- May 17, 2016
-
-
Matt Caswell authored
Fix various references to s3_clnt.c and s3_srvr.c which don't exist any more. GitHub Issue #765 Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: -
Matt Caswell authored
SSL_get_async_wait_fd() was replaced by SSL_get_all_async_fds() and SSL_get_changed_async_fds(). Reviewed-by:
-
- May 16, 2016
-
-
Andy Polyakov authored
Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Matt Caswell authored
Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by:Matt Caswell <matt@openssl.org>
-
Steffan Karger authored
CLA: none; trivial Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Rich Salz <rsalz@openssl.org> GH: #1070
-
Kurt Roeckx authored
Reviewed-by: -
TJ Saunders authored
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by:
-
TJ Saunders authored
Signed-off-by:
-
Dr. Stephen Henson authored
RT#4215 Reviewed-by: -
Richard Levitte authored
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: -
Matt Caswell authored
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: -
Viktor Dukhovni authored
Document thread-safe lock creation Reviewed-by: -
Richard Levitte authored
RT#2534 Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
RT#2558 Reviewed-by: -
Richard Levitte authored
RT#2616 Reviewed-by: -
Cristian Stoica authored
Some setups use links inside .git directory and make clean should not remove them to avoid breaking git meta-information. Signed-off-by:
Cristian Stoica <cristian.stoica@nxp.com> CLA: none; trivial Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
-
Matt Caswell authored
The previous commit added SSL_CTX_set_tlsext_status_type(). This one adds some documentation for it. Reviewed-by: -
jfigus authored
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by:
-
Kazuki Yamaguchi authored
Since 50932c4a "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 Reviewed-by:
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by:
-
Richard Levitte authored
- "/Ox /O2 /Ob2" get's reduced to "/O2", the reason being: /Ox = /Ob2 /Og /Oi /Ot /Oy /Gs /O2 = /Ob2 /Og /Oi /Ot /Oy /Gs /GF /Gy - apps/openssl.cnf gets installed. - always delete files quietly, as they might not be there. Reviewed-by: -
FdaSilvaYY authored
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E ! Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
- May 14, 2016
-
-
Richard Levitte authored
Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
-
Alessandro Ghedini authored
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by:
-
Kirill Marinushkin authored
Currently point to wrong address Signed-off-by:
Kirill Marinushkin <k.marinushkin@gmail.com> Reviewed-by:
-
- May 13, 2016
-
-
Insu Yun authored
check source's kdf_ukm, not destination's use != NULL, instead of implicit checking don't free internal data structure like pkey_rsa_copy() Reviewed-by:
-
Richard Levitte authored
In some cases, perl's glob() thinks it needs to return file names with generation numbers, such as when a file name pattern includes two periods. Constructing other file names by simple appending to file names with generation numbers isn't a good idea, so for the VMS case, just peal the generation numbers if they are there. Fortunately, this is easy, as the returned generation number delimiter will always be a semi-colon. Reviewed-by: -
Matt Caswell authored
If the server does not send a session ticket extension, it should not then send the NewSessionTicket message. If the server sends the session ticket extension, it MUST then send the NewSessionTicket message. Reviewed-by: -
David Benjamin authored
Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by:
-
Dr. Stephen Henson authored
RT#4471 Reviewed-by: -
Dr. Stephen Henson authored
RT#4302 Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Fix -signer option in smime utility to output signer certificates when verifying. Add support for format SMIME for -inform and -outform with cms and smime utilities. PR#4215 Reviewed-by:
-
