Skip to content
  1. Jul 05, 2014
  2. Jul 03, 2014
  3. Jul 02, 2014
    • Matt Smart's avatar
      Fix doc typo. · d7080d62
      Matt Smart authored
      ERR_get_error(3) references the non-existent
      ERR_get_last_error_line_data instead of the one that does exist,
      ERR_peek_last_error_line_data.
      
      PR#3283
      (cherry picked from commit 5cc99c6c)
      d7080d62
    • Geoff Thorpe's avatar
      util/mkerr.pl: fix perl warning · 5d7c8a48
      Geoff Thorpe authored
      
      
      Gets rid of this;
      
      defined(@array) is deprecated at ../util/mkerr.pl line 792.
              (Maybe you should just omit the defined()?)
      defined(@array) is deprecated at ../util/mkerr.pl line 800.
              (Maybe you should just omit the defined()?)
      
      Signed-off-by: default avatarGeoff Thorpe <geoff@openssl.org>
      (cherry picked from commit 647f360e)
      5d7c8a48
    • Dr. Stephen Henson's avatar
      ASN1 sanity check. · 00e86a74
      Dr. Stephen Henson authored
      Primitive encodings shouldn't use indefinite length constructed
      form.
      
      PR#2438 (partial).
      (cherry picked from commit 398e99fe)
      00e86a74
  4. Jun 29, 2014
  5. Jun 28, 2014
  6. Jun 27, 2014
  7. Jun 26, 2014
  8. Jun 22, 2014
  9. Jun 14, 2014
    • Dr. Stephen Henson's avatar
      Accept CCS after sending finished. · 70d923fb
      Dr. Stephen Henson authored
      Allow CCS after finished has been sent by client: at this point
      keys have been correctly set up so it is OK to accept CCS from
      server. Without this renegotiation can sometimes fail.
      
      PR#3400
      (cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
      70d923fb
  10. Jun 12, 2014
  11. Jun 10, 2014
  12. Jun 09, 2014
  13. Jun 06, 2014
  14. Jun 05, 2014
  15. Jun 03, 2014
    • Dr. Stephen Henson's avatar
      Fix CVE-2014-3470 · 141a5482
      Dr. Stephen Henson authored
      Check session_cert is not NULL before dereferencing it.
      141a5482
    • Dr. Stephen Henson's avatar
      Fix CVE-2014-0221 · de2422af
      Dr. Stephen Henson authored
      Unnecessary recursion when receiving a DTLS hello request can be used to
      crash a DTLS client. Fixed by handling DTLS hello request without recursion.
      
      Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
      de2422af