- Jul 14, 2016
-
-
Richard Levitte authored
This is only done for the platforms where 'OPENSSL_USE_APPLINK' is defined. Also, change the docs of OPENSSL_Applink to say where to find applink.c in the installation directory. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The easiest way to take care of manifest files is to integrate them into the associated binary (.exe or .dll). MT (the Manifest Tool) is the utility to use for this. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 13, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
RT#4605 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 12, 2016
-
-
David Benjamin authored
The set0 setters take ownership of their arguments, so the values should be set to NULL to avoid a double-free in the cleanup block should ssl_security(SSL_SECOP_TMP_DH) fail. Found by BoringSSL's WeakDH test. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1299)
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
In light of potential UKS (unknown key share) attacks on some applications, primarily browsers, despite RFC761, name checks are by default applied with DANE-EE(3) TLSA records. Applications for which UKS is not a problem can optionally disable DANE-EE(3) name checks via the new SSL_CTX_dane_set_flags() and friends. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 11, 2016
-
-
Dr. Stephen Henson authored
subject alternate names. Add nameConstraints tests incluing DNS, IP and email tests both in subject alt name extension and subject name. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
New hostname checking function asn1_valid_host() Check commonName entries against nameConstraints: any CN components in EE certificate which look like hostnames are checked against nameConstraints. Note that RFC5280 et al only require checking subject alt name against DNS name constraints. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
With no-deprecated, some nested includes don't happen by default. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 10, 2016
-
-
Richard Levitte authored
With OpenSSL 1.1 and on, the engines are tightly tied to the shared library they're to be used with. That makes them depend on the pointer size as well as the shared library version, and this gets reflected in the name of the directory they're installed in. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
We're installing architecture dependent (compiled) programs in architecture specific directories, while architecture independent programs (scripts) get installed in the general programs directory. OSSL$EXE: reflects that by having two values. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Since there's been quite some changes, documentation needs updating Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This mostly affects 'openssl version -a', which might as well display what we're actually looking at. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
We previously had a number of logical names for the different parts. There's really no need for that, the default directories are in one directory tree. So we only define OSSL$DATAROOT: and make everything related to that one. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 08, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Replace nptest with sanity test. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Commit aea145e3 removed some error codes that are generated algorithmically: mapping alerts to error texts. Found by Andreas Karlsson. This restores them, and adds two missing ones. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Function-like macros are replaced with prototypes and a note that they are implemented as macros. Constants are just referenced in-line in the text. Tweak BIO_TYPE_... documentation. Also fix RT4592. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
We shouldn't allow both "-tls1" and "-tls1_2", or "-tls1" and "-no_tls1_2". The only time multiple flags are allowed is where they are all "-no_<prot>". This fixes Github Issue #1268 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Some Unix variants require shared libraries to have the execute permissions set, or they won't be loadable or executable when loaded. Among others, cygwin has this requirement. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
It's possible to have a very few rules for some directories and trust that other patterns further along will take care of whatever is left. .gitignore should therefore be loosely organised from least generic to most generic, allowing things like this: # Keep any file with extensions, such as foo.c, bar.h, ... !/dir/*.* # .... # Remove all object files *.o *.obj With this change, we implement some very generic rules for what will and will not be ignored in the fuzz subdirectory, and truse that patterns later on (such as *.o, *.obj, *.exe) will take care of everything we didn't specifically specify for the fuzz subdirectory. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
If application uses any of Windows-specific interfaces, make it application developer's respondibility to include <windows.h>. Rationale is that <windows.h> is quite "toxic" and is sensitive to inclusion order (most notably in relation to <winsock2.h>). It's only natural to give complete control to the application developer. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Extended alg_print() in pkcs12 utility to support PBES2 algorithms. RT#4588 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 07, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
$openssldir and $enginesdir were mistakenly made unavailable to other perl fragments. They are still needed in the definition of CFLAGS. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This logical names permits '#include <openssl/foo.h>' to work properly. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
OpenSSL engines are tied to the OpenSSL shared library versions, starting with OpenSSL 1.1. We therefore need to install them in directories which have the shared library version in it's name, to easily allow multiple OpenSSL versions to be installed at the same time. For VMS, the change is a bit more involved, primarly because the top installation directory was already versioned, *as well as* some of the files inside. That's a bit too much. Version numbering in files is also a bit different on VMS. The engines for shared library version 1.1 will therefore end up in OSSL$INSTROOT:[ENGINES0101.'arch'] ('arch' is the architecture we build for) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
OpenSSL engines are tied to the OpenSSL shared library versions, starting with OpenSSL 1.1. We therefore need to install them in directories which have the shared library version in it's name, to easily allow multiple OpenSSL versions to be installed at the same time. For Unix, the default installation directory is changed from $PREFIX/lib/engines to $PREFIX/lib/engines-${major}_${minor} (mingw) or $PREFIX/lib/engines-${major}.${minor} (all but mingw) ($PREFIX is the directory given for the configuration option --prefix, and ${major} and ${minor} are the major and minor shared library version numbers) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
OpenSSL engines are tied to the OpenSSL shared library versions, starting with OpenSSL 1.1. We therefore need to install them in directories which have the shared library version in it's name, to easily allow multiple OpenSSL versions to be installed at the same time. For windows, the default installation directory is changed from $PREFIX/lib/engines to $PREFIX/lib/engines-${major}_${minor} ($PREFIX is the directory given for the configuration option --prefix, and ${major} and ${minor} are the major and minor shared library version numbers) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 06, 2016
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
When creating the library $lib.olb, make sure the extension is there. Otherwise, a logical name with the same name as the file in question will redirect the creation elsewhere. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jul 05, 2016
-
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
The calls we made to it were redundant, as the same initialization is done later in OPENSSL_init_crypto() anyway. Reviewed-by: Rich Salz <rsalz@openssl.org>
-