- Sep 10, 2014
-
-
Rich Salz authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Sep 09, 2014
-
-
Rich Salz authored
Say where to email bug reports. Mention general RT tracker info in a separate paragraph. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
This is funny; Ben commented in the source, Matt opend a ticket, and Rich is doing the submit. Need more code-review? :) Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Previous commit was reviewed by Geoff, not Stephen: Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
Rich Salz authored
For portability don't use "if ! expr" Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
Rich Salz authored
For portability don't use "if ! expr" Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Geoff Keating authored
When calling X509_set_version to set v1 certificate, that should mean that the version number field is omitted. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kurt Cancemi authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Sep 08, 2014
-
-
Paul Suhler authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Kurt Roeckx authored
This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
For consistency. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
Matthias Andree authored
In addition to Matthias's change, I also added -n to not remove links. And updated the manpage. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Bjoern Zeeb authored
The EXT_BITSTRING and EXT_IA5STRING are defined in x509v3.h, but the low-level functions are not public. They are useful, no need to make them static. Note that BITSTRING already was exposed since this RT was created, so now we just export IA5STRING functions. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
The documentation is wrong about what happens when the session cache fills up. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Erik Auerswald authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dario B authored
I added some error-checking while integrating this patch. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Scott Schaefer authored
pod2man now complains when item tags are not sequential. Also complains about missing =back and other tags. Silence the warnings; most were already done. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
The original RT request included a patch. By the time we got around to doing it, however, the callback scheme had changed. So I wrote a new function RSA_check_key_ex() that uses the BN_GENCB callback. But thanks very much to Vinet Sharma <vineet.sharma@gmail.com> for the initial implementation. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Robin Lee authored
Copy the ifdef/undef stanza from x509.h to x509v3.h Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
In the current code, the check isn't redundant. And in fact the REAL check was missing. This avoids a NULL-deref crash. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Martin Olsson authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Martin Olsson authored
Also, I (rsalz) changed "#ifdef undef" to "#if 0" Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
empty merge; script hiccup. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
The function returns 0 or 1, only. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Rich Salz authored
The function returns 0 or 1, only. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Alon Bar-Lev authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Sep 07, 2014
-
-
Viktor Dkhovni authored
Regexp was bracketed wrong. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 05, 2014
-
-
Emilia Kasper authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
i2d_re_X509_tbs re-encodes the TBS portion of the certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Adam Langley authored
Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes. (Original patch amended to achieve strnlen in a different way.) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Sep 03, 2014
-
-
Richard Levitte authored
string returns 0 with errno = ENOENT. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Phil Mesnier authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Clang via Jeffrey Walton authored
Can't really happen, but the flow of control isn't obvious. Add an initializer. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Sep 02, 2014
-
-
Emilia Kasper authored
"inline" without static is not correct as the compiler may choose to ignore it and will then either emit an external definition, or expect one. Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
- Sep 01, 2014
-
-
Kurt Cancemi authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Adam Williamson authored
RT842, closed back in 2004, changed the default serial number to be a random number rather than zero. Finally time to update the doc Reviewed-by: Tim Hudson <tjh@openssl.org>
-