- Jan 19, 2016
-
-
Alessandro Ghedini authored
RT#4080 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Prayag Verma authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Modify libssl to use EVP_PKEY TLS PRF. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Add EVP_PKEY algorithm for TLS1 PRF. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dmitry Belyavsky authored
Fix a typo in the definition of the GOST2012-NULL-GOST12 ciphersuite. RT#4213 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jan 18, 2016
-
-
Viktor Dukhovni authored
It seems risky in the context of cross-signed certificates when the same certificate might have multiple potential issuers. Also rarely used, since chains in OpenSSL typically only employ self-signed trust-anchors, whose self-signatures are not checked, while untrusted certificates are generally ephemeral. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kristian Amlie authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Cygwin was used for x86 before, so let's keep it around for those who still use it (it make Configure reconf possible). Cygwin-i[3456]86 for those that might generate and pass a target name directly to Configure. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This is to reflect that it's not limited to just i686. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Corinna Vinschen authored
This patch allows to recognize the architectures supported by Cygwin and to choose the right configuration from there. Drop -march to use default architecture on 32 bit x86. Drop pre-Cygwin-1.3 recognition since it's long gone and there's no valid configuration for this anymore. Signed-off-by: Corinna Vinschen <vinschen@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Corinna Vinschen authored
Building for the Cygwin distro requires to be able to build debuginfo files. This in turn requires to build object files without stripping. The stripping is performed by the next step after building which creates the debuginfo files. Signed-off-by: Corinna Vinschen <vinschen@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Corinna Vinschen authored
Signed-off-by: Corinna Vinschen <vinschen@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 17, 2016
-
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Author: Remi Gacogne <rgacogne-github@coredump.fr> GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of a OCSP_SINGLERESP. It is possible to do it the other way around using OCSP_resp_find(), but this is more efficient when you have a tree indexed by OCSP_CERTID, like haproxy does. (This is also RT4251) Author: Marek Klein <kleinmrk@gmail.com> GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a OCSP_BASICRESP GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
Missed the camellia EVP update. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Jan 16, 2016
-
-
Richard Levitte authored
Make sure they detect that. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
This avoids explicit double spaces between sentences. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Also s/s/ssl/ as appropriate in the code example. Suggested by Claus Assmann. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Also report an SSL_dane_enable error when the basedomain is an invalid SNI name. Avoid side-effects when such a name is valid with X509_VERIFY_PARAM_set1_host(), as e.g. with an empty name, by setting the SNI name first. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
While empty inputs to SSL_set1_host() clear the reference identifier list. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Via Rainer Jung Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jan 15, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Zi Lin authored
- bugfix: should not treat '--' as invalid domain substring. - '-' should not be the first letter of a domain Signed-off-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
The windows installation instructions were very out of date. Substantial update to the text. Remove a lot of historical stuff that isn't relevant any more, and merge the win64 and win32 instructions into one file. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Also remove the INSTALL.W64 file. Next commit will update INSTALL.WIN to cover both. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 14, 2016
-
-
Richard Levitte authored
The previous 'Relax the requirements for a debug build' commit had an extra line of code that shouldn't have been there. This fixes it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
It seems that the r modifier for s/// is fairly new. It's reported not to exist in perl 5.10.1, so it's better to avoid it when possible. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-