- Feb 21, 2017
-
-
Dmitry Belyavskiy authored
It makes possible to print the certificate's DN correctly in case of verification errors. Reviewed-by:
Andy Polyakov <appro@openssl.org> Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2656)
-
Rich Salz authored
Prevent undefined behavior in CRYPTO_cbc128_encrypt: calling this function with the 'len' parameter being 0 would result in a memcpy where the source and destination parameters are the same, which is undefined behavior. Do same for AES_ige_encrypt. Reviewed-by:
-
- Feb 20, 2017
-
-
Kurt Roeckx authored
This reverts commit 3aad8e18 . Reviewed-by:
-
- Feb 19, 2017
-
-
Andy Polyakov authored
Travis OS X utilization and backlog statistics suggest that it became bottleneck for our integration builds with requests piling up for days during working days of the week. Suggestion is to remove osx till capacity is lesser issue. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: -
Todd Short authored
Reviewed-by:
-
Richard Levitte authored
On VMS, file names with more than one period get all but the last get escaped with a ^, so 21-key-update.conf.in becomes 21-key-update^.conf.in That means that %conf_dependent_tests and %skip become useless unless we massage the file names that are used as indexes. Reviewed-by:
-
Richard Levitte authored
Since 20-cert-select.conf will vary depending in no-dh and no-dsa, don't check it against original when those options are selected Reviewed-by:
-
- Feb 17, 2017
-
-
Richard Levitte authored
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls' Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Matt Caswell authored
Fix an error code clash due to a merge Reviewed-by:
-
Richard Levitte authored
Don't run this test unless 'openssl rehash' works properly. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
We use an int instead. That means SSL_key_update() also should use an int. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
This also adds documentation for the pre-existing and related SSL_renegotiate*() functions. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Too many KeyUpdate message could be inicative of a problem (e.g. an infinite KeyUpdate loop if the peer always responds to a KeyUpdate message with an "update_requested" KeyUpdate response), or (conceivably) an attack. Either way we limit the number of KeyUpdate messages we are prepared to handle. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
This just receives the message. It doesn't actually update any keys yet. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
This implements the server side KeyUpdate sending capability as well. Reviewed-by:
-
David Benjamin authored
Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
- Feb 16, 2017
-
-
Richard Levitte authored
Fortunately, "openssl verify" makes good use of that API Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
