Skip to content
  1. Sep 16, 2013
    • Rob Stradling's avatar
      Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. · 07df5018
      Rob Stradling authored
      OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
      07df5018
    • Bodo Moeller's avatar
      Sync CHANGES and NEWS files. · 1b9a59c3
      Bodo Moeller authored
      1b9a59c3
    • Bodo Moeller's avatar
      Merge branch 'OpenSSL_1_0_2-stable' of... · 8f89c334
      Bodo Moeller authored
      Merge branch 'OpenSSL_1_0_2-stable' of /usr/local/google/home/bmoeller/openssl/openssl into OpenSSL_1_0_2-stable
      8f89c334
    • Bodo Moeller's avatar
      Fix overly lenient comparisons: · 485d7d59
      Bodo Moeller authored
          - EC_GROUP_cmp shouldn't consider curves equal just because
            the curve name is the same. (They really *should* be the same
            in this case, but there's an EC_GROUP_set_curve_name API,
            which could be misused.)
      
          - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
            or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
            equality (not an error).
      
          Reported by: king cope
      
      (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
      485d7d59
    • Bodo Moeller's avatar
      Fix overly lenient comparisons: · e3720888
      Bodo Moeller authored
          - EC_GROUP_cmp shouldn't consider curves equal just because
            the curve name is the same. (They really *should* be the same
            in this case, but there's an EC_GROUP_set_curve_name API,
            which could be misused.)
      
          - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
            or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
            equality (not an error).
      
          Reported by: king cope
      
      (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
      e3720888
  2. Sep 15, 2013
  3. Sep 14, 2013
  4. Sep 10, 2013
  5. Sep 09, 2013
  6. Sep 08, 2013
  7. Sep 03, 2013
  8. Aug 21, 2013
  9. Aug 20, 2013
  10. Aug 19, 2013
  11. Aug 18, 2013
  12. Aug 13, 2013
    • Michael Tuexen's avatar
      DTLS message_sequence number wrong in rehandshake ServerHello · 75b81247
      Michael Tuexen authored
      This fix ensures that
      * A HelloRequest is retransmitted if not responded by a ClientHello
      * The HelloRequest "consumes" the sequence number 0. The subsequent
      ServerHello uses the sequence number 1.
      * The client also expects the sequence number of the ServerHello to
      be 1 if a HelloRequest was received earlier.
      This patch fixes the RFC violation.
      (cherry picked from commit b62f4daa)
      75b81247
  13. Aug 08, 2013
    • Michael Tuexen's avatar
      DTLS handshake fix. · 2c1a5c10
      Michael Tuexen authored
      Reported by: Prashant Jaikumar <rmstar@gmail.com>
      
      Fix handling of application data received before a handshake.
      (cherry picked from commit 0c75eeac)
      2c1a5c10
  14. Aug 06, 2013
    • Dr. Stephen Henson's avatar
      Fix verify loop with CRL checking. · 71c34b7f
      Dr. Stephen Henson authored
      PR #3090
      Reported by: Franck Youssef <fry@open.ch>
      
      If no new reason codes are obtained after checking a CRL exit with an
      error to avoid repeatedly checking the same CRL.
      
      This will only happen if verify errors such as invalid CRL scope are
      overridden in a callback.
      (cherry picked from commit 4b26645c)
      71c34b7f
    • Kaspar Brand's avatar
      Fix for PEM_X509_INFO_read_bio. · b0cfaf58
      Kaspar Brand authored
      PR: 3028
      Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
      correctly if they appeared first.
      (cherry picked from commit 5ae8d6bc)
      b0cfaf58
  15. Aug 03, 2013
  16. Jul 31, 2013