- Feb 08, 2016
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Previous commit 7bb196a7 attempted to "fix" a problem with the way SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had SSL_shutdown() return immediately having taken no action if called mid- handshake with a return value of 1 (meaning everything was shutdown successfully). In fact the shutdown has not been successful. Commit 7bb196a7 changed that to send a close_notify anyway and then return. This seems to be causing some problems for some applications so perhaps a better (much simpler) approach is revert to the previous behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown was not successful). This also fixes a bug where SSL_shutdown always returns 0 when shutdown *very* early in the handshake (i.e. we are still using SSLv23_method). Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Rich Salz authored
dgst: using digest instead of specific digest commands the digest list specified in man dgst may be inaccurate, hence using digest and referring to the list in digest-commands 'sha' as a digest name is no longer supported dgst,pkeyutl cmds help cleanup - In dgst, pkeyutl cmds, some options help was missing. - fixed a minor typo in openssl.pod, that fixes make install. - digest-commands was showing ‘sha’, which is not a supported digest anymore. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Feb 06, 2016
-
-
Kurt Roeckx authored
Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #1879
-
Viktor Dukhovni authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
A J Mohan Rao authored
opt_valtype 0 is same as '-' while printing cmd usage asn1parse/ca/ciphers help cleanup Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Some time ago, we had a ex_libs configuration setting that could be divided into lflags and ex_libs. These got divided in two settings, lflags and ex_libs, and the former was interpreted to be general linking flags. Unfortunately, that conclusion wasn't entirely accurate. Most of those linking were meant to end up in a very precise position on the linking command line, just before the spec of libraries the linking depends on. Back to the drawing board, we're diving things further, now having lflags, which are linking flags that aren't depending on command line position, plib_lflags, which are linking flags that should show up just before the spec of libraries to depend on, and finally ex_libs, which is the spec of extra libraries to depend on. Also, documentation is changed in Configurations/README. This was previously forgotten. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Billy Brumley authored
squelch sign-compare warning Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org> MR: #1874
-
Insu Yun authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Allow initial engine names as first parameters before flags. Also add engine param to help summary Wrote manpage Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Kurt Roeckx authored
It's not available on all OSs, e_os.h already does the right thing Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #1870
-
Viktor Dukhovni authored
Clang rightly does not like extern symbols that are not declared in any header file, as typically these are not intended for global visibility and are exposed in error. This was indeed the case with various file-scope objects in dtlsv1listentest.c. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Feb 05, 2016
-
-
Matt Caswell authored
Make it clear that if we are unable to get hold of the peer address then *peer is cleared and the family set to AF_UNSPEC. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Adds a set of tests for the newly rewritten DTLSv1_listen function. The test pokes various packets at the function and then checks the return value and the data written out to ensure it is what we would have expected. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
The recently rewriten DTLSv1_listen code does not support fragmented ClientHello messages because fragment reassembly requires server state which is against the whole point of DTLSv1_listen. This change adds some partial support for fragmented ClientHellos. It requires that the cookie must be within the initial fragment. That way any non-initial ClientHello fragments can be dropped and fragment reassembly is not required. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Adds a new function BIO_ADDR_clear to reset a BIO_ADDR back to an unitialised state, and to set the family to AF_UNSPEC. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
FdaSilvaYY authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Ellinger, Wesley M authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
The DTLSv1_listen function exposed details of the underlying BIO abstraction and did not properly allow for IPv6. This commit changes the "peer" argument to be a BIO_ADDR and makes it a first class function (rather than a ctrl) to ensure proper type checking. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Also remove two mistakenly checked-in files. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
A J Mohan Rao authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Viktor Dukhovni authored
Replace all magic numbers with #defined constants except in boolean functions that return 0 for failure and 1 for success. Avoid a couple memory leaks in error recovery code paths. Code style improvements. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
RT1556: doc/crypto/threads.pod RT2024: Missing pages mentioned in crypto.pod RT2890: Wrong size in ERR_string_error description. RT3461: Better description of PEM Encryption (Jeffrey Walton <noloader@gmail.com>) Also, fix up formatting and removed some code examples that encourage unsafe patterns, like unencrypted private keys (Rich Salz) RT4240: Document some speed flags (Tomas Mraz <tmraz@redhat.com>) RT4260: Fix return value doc for X509_REQ_sign and X509_sign (Laetitia Baudoin <lbaudoin@google.com>) Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Richard Levitte authored
Fortunately, we only use socklen_t internally Reviewed-by: Rich Salz <rsalz@openssl.org>
-