- Apr 22, 2016
-
-
Viktor Dukhovni authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Viktor Dukhovni authored
It is up to the caller of SSL_dane_tlsa_add() to take appropriate action when no records are added successfully or adding some records triggers an internal error (negative return value). With this change the caller can continue with PKIX if desired when none of the TLSA records are usable, or take some appropriate action if DANE is required. Also fixed the internal ssl_dane_dup() function to properly initialize the TLSA RR stack in the target SSL handle. Errors in ssl_dane_dup() are no longer ignored. Reviewed-by: -
Matt Caswell authored
If we fail halfway through constructing the peer_tmp EVP_PKEY but we have already stored it in s->s3->peer_tmp then if anything tries to use it then it will likely fail. This was causing s_client to core dump in the sslskewith0p test. s_client was trying to print out the connection parameters that it had negotiated so far. Arguably s_client should not do that if the connection has failed...but given it is existing functionality it's easier to fix libssl. Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Using ASN1_ITEM tables in d2i_test: this then uses consistent names and makes it easier to extend. Add bio, reencode and compare tests. Reviewed-by: -
Matt Caswell authored
The capi engine was failing to compile on Windows if the no-dsa option was selected. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The no-dsa option was failing on Windows because some symbols were not correctly flagged in libcrypto.num. Problem found due to the new symbol consistency test. Reviewed-by: -
Matt Caswell authored
Some pre-processor macros were incorrectly indented Reviewed-by: -
Matt Caswell authored
no-cmac was failing on Windows/VMS due to libcrypto.num not marking the CMAC functions properly. Found due to the new symbol consistency test. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
Our main development platforms are of the Unix family, which doesn't have the same strictness regarding a shared library being consistent with the contents of the ld script (.map file, on Linux and Solaris) as Windows is with the contents of the .def file or VMS is with the linker symb_vector option. To eliminate surprises, we therefore need to make sure to check that the contents of the .map file is matched with the shared library, at least to check that the shared library isn't missing any symbols that should be present. This test isn't absolutely perfect, as it will only check the symbols that would be present on Linux / Solaris and will therefore miss those that would only appear on Windows or VMS. On the other hand, those platform specific are few and far apart in time, so it's not likely they will pose a problem. Reviewed-by:Matt Caswell <matt@openssl.org>
-
- Apr 21, 2016
-
-
Dr. Stephen Henson authored
If allocation in CRYPTO_clear_realloc() fails don't free up the original buffer: this is consistent with the behaviour of realloc(3) and is expected in other places in OpenSSL. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The ocsp.h file did not have appropriate guards causing link failures on Windows. GH Issue 900 Reviewed-by: -
Matt Caswell authored
openssl.c and ts.c assign the value of opt_num_rest() to argc, but then only use the value once. Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
All other instances of extract_min_max are checked for an error return, except this one. Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Also correct the return value from the the "prime" application Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Various instances of variables being written to, but then never read. Reviewed-by:
-
- Apr 20, 2016
-
-
Davide Galassi authored
The state was always set to BIO_CONN_S_OK. Reviewed-by:
-
Michel authored
Reviewed-by: -
Rich Salz authored
With Richard Levitte. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Matt Caswell authored
Ensure public functions have appropriate guards in header files. GH Issue 899 Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
The Unix build was the last to retain the classic build scheme. The new unified scheme has matured enough, even though some details may need polishing. Reviewed-by: -
Matt Caswell authored
Link errors were occurring on Windows because the header files were not correctly guarding some functions with OPENSSL_NO_SOCK Reviewed-by: -
Matt Caswell authored
We need the struct timeval definition from winsock2.h even if we're not going to call any socket functions. Reviewed-by: -
Matt Caswell authored
Windows "select" only works for sockets so don't use it to wait for async. Reviewed-by: -
Matt Caswell authored
e_os.h was defining OPENSSL_NO_DGRAM if OPENSSL_NO_SOCK was defined. This causes link problems on Windows because the generated .def files still contain the DGRAM symbols even though they have not been compiled. Reviewed-by: -
Matt Caswell authored
Link errors were occurring on Windows because the header files were not correctly guarding some functions with OPENSSL_NO_DGRAM Reviewed-by: -
Rich Salz authored
Add copyright to most .pl files This does NOT cover any .pl file that has other copyright in it. Most of those are Andy's but some are public domain. Fix typo's in some existing files. Reviewed-by: -
Rainer Jung authored
Fixes some links in the pod files Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by: -
Andy Polyakov authored
Reviewed-by:
-
