- 15 Jun, 2017 8 commits
-
-
Benjamin Kaduk authored
Also remove nested OPENSSL_NO_EC conditional; it was properly indented, but a no-op. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Benjamin Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3693)
-
Todd Short authored
Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Andy Polyakov authored
Reviewed-by: -
Rich Salz authored
Reviewed-by:
-
Richard Levitte authored
Because apps/progs.h isn't configuration agnostic, it's not at all suited for 'make update' or being versioned, so change it to be dynamically generated. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
If it did, it really is something that should be checked in, and should therefore make a CI build fail. Reviewed-by:
-
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3684)
-
- 14 Jun, 2017 6 commits
-
-
Rich Salz authored
This flag was added in 1992 and only documented in the CHANGES file. Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3681)
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
- 13 Jun, 2017 4 commits
-
-
Rich Salz authored
The generating script got updated, but the generated file did not. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Andy Polyakov authored
[As well as few extra instructions from earlier spec.] Reviewed-by: -
Paul Yang authored
Update s_client -help and pod file. Signed-off-by:
Paul Yang <paulyang.inf@gmail.com> Reviewed-by:
-
- 12 Jun, 2017 11 commits
-
-
Richard Levitte authored
Reading the prologue of this file conserved the "# Function codes" line, and then duplicated it when rewriting this file, adding a new "# Function codes" line everytime there's an update. Better then to skip over all comment lines and have the prologue defined in mkerr.pl, just the same as we do with the other affected files. Reviewed-by:
-
Richard Levitte authored
Sometimes, one might only want to rework a subset of all the internal error codes. -module allows the caller to specify exactly which library modules to rewrite. Reviewed-by:
-
Paul Yang authored
Mostly braces and NULL pointer check and also copyright year bump Signed-off-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Rich Salz authored
Add "*" as indicator meaning the function/reason is removed, so put an empty string in the function/reason string table; this preserves backward compatibility by keeping the #define's. In state files, trailing backslash means text is on the next line. Add copyright to state files Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Paul Yang authored
To reduce duplicate code Signed-off-by:
-
Benjamin Kaduk authored
Call it from the early callback used for testing these functions, and verify the expected contents of the ClientHello Reviewed-by:
-
Benjamin Kaduk authored
It is an API to be used from the early callback that indicates what extensions were present in the ClientHello, and in what order. This can be used to eliminate unneeded calls to SSL_early_get0_ext() (which itself scales linearly in the number of extensions supported by the library). Reviewed-by:
-
Benjamin Kaduk authored
Per the TODO comment, we now have proper certificate selection for TLS 1.3 client certificates, so this test can move into its own block. (It cannot merge with the previous block, as it requires EC.) Verified that the test passes when configured with enable-tls1_3 no-tls1 no-tls1_1 no-tls1_2. Reviewed-by:
-
Benjamin Kaduk authored
We prevent compression both when the server is parsing the ClientHello and when the client is constructing the ClientHello. A 1.3 ServerHello has no way to hand us back a compression method, and we already check that the server does not try to give us back a compression method that we did not request, so these checks seem sufficient. Weaken the INSTALL note slightly, as we do now expect to interoperate with other implementations. Reviewed-by:
-
- 11 Jun, 2017 6 commits
-
-
Rich Salz authored
Reviewed-by: -
Josh Soref authored
The previous word was a misspelling of nicety Reviewed-by:
-
Rich Salz authored
Make funcs to deal with non-null-term'd string in both asn1_generalizedtime_to_tm() and asn1_utctime_to_tm(). Fixes issue #3444. This one is used to enforce strict format (RFC 5280) check and to convert GeneralizedTime to UTCTime. apps/ca has been changed to use the new API. Test cases and documentation are updated/added Signed-off-by:
-
Beat Bolli authored
Adjust brace placement, whitespace after keywords, indentation and empty lines after variable declarations according to https://www.openssl.org/policies/codingstyle.html . Indent literal sections by exactly one space. Reviewed-by:
-
Josh Soref authored
spelling: algorithm spelling: anyway spelling: assigned spelling: authenticated spelling: callback spelling: certificate spelling: compatibility spelling: configuration spelling: digest spelling: encrypted spelling: function spelling: output spelling: receive spelling: renegotiation spelling: signing spelling: similar spelling: string (Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by : Rich Salz <rsalz@openssl.org> Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- 10 Jun, 2017 1 commit
-
-
Rich Salz authored
CLA: trivial Reviewed-by:
-
- 09 Jun, 2017 4 commits
-
-
Paul Yang authored
Check return value of NETSCAPE_SPKI_new() and NETSCAPE_SPKI_b64_encode(), and also clean up coding style incidentally. Signed-off-by:
-
Benjamin Kaduk authored
Move the call to ct_base64_decode(), which allocates, until after the check for NULL output parameter. Also place a cap on the number of padding characters used to decrement the output length -- any more than two '='s is not permitted in a well-formed base64 text. Prior to this change, ct_base64_decode() would return a length of -1 along with allocated storage for an input of "====". Reviewed-by:
-
Josh Soref authored
This incorrectly spelled item exists for compatibility purposes CLA: Trivial Reviewed-by:
-
Pichulin Dmitrii authored
Reviewed-by:
-
