Skip to content
  1. Mar 21, 2018
    • Matthias Kraft's avatar
      Add dladdr() for AIX · 4af14b7b
      Matthias Kraft authored
      
      
      Although it deviates from the actual prototype of DSO_dsobyaddr(), this
      is now ISO C compliant and gcc -Wpedantic accepts the code.
      
      Added DATA segment checking to catch ptrgl virtual addresses. Avoid
      memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
      Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
      Removed unecessary AIX ifdefs again.
      
      The implementation can only lookup function symbols, no data symbols.
      Added PIC-flag to aix*-cc build targets.
      
      As AIX is missing a dladdr() implementation it is currently uncertain our
      exit()-handlers can still be called when the application exits. After
      dlclose() the whole library might have been unloaded already.
      
      Signed-off-by: default avatarMatthias Kraft <makr@gmx.eu>
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5668)
      4af14b7b
    • Benjamin Kaduk's avatar
      Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER · d316cdcf
      Benjamin Kaduk authored
      
      
      The sid_ctx is something of a "certificate request context" or a
      "session ID context" -- something from the application that gives
      extra indication of what sort of thing this session is/was for/from.
      Without a sid_ctx, we only know that there is a session that we
      issued, but it could have come from a number of things, especially
      with an external (shared) session cache.  Accordingly, when resuming,
      we will hard-error the handshake when presented with a session with
      zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no
      information about the peer to verify, so the verification must fail.
      
      In order to prevent these future handshake failures, proactively
      decline to add the problematic sessions to the session cache.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5175)
      d316cdcf
  2. Mar 20, 2018
  3. Mar 19, 2018