Skip to content
  1. Feb 25, 2014
  2. Feb 24, 2014
  3. Feb 15, 2014
  4. Feb 14, 2014
    • Kurt Roeckx's avatar
      Use defaults bits in req when not given · e420060a
      Kurt Roeckx authored
      If you use "-newkey rsa" it's supposed to read the default number of bits from the
      config file.  However the value isn't used to generate the key, but it does
      print it's generating such a key.  The set_keygen_ctx() doesn't call
      EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
      pkey_rsa_init() (1024).  Afterwards the number of bits gets read from the config
      file, but nothing is done with that anymore.
      
      We now read the config first and use the value from the config file when no size
      is given.
      
      PR: 2592
      (cherry picked from commit 33432203)
      e420060a
    • Kurt Roeckx's avatar
      Fix additional pod errors with numbered items. · d8ec8a4a
      Kurt Roeckx authored
      (cherry picked from commit e547c45f)
      d8ec8a4a
    • Scott Schaefer's avatar
      Fix various spelling errors · 040ed7b4
      Scott Schaefer authored
      (cherry picked from commit 2b4ffc65)
      040ed7b4
    • Scott Schaefer's avatar
      Document pkcs12 -password behavior · c76e5b08
      Scott Schaefer authored
      apps/pkcs12.c accepts -password as an argument.  The document author
      almost certainly meant to write "-password, -passin".
      
      However, that is not correct, either.  Actually the code treats
      -password as equivalent to -passin, EXCEPT when -export is also
      specified, in which case -password as equivalent to -passout.
      (cherry picked from commit 856c6dfb)
      c76e5b08
    • Dr. Stephen Henson's avatar
      Backport TLS padding extension from master. · 00712158
      Dr. Stephen Henson authored
      (cherry picked from commit 8c6d8c2a)
      
      Conflicts:
      
      	CHANGES
      	ssl/t1_lib.c
      00712158
  5. Feb 05, 2014
  6. Feb 03, 2014
  7. Jan 29, 2014
    • Dr. Stephen Henson's avatar
      Clarify docs. · f21e6b6e
      Dr. Stephen Henson authored
      Remove reference to ERR_TXT_MALLOCED in the error library as that is
      only used internally. Indicate that returned error data must not be
      freed.
      (cherry picked from commit f2d678e6)
      f21e6b6e
  8. Jan 28, 2014
  9. Jan 23, 2014
  10. Jan 16, 2014
  11. Jan 11, 2014
  12. Jan 09, 2014
  13. Jan 08, 2014
  14. Jan 06, 2014
  15. Jan 04, 2014
    • Dr. Stephen Henson's avatar
      Restore SSL_OP_MSIE_SSLV2_RSA_PADDING · 25c9fa60
      Dr. Stephen Henson authored
      The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
      0.9.7h but deleting it will break source compatibility with any software
      that references it. Restore it but #define to zero.
      (cherry picked from commit b17d6b8d)
      25c9fa60
  16. Jan 02, 2014
  17. Dec 22, 2013
  18. Dec 20, 2013
  19. Dec 19, 2013
    • Dr. Stephen Henson's avatar
      Use version in SSL_METHOD not SSL structure. · ca989269
      Dr. Stephen Henson authored
      When deciding whether to use TLS 1.2 PRF and record hash algorithms
      use the version number in the corresponding SSL_METHOD structure
      instead of the SSL structure. The SSL structure version is sometimes
      inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
      (CVE-2013-6449)
      ca989269
  20. Dec 18, 2013
    • Andy Polyakov's avatar
      sha512.c: fullfull implicit API contract in SHA512_Transform. · 2ec4181b
      Andy Polyakov authored
      SHA512_Transform was initially added rather as tribute to tradition
      than for practucal reasons. But use was recently found in ssl/s3_cbc.c
      and it turned to be problematic on platforms that don't tolerate
      misasligned references to memory and lack assembly subroutine.
      (cherry picked from commit cdd1acd7)
      2ec4181b