- Sep 08, 2017
-
-
Matt Caswell authored
If an alert gets sent and then we close the connection immediately with data still in the input buffer then a TCP-RST gets sent. Some OSs immediately abandon data in their input buffer if a TCP-RST is received - meaning the alert data itself gets ditched. Sending a TCP-FIN before the TCP-RST seems to avoid this. This was causing test failures in MSYS2 builds. Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4333) (cherry picked from commit bac6abe1)
-
- Sep 07, 2017
-
-
Rich Salz authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4326) (cherry picked from commit 180794c5)
-
- Sep 06, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Sep 01, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
Andy Polyakov authored
The commit subject is a bit misleading in sense that decisions affect only gcc and gcc-alikes, like clang, recent icc... This is back-port of 54cf3b98 , GH#4281. Reviewed-by:
-
Andy Polyakov authored
OPENSSL_ia32cap.pod discusses possibility to disable operations on XMM register bank. This formally means that this flag has to be checked in combination with other flags. But it customarily isn't. But instead of chasing all the cases we can flip more bits together with FXSR one. Reviewed-by:
Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4303) (cherry picked from commit 6e5a853b)
-
- Aug 31, 2017
-
-
Richard Levitte authored
When parsing the header files, mkdef.pl didn't clear the line terminator properly. In most cases, this didn't matter, but there were moments when this caused parsing errors (such as CRLFs in certain cases). Fixes #4267 Reviewed-by:
Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4304) (cherry picked from commit e66b62b8)
-
Zhu Qun-Ying authored
CLA: trivial Reviewed-by:
-
- Aug 28, 2017
-
-
Rich Salz authored
Fixes CVE 2017-3735 Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4276) (cherry picked from commit b2317174)
-
- Aug 26, 2017
-
-
Rich Salz authored
Reviewed-by:
-
- Aug 25, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
Richard Levitte authored
This is a vestige from pre-1.1.0 OpenSSL Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
- Aug 24, 2017
-
-
Matt Caswell authored
Reviewed-by:
-
- Aug 23, 2017
-
-
Dr. Stephen Henson authored
Fix GCM documentation: the tag does not have to be supplied before decrypting any data any more. Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
- Aug 21, 2017
-
-
Pauli authored
Cast arguments to the various ctype functions to unsigned char to match their documentation. Reviewed-by:
-
Nicola Tuveri authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3246)
-
Nicola Tuveri authored
Reviewed-by:
-
- Aug 18, 2017
-
-
Balaji Marisetti authored
CLA: trivial Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
We changed directory to the wrong directory. This change also separates the preparation phase from the tarball building phase. Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
- Aug 17, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Aug 16, 2017
-
-
David von Oheimb authored
Now the certs arg is not any more neglected when building the signer cert chain. Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy. See also http://rt.openssl.org/Ticket/Display.html?id=4620 Reviewed-by:
-
Todd Short authored
WebSphere application server cannot handle having an empty extension (e.g. EMS/EtM) as the last extension in a client hello. This moves the SigAlgs extension last (before any padding) for TLSv1.2 to avoid this issue. Force the padding extension to a minimum length of 1. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
- Aug 10, 2017
-
-
Dr. Stephen Henson authored
Fix warning and don't use binary field certificate for ECDH CMS key only test. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Aug 09, 2017
-
-
Xiaoyin Liu authored
In the generated HTML document, the `<pre>` tag is not closed. This patch also has a trivial code-style improvement, unrelated to the bug fix. Reviewed-by:
-
- Aug 08, 2017
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
- Aug 07, 2017
-
-
Bernd Edlinger authored
Reviewed-by:
-
- Aug 05, 2017
-
-
Xiaoyin Liu authored
Reviewed-by:
-
- Aug 03, 2017
-
-
Richard Levitte authored
This needs more change that what is appropriate for the 1.1.0 branch. This reverts commit 04011100 . Reviewed-by:
-
Lingmo Zhu authored
Reviewed-by:
-
Lingmo Zhu authored
The comment "The following should not return 1, otherwise, things are very strange" is from the very first commit of OpenSSL. The really meaning of the comment is if the identical session can be found from internal cache after calling get_session_cb but not found before calling get_session_cb, it is just strange. The value 1 was originated from the old doc of SSLeay, reversed from the actual return value of SSL_CTX_add_session(). Anyway either return value of SSL_CTX_add_session() should not interrupt the session resumption process. So the checking of return value of SSL_CTX_add_session() is not necessary. Reviewed-by:
-
- Aug 01, 2017
-
-
Paul Yang authored
Seems this documentation is not dead, so add this missing part Reviewed-by:
-
Ken Goldman authored
Document that the RSA_get0_ functions permit a NULL BIGNUM **. Those output parameters are ignored. Reviewed-by:
-
