loading Loading @@ -333,6 +334,17 @@ file. sends a certificate status request to the server (OCSP stapling). The server response (if any) is printed out. =item B<-nextprotoneg protocols> enable Next Protocol Negotiation TLS extension and provide a list of comma-separated protocol names that the client should advertise support for. The list should contain most wanted protocols first. Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". Empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after reciving ServerHello with a list of server supported protocols. =back =head1 CONNECTED COMMANDS Loading
