- May 10, 2016
-
-
Dr. Stephen Henson authored
RT#4538 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Don't primarly recommend using OPENSSL_thread_stop(), as that's a last resort. Instead, recommend leaving it to automatic mechanisms. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
The ERR_remove_thread_state() API is restored to take a pointer argument, but does nothing more. ERR_remove_state() is also made into a no-op. Both functions are deprecated and users are recommended to use OPENSSL_thread_stop() instead. Documentation is changed to reflect this. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
They were using the wrong variables. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 09, 2016
-
-
Richard Levitte authored
Originally submitted by Kurt Cancemi <kurt@x64architecture.com> Closes RT#4533 Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Benjamin authored
Per RFC 5246, Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 RT#4390 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
BIO_eof() was always returning true when using a BIO pair. It should only be true if the peer BIO is empty and has been shutdown. RT#1215 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Hansruedi Patzen authored
Issue was introduced in https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 This patch fixes an issue which causes the 'openssl ca' commands to fail if '-config' is not specified even if it says so otherwise. Problem is that the default config is not loaded and the conf variable is NULL which causes an exception. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
With Unixly Makefiles as well as with nmake, make variables are transferred to the shell running the commands as envinronment variables. This principle doesn't apply with MMS, so we must explicitely define VERBOSE as commands when it's needed. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
PR#4462 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andrea Grandi authored
The tests was incorrectly repeated multiple times when using the async_jobs options Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
When setting a new SRTP connection profile using SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should free any existing profile first to avoid a memory leak. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Andy Polyakov authored
If environment variables are not explanded early enough, expanded strings are passed with single backslash to C compiler, e.g. C:\Program Files, which effectively results in OpenSSL looking for engines and certificates in C:Program Files. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
FdaSilvaYY authored
No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
J Mohan Rao Arisankala authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
J Mohan Rao Arisankala authored
- Missing checks for allocation failure. - releasing memory in few missing error paths Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- May 07, 2016
-
-
Ben Laurie authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Ben Laurie authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- May 06, 2016
-
-
Dr. Stephen Henson authored
PR#4449 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Jeffrey Walton authored
PR#4478 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
PR#4466 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
isnotnick authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
We don't need it, but external users might find it handy. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- May 05, 2016
-
-
Dr. Stephen Henson authored
The default ASN.1 handling can be used for SEED. This also makes CMS work with SEED. PR#4504 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Try to set the ASN.1 parameters for CMS encryption even if the IV length is zero as the underlying cipher should still set the type. This will correctly result in errors if an attempt is made to use an unsupported cipher type. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Sergio Garcia Murillo authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
If the application has limited the size of the async pool using ASYNC_init_thread() then we could run out of jobs while trying to start a libssl io operation. However libssl was failing to handle this and treating it like a fatal error. It should not be fatal...we just need to retry when there are jobs available again. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
This demystifies two for-loops that do nothing. They were used to write the ladder in a unified way. Now that the ladder is otherwise commented, remove the dead loops. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-