- May 17, 2016
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
In the SSLV2ClientHello processing code in ssl3_get_record, the value of |num_recs| will always be 0. This isn't obvious from the code so a comment is added to explain it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
When RSA went opaque a bug was introduced into the dasync engine where the wrong function was being set for the rsa_priv_dec operation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
The function ssl3_get_record() can obtain multiple records in one go as long as we are set up for pipelining and all the records are app data records. The logic in the while loop which reads in each record is supposed to only continue looping if the last record we read was app data and we have an app data record waiting in the buffer to be processed. It was actually checking that the first record had app data and we have an app data record waiting. This actually amounts to the same thing so wasn't wrong - but it looks a bit odd because it uses the |rr| array without an offset. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Pipelining introduced the concept of multiple records being read in one go. Therefore we work with an array of SSL3_RECORD objects. The pipelining change erroneously made a change in ssl3_get_record() to apply the current record offset to the SSL3_BUFFER we are using for reading. This is wrong - there is only ever one read buffer. This reverts that change. In practice this should make little difference because the code block in question is only ever used when we are processing a single record. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Kurt Cancemi authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Fix various references to s3_clnt.c and s3_srvr.c which don't exist any more. GitHub Issue #765 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING twice. We only need to do it once. GitHub Issue #656 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
SSL_get_async_wait_fd() was replaced by SSL_get_all_async_fds() and SSL_get_changed_async_fds(). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 16, 2016
-
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Steffan Karger authored
CLA: none; trivial Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1070
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org> MR: #2153
-
TJ Saunders authored
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
TJ Saunders authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #515, MR: #2153
-
Dr. Stephen Henson authored
RT#4215 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Viktor Dukhovni authored
Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
RT#2534 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
RT#2558 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
RT#2616 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Cristian Stoica authored
Some setups use links inside .git directory and make clean should not remove them to avoid breaking git meta-information. Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> CLA: none; trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1078)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1063)
-
Alessandro Ghedini authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Alessandro Ghedini authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
The previous commit added SSL_CTX_set_tlsext_status_type(). This one adds some documentation for it. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
jfigus authored
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Kazuki Yamaguchi authored
Since 50932c4a "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
- "/Ox /O2 /Ob2" get's reduced to "/O2", the reason being: /Ox = /Ob2 /Og /Oi /Ot /Oy /Gs /O2 = /Ob2 /Og /Oi /Ot /Oy /Gs /GF /Gy - apps/openssl.cnf gets installed. - always delete files quietly, as they might not be there. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1075)
-
FdaSilvaYY authored
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E ! Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1057)
-
- May 14, 2016
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1042)
-
Alessandro Ghedini authored
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/413)
-