- Mar 27, 2016
-
-
David Benjamin authored
Session resumption involves a version check, so version negotiation must happen first. Currently, the DTLS implementation cannot do session resumption in DTLS 1.0 because the ssl_version check always checks against 1.2. Switching the order also removes the need to fixup ssl_version in DTLS version negotiation. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> RT: #4392, MR: #2452
-
Kurt Roeckx authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #2452
-
Fedor Indutny authored
We now send the highest supported version by the client, even if the session uses an older version. This fixes 2 problems: - When you try to reuse a session but the other side doesn't reuse it and uses a different protocol version the connection will fail. - When you're trying to reuse a session with an old version you might be stuck trying to reuse the old version while both sides support a newer version Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> GH: #852, MR: #2452
-
Richard Levitte authored
According to documentation, perl's Math::BigInt does floored division, i.e. the bdiv function does 1 / -4 = -1. OpenSSL's BN_div, as well as bc, do truncated division, i.e. 1 / -4 = 0. We need to compensate for that difference in test/recipes/bc.pl to make sure to verify the bntest results under its own conditions, by dividing the absolute values of the given numbers and fixup the result's negativity afterwards. Closes RT#4485 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Mar 25, 2016
-
-
Jeffrey Walton authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
These logical names are used to make the C RTL change certain behaviors, sometimes to make it act more like Unix. While they can make life easier in some cases, they can be disruptive as well. When building and testing OpenSSL, the latter is the case, so we ask people to avoid using them. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Mar 24, 2016
-
-
Rich Salz authored
This allows developer to glue DLL built with VC into their application compiled with Borland C. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
And thanks to Miod Vallat for the nudge about ERR_PACK :) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 23, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
On Windows and Unix, the staging directory $(DESTDIR) can simply be prepended to the installation directory. An attempt was made to do something similar on VMS, but that ended up being a half measure solution. Instead of that, simply use the staging directory as a prefix under which [.OPENSSL-INSTALL] and [.OPENSSL-COMMON] will hold the two directory trees that should end up in the directories indicated by --prefix and --openssldir, and finish the installation with appropriate instructions on what to do next. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
- on VMS, SYS$COMMON:[SSL] is already used as installation directory by HP SSL, so we make our default for --openssldir SYS$COMMON:[OPENSSL-COMMON] instead. - Updated notes on default installation dirs fir Unix and Windows Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
In this OpenSSL version, we deliver engines with lower case symbol names. The DSO symbol finder must be updated to allow for mixed case symbols or it won't fine them. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Sometimes, you might end up with a rather long compile line due to excessively long /INCLUDE directories. Compensate for it by making a temporary logical name with them and using said logical name as /INCLUDE argument. A note was added to NOTES.VMS regarding these limitations. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Removed the following: DSO_bind_var, DSO_bind_var, DSO_get_default_method, DSO_get_loaded_filename, DSO_get_loaded_filename, DSO_get_method, DSO_new_method, DSO_pathbyaddr, DSO_set_default_method, DSO_set_method, DSO_set_name_converter, DSO_set_name_converter Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
- VMS configs had no dso_scheme - Incorrect return of NULL method. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rob Percival authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Alex Gaynor authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Mar 22, 2016
-
-
Kurt Roeckx authored
algo_strength contains 2 parts that need to be checked by their own. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> MR: #2082
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Instead of have every DSO_METHOD_xxx in all platforms, ensure that only one DSO_METHOD_openssl is available on all platforms. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
This was really easy. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Ben Laurie authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Ben Laurie authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Ben Laurie authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Ben Laurie authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Mar 21, 2016
-
-
David Benjamin authored
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the built-in method tables to live in .rodata. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
On VMS, we downcase option names, which means that config names are downcased as well, so they need to be downcased in the target table to be found. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rob Percival authored
Allows CONF files for certificate requests to specify that a pre- certificate should be created (see RFC6962). Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Steven Linsell authored
ASYNC_WAIT_CTX_free Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Misc fixes for no-sock Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Configure had the wrong name for the no-gost option. Reviewed-by: Richard Levitte <levitte@openssl.org>
-