- Jul 16, 2016
-
-
Andy Polyakov authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
[Also optimize aligaddr usage in single-block subroutines.] Reviewed-by: -
Kurt Roeckx authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by:
-
Miroslav Franc authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- Jul 15, 2016
-
-
Richard Levitte authored
Reviewed-by:Stephen Henson <steve@openssl.org>
-
Richard Levitte authored
RT#4611 Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- Jul 13, 2016
-
-
Dr. Stephen Henson authored
RT#4605 Reviewed-by:
-
- Jul 12, 2016
-
-
Viktor Dukhovni authored
In light of potential UKS (unknown key share) attacks on some applications, primarily browsers, despite RFC761, name checks are by default applied with DANE-EE(3) TLSA records. Applications for which UKS is not a problem can optionally disable DANE-EE(3) name checks via the new SSL_CTX_dane_set_flags() and friends. Reviewed-by:
-
- Jul 11, 2016
-
-
Dr. Stephen Henson authored
New hostname checking function asn1_valid_host() Check commonName entries against nameConstraints: any CN components in EE certificate which look like hostnames are checked against nameConstraints. Note that RFC5280 et al only require checking subject alt name against DNS name constraints. Reviewed-by:
-
- Jul 10, 2016
-
-
Richard Levitte authored
We previously had a number of logical names for the different parts. There's really no need for that, the default directories are in one directory tree. So we only define OSSL$DATAROOT: and make everything related to that one. Reviewed-by:
-
- Jul 08, 2016
-
-
Rich Salz authored
Commit aea145e3 removed some error codes that are generated algorithmically: mapping alerts to error texts. Found by Andreas Karlsson. This restores them, and adds two missing ones. Reviewed-by:
Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
If application uses any of Windows-specific interfaces, make it application developer's respondibility to include <windows.h>. Rationale is that <windows.h> is quite "toxic" and is sensitive to inclusion order (most notably in relation to <winsock2.h>). It's only natural to give complete control to the application developer. Reviewed-by:
-
- Jul 06, 2016
-
-
Dr. Stephen Henson authored
Reviewed-by:Tim Hudson <tjh@openssl.org>
-
- Jul 05, 2016
-
-
Richard Levitte authored
The calls we made to it were redundant, as the same initialization is done later in OPENSSL_init_crypto() anyway. Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Separate invalid input case from any internal (malloc) failure Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
- Jul 02, 2016
-
-
Richard Levitte authored
- The install top is versioned by default. However, only the major version should be used. - the default areas for certs, private keys an config files have changed, now all prefixed with 'OSSL$'. This gets reflected in cryptlib.h. - [.VMS]openssl_startup.com.in had some faults regarding creating rooted concealed logical names. Reviewed-by:
-
- Jul 01, 2016
-
-
Rich Salz authored
The recent merge of https://github.com/openssl/openssl/pull/1264 removed some trailing whitespace from the generated file obj_dat.h. Unfortunately obj_dat.pl kept re-adding it. Clean up the script and the output it generates. Add 'use strict / use warnings' Reviewed-by:
-
Richard Levitte authored
Now that INCLUDE considers both the source and build trees, no need for the rel2abs perl fragment hacks any more. Reviewed-by: -
mrpre authored
Reviewed-by:
-
mrpre authored
Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Even though it's hard to imagine, it turned out that upper half of arguments passed to V8+ subroutine can be non-zero. ["n" pseudo-instructions, such as srln being srl in 32-bit case and srlx in 64-bit one, were implemented in binutils 2.10. It's assumed that Solaris assembler implemented it around same time, i.e. 2000.] Reviewed-by:
-
- Jun 30, 2016
-
-
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
Matt Caswell authored
Ensure things really do get cleared when we intend them to. Addresses an OCAP Audit issue. Reviewed-by:Andy Polyakov <appro@openssl.org>
-
- Jun 29, 2016
-
-
Richard Levitte authored
When the proxy cert code was initially added, some application authors wanted to get them verified without having to change their code, so a check of the env var OPENSSL_ALLOW_PROXY_CERTS was added. Since then, the use of this variable has become irrelevant, as it's likely that code has been changed since, so it's time it gets removed. Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
Ben Laurie authored
"configured on the local system". Whatever that means. Example that is biting me is loopback has ::1 as an address, but the network interface is v4 only. Reviewed-by:
-
- Jun 28, 2016
-
-
Emilia Kasper authored
Reviewed-by:
-
