Commits · 32e4cc0cde3043f59c3661b2a2447338da5e2c0f · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

10 Mar, 2016 1 commit
- Travis - the source directory is _srcdist, not _srcdir · 32e4cc0c
  Richard Levitte authored Mar 10, 2016
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  32e4cc0c
09 Mar, 2016 39 commits

Correct slight logic error in processing IF in build.info · c5798e0e

Richard Levitte authored Mar 09, 2016



This corrects a fault where the inner IF in this example was still
being acted upon:

  IF[0]
    ...whatever...
    IF[1]
      ...whatever more...
    ENDIF
  ENDIF

With this change, the inner IF is skipped over.

Reviewed-by: Matt Caswell <matt@openssl.org>

c5798e0e

When grepping something starting with a dash, remember to use -e · 64b9d84b
Richard Levitte authored Mar 09, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
64b9d84b
Deprecate the use of version-specific methods · 2b8fa1d5
Kurt Roeckx authored Mar 02, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
```
2b8fa1d5
Use version flexible method instead of fixed version · 885e601d
Kurt Roeckx authored Mar 02, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
```
885e601d
Use minimum and maximum protocol version instead of version fixed methods · 0d5301af
Kurt Roeckx authored Feb 02, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
```
0d5301af
Fix usage of OPENSSL_NO_*_METHOD · 1fc7d666
Kurt Roeckx authored Feb 02, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
```
1fc7d666
Move disabling of RC4 for DTLS to the cipher list. · ca3895f0
Kurt Roeckx authored Mar 08, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
ca3895f0
Remove DES cipher alias · 82478521
Kurt Roeckx authored Mar 09, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
82478521
Update ciphers -s documentation · 29c4cf0c
Kurt Roeckx authored Feb 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
29c4cf0c
Document SSL_get1_supported_ciphers · cdc72e49
Kurt Roeckx authored Feb 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
cdc72e49

IDEA is not supported in TLS 1.2 · d7a47426

Kurt Roeckx authored Feb 07, 2016



This currently seems to be the only cipher we still support that should get
disabled.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595

d7a47426

Add support for minimum and maximum protocol version supported by a cipher · 3eb2aff4
Kurt Roeckx authored Feb 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
3eb2aff4

Add ssl_get_client_min_max_version() function · 068c358a

Kurt Roeckx authored Feb 07, 2016



Adjust ssl_set_client_hello_version to get both the minimum and maximum and then
make ssl_set_client_hello_version use the maximum version.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595

068c358a

Make SSL_CIPHER_get_version return a const char * · b11836a6
Kurt Roeckx authored Feb 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
b11836a6

Remove unused code · 6063453c

Kurt Roeckx authored Feb 07, 2016



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595

6063453c

Make function to convert version to string · 7d650072
Kurt Roeckx authored Feb 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
7d650072
Constify security callbacks · e4646a89
Kurt Roeckx authored Feb 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
```
e4646a89

Documentation for ctx_set_ctlog_list_file() · ca74c38d

Rob Percival authored Mar 09, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

ca74c38d

Minor improvement to formatting of SCT output in s_client · 6bea2a72
Rob Percival authored Mar 04, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6bea2a72
Do not display a CT log error message if CT validation is disabled · 328f36c5
Rob Percival authored Mar 04, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
328f36c5
RT3676: Expose ECgroup i2d functions · 60b350a3
Rich Salz authored Mar 09, 2016
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
60b350a3

Comment away the extra checks in Configure · c4718849

Richard Levitte authored Mar 09, 2016



The "extra checks" is a debugging tool to check the config resolving
mechanism.  It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.

So, it gets commented away, but stays otherwise in place, as it may be
useful again.

Reviewed-by: Matt Caswell <matt@openssl.org>

c4718849

Make ct_dir and certs_dir static in test/ct_test.c · 67336ea4
Richard Levitte authored Mar 09, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
67336ea4

Fix ct_test to not assume it's in the source directory · 1bee9d6b

Richard Levitte authored Mar 09, 2016



ct_test assumed it's run in the source directory and failed when built
elsewhere.  It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.

Test recipe updated to match.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

1bee9d6b

Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used · 9ddff1e8
Rob Percival authored Mar 09, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
9ddff1e8
Make SCT literals into const variables in ct_test.c · dc919c69
Rob Percival authored Mar 09, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
dc919c69
Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const · eac84e81
Rob Percival authored Mar 08, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
eac84e81

Removes SCT_LIST_set_source and SCT_LIST_set0_logs · 14db9bbd

Rob Percival authored Mar 08, 2016



Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

14db9bbd

Makes SCT_get0_log return const CTLOG* · 21b908a8

Rob Percival authored Mar 08, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

21b908a8

Makes CTLOG_STORE_get0_log_by_id return const CTLOG* · 12d2d281
Rob Percival authored Mar 08, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
12d2d281

Improved documentation of SCT_CTX_* functions · 98af7310

Rob Percival authored Mar 08, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

98af7310

Updates ct_err.c · e5a7ac44

Rob Percival authored Mar 08, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

e5a7ac44

Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c · 5c081a8f
Rob Percival authored Mar 08, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5c081a8f
Reset SCT validation_status if the SCT is modified · 6d7fd9c1
Rob Percival authored Mar 08, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6d7fd9c1
Use SCT_VERSION_V1 in place of literal 0 in ct_test.c · 9c812014
Rob Percival authored Mar 07, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
9c812014

Fixes "usuable" typo in ct_locl.h · 70279a81

Rob Percival authored Mar 07, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

70279a81

Treat boolean functions as booleans · 70073f3e

Rob Percival authored Mar 07, 2016



Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

70073f3e

Make parameters of CTLOG_get* const · 8c92c4ea

Rob Percival authored Mar 04, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

8c92c4ea

Extensive application of __owur to CT functions that return a boolean · 5da65ef2

Rob Percival authored Mar 04, 2016



Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

5da65ef2