- May 16, 2016
-
-
TJ Saunders authored
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
TJ Saunders authored
Signed-off-by:
-
Dr. Stephen Henson authored
RT#4215 Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: -
Matt Caswell authored
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: -
Viktor Dukhovni authored
Document thread-safe lock creation Reviewed-by: -
Richard Levitte authored
RT#2534 Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
RT#2558 Reviewed-by: -
Richard Levitte authored
RT#2616 Reviewed-by: -
Cristian Stoica authored
Some setups use links inside .git directory and make clean should not remove them to avoid breaking git meta-information. Signed-off-by:
Cristian Stoica <cristian.stoica@nxp.com> CLA: none; trivial Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
-
Matt Caswell authored
The previous commit added SSL_CTX_set_tlsext_status_type(). This one adds some documentation for it. Reviewed-by: -
jfigus authored
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by:
-
Kazuki Yamaguchi authored
Since 50932c4a "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 Reviewed-by:
Emilia Käsper <emilia@openssl.org> Reviewed-by:
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by:
-
Richard Levitte authored
- "/Ox /O2 /Ob2" get's reduced to "/O2", the reason being: /Ox = /Ob2 /Og /Oi /Ot /Oy /Gs /O2 = /Ob2 /Og /Oi /Ot /Oy /Gs /GF /Gy - apps/openssl.cnf gets installed. - always delete files quietly, as they might not be there. Reviewed-by: -
FdaSilvaYY authored
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E ! Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
- May 14, 2016
-
-
Richard Levitte authored
Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
-
Alessandro Ghedini authored
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by:
-
Kirill Marinushkin authored
Currently point to wrong address Signed-off-by:
Kirill Marinushkin <k.marinushkin@gmail.com> Reviewed-by:
-
- May 13, 2016
-
-
Insu Yun authored
check source's kdf_ukm, not destination's use != NULL, instead of implicit checking don't free internal data structure like pkey_rsa_copy() Reviewed-by:
-
Richard Levitte authored
In some cases, perl's glob() thinks it needs to return file names with generation numbers, such as when a file name pattern includes two periods. Constructing other file names by simple appending to file names with generation numbers isn't a good idea, so for the VMS case, just peal the generation numbers if they are there. Fortunately, this is easy, as the returned generation number delimiter will always be a semi-colon. Reviewed-by: -
Matt Caswell authored
If the server does not send a session ticket extension, it should not then send the NewSessionTicket message. If the server sends the session ticket extension, it MUST then send the NewSessionTicket message. Reviewed-by: -
David Benjamin authored
Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by:
-
Dr. Stephen Henson authored
RT#4471 Reviewed-by: -
Dr. Stephen Henson authored
RT#4302 Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Fix -signer option in smime utility to output signer certificates when verifying. Add support for format SMIME for -inform and -outform with cms and smime utilities. PR#4215 Reviewed-by:
-
- May 12, 2016
-
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
* Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS. * crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of function names: sock_write, sock_read and sock_puts. * crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write, sock_read and sock_puts are redefined to their private names so their names must be undefined first before they can be redefined again. * crypto/bio/bss_file.c (file_fopen) [__DJGPP__]: Make a copy of the passed file name and replace the leading dots in the dirname part and the basname part of the file name, unless LFN is supported. * e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor FreeDOS provide 'egd' sockets. New macro HAS_LFN_SUPPORT checks if underlying file system supports long file names or not. Include sys/un.h. Define WATT32_NO_OLDIES. * INSTALL.DJGPP: Update URL of WATT-32 library. Submitted by Juan Manuel Guerrero <juan.guerrero@gmx.de> RT#4217 Reviewed-by:Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
DJGPP is a 3rd party configuration, we rely entirely on the OpenSSL to help us fine tune and test. Therefore, it's moved to its own config. Reviewed-by: -
Rich Salz authored
Reviewed-by:Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The old proxy tests test the implementation of an application proxy policy callback defined in the test itself, which is not particularly useful. It is, however, useful to test cert verify overrides in general. Therefore, replace these tests with tests for cert verify callback behaviour. Also glob the ssl test inputs on the .in files to catch missing generated files. Reviewed-by: -
Emilia Kasper authored
ERR_LIB_USER has value 128, and shifting into the sign bit upsets the shift sanitizer. Reviewed-by: -
Dr. Stephen Henson authored
Multiple digest options to the ocsp utility are allowed: e.g. to use different digests for different certificate IDs. A digest option without a following certificate is however illegal. RT#4215 Reviewed-by: -
Richard Levitte authored
While it seemed like a good idea to have this file once upon a time, this kind of file belongs with the package maintainer rather than in our source. Reviewed-by: -
Dr. Stephen Henson authored
RT#4207 Reviewed-by: -
Dmitry Belyavsky authored
RT#4438 Reviewed-by:
-
