- Jan 07, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Don't define stacks in C source files: it causes warnings about unused functions in some compilers. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Applications wishing to include their own stacks now just need to include DEFINE_STACK_OF(foo) in a header file. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Change DECLARE_STACK_OF into inline functions. This avoids the need for auto generated mkstack.pl macros and now handles const properly. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 06, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Reported-by: Claus Assmann Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Viktor Dukhovni authored
Also tweak some of the code in demos/bio, to enable interactive testing of BIO_s_accept's use of SSL_dup. Changed the sconnect client to authenticate the server, which now exercises the new SSL_set1_host() function. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 03, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 02, 2016
-
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
If there's a failure allocating md_data, the destination pctx will have a shared pointer with the source EVP_MD_CTX, which will lead to problems when either the source or the destination is freed. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
The protocol selection code is now consolidated in a few consecutive short functions in a single file and is table driven. Protocol-specific constraints that influence negotiation are moved into the flags field of the method structure. The same protocol version constraints are now applied in all code paths. It is now much easier to add new protocol versions without reworking the protocol selection logic. In the presence of "holes" in the list of enabled client protocols we no longer select client protocols below the hole based on a subset of the constraints and then fail shortly after when it is found that these don't meet the remaining constraints (suiteb, FIPS, security level, ...). Ideally, with the new min/max controls users will be less likely to create "holes" in the first place. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Jan 01, 2016
-
-
Ben Laurie authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Dec 31, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Dec 30, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
It served a purpose, but not any more. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
SIZE_MAX is a great macro, and does unfortunately not exist everywhere. Since we check against half of it, using bitwise shift to calculate the value of half SIZE_MAX should be safe enough. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
If DSA parameters are absent return -1 (for unknown) in DSA_security_bits. If parameters are absent when a certificate is set in an SSL/SSL_CTX structure this will reject the certificate by default. This will cause DSA certificates which omit parameters to be rejected but that is never (?) done in practice. Thanks to Brian 'geeknik' Carpenter for reporting this issue. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Dec 29, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reuse is deprecated and ReuseAddr is prefered, according to documentation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Ben Laurie authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Dec 28, 2015
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Dec 27, 2015
-
-
Matt Caswell authored
Previous versions of OpenSSL had the max size limit for a CertificateRequest message as |s->max_cert_list|. Previously master had it to be SSL3_RT_MAX_PLAIN_LENGTH. However these messages can get quite long if a server is configured with a long list of acceptable CA names. Therefore the size limit has been increased to be consistent with previous versions. RT#4198 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Move all calls of the OCSP callback into one place, rather than repeating it in two different places. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Describe the usage of the OCSP callback functions on both the client and the server side. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-