- 10 May, 2016 8 commits
-
-
Dr. Stephen Henson authored
RT#4538 Reviewed-by:Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Don't primarly recommend using OPENSSL_thread_stop(), as that's a last resort. Instead, recommend leaving it to automatic mechanisms. Reviewed-by: -
Richard Levitte authored
The ERR_remove_thread_state() API is restored to take a pointer argument, but does nothing more. ERR_remove_state() is also made into a no-op. Both functions are deprecated and users are recommended to use OPENSSL_thread_stop() instead. Documentation is changed to reflect this. Reviewed-by: -
Richard Levitte authored
Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
They were using the wrong variables. Reviewed-by: -
Andy Polyakov authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- 09 May, 2016 13 commits
-
-
Richard Levitte authored
Originally submitted by Kurt Cancemi <kurt@x64architecture.com> Closes RT#4533 Reviewed-by: -
David Benjamin authored
Per RFC 5246, Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 RT#4390 Reviewed-by:Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
BIO_eof() was always returning true when using a BIO pair. It should only be true if the peer BIO is empty and has been shutdown. RT#1215 Reviewed-by: -
Hansruedi Patzen authored
Issue was introduced in https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 This patch fixes an issue which causes the 'openssl ca' commands to fail if '-config' is not specified even if it says so otherwise. Problem is that the default config is not loaded and the conf variable is NULL which causes an exception. Reviewed-by:
-
Richard Levitte authored
With Unixly Makefiles as well as with nmake, make variables are transferred to the shell running the commands as envinronment variables. This principle doesn't apply with MMS, so we must explicitely define VERBOSE as commands when it's needed. Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
PR#4462 Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Andrea Grandi authored
The tests was incorrectly repeated multiple times when using the async_jobs options Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Matt Caswell authored
When setting a new SRTP connection profile using SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should free any existing profile first to avoid a memory leak. Reviewed-by: -
Andy Polyakov authored
If environment variables are not explanded early enough, expanded strings are passed with single backslash to C compiler, e.g. C:\Program Files, which effectively results in OpenSSL looking for engines and certificates in C:Program Files. Reviewed-by: -
FdaSilvaYY authored
No code change Reviewed-by:
-
J Mohan Rao Arisankala authored
Reviewed-by:
-
J Mohan Rao Arisankala authored
- Missing checks for allocation failure. - releasing memory in few missing error paths Reviewed-by:
-
- 07 May, 2016 2 commits
-
-
Ben Laurie authored
Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Ben Laurie authored
Reviewed-by:
-
- 06 May, 2016 10 commits
-
-
Dr. Stephen Henson authored
PR#4449 Reviewed-by: -
Jeffrey Walton authored
PR#4478 Reviewed-by:
-
Dr. Stephen Henson authored
PR#4466 Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
isnotnick authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
We don't need it, but external users might find it handy. Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
- 05 May, 2016 7 commits
-
-
Dr. Stephen Henson authored
The default ASN.1 handling can be used for SEED. This also makes CMS work with SEED. PR#4504 Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Rich Salz authored
Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Try to set the ASN.1 parameters for CMS encryption even if the IV length is zero as the underlying cipher should still set the type. This will correctly result in errors if an attempt is made to use an unsupported cipher type. Reviewed-by: -
Sergio Garcia Murillo authored
Reviewed-by:
-
Matt Caswell authored
If the application has limited the size of the async pool using ASYNC_init_thread() then we could run out of jobs while trying to start a libssl io operation. However libssl was failing to handle this and treating it like a fatal error. It should not be fatal...we just need to retry when there are jobs available again. Reviewed-by: -
Emilia Kasper authored
This demystifies two for-loops that do nothing. They were used to write the ladder in a unified way. Now that the ladder is otherwise commented, remove the dead loops. Reviewed-by:
-
