- May 12, 2016
-
-
Rich Salz authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The old proxy tests test the implementation of an application proxy policy callback defined in the test itself, which is not particularly useful. It is, however, useful to test cert verify overrides in general. Therefore, replace these tests with tests for cert verify callback behaviour. Also glob the ssl test inputs on the .in files to catch missing generated files. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
ERR_LIB_USER has value 128, and shifting into the sign bit upsets the shift sanitizer. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Multiple digest options to the ocsp utility are allowed: e.g. to use different digests for different certificate IDs. A digest option without a following certificate is however illegal. RT#4215 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
While it seemed like a good idea to have this file once upon a time, this kind of file belongs with the package maintainer rather than in our source. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
RT#4207 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dmitry Belyavsky authored
RT#4438 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
RT#4403 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Richard Levitte authored
This makes it possible to just run ./config on a x86_64 machine with no extra fuss. RT#4356 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- May 11, 2016
-
-
Viktor Dukhovni authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
RT#4442 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Update pkcs8 utility to use 256 bit AES using SHA256 by default. Update documentation. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Steven Valdez authored
RT#4363 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
The old cipherlist test in ssltest.c only tests the internal order of the cipher table, which is pretty useless. Replace this test with a test that catches inadvertent changes to the default cipherlist. Fix run_tests.pl to correctly filter tests that have "list" in their name. (Also includes a small drive-by fix in .gitignore.) Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
David Benjamin authored
The V2ClientHello code creates an empty compression list, but the compression list must explicitly contain the null compression (and later code enforces this). RT#4387 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
RT#4256 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Viktor Dukhovni authored
When *pp is NULL, don't write garbage, return an unexpected pointer or leak memory on error. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- May 10, 2016
-
-
Dr. Stephen Henson authored
RT#4402 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
RT#4224 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
- some Perl versions are allergic to missing ';'; - don't stop if del fails; - omit unused environment variable; Reviewed-by: Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
RT#4538 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Don't primarly recommend using OPENSSL_thread_stop(), as that's a last resort. Instead, recommend leaving it to automatic mechanisms. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
The ERR_remove_thread_state() API is restored to take a pointer argument, but does nothing more. ERR_remove_state() is also made into a no-op. Both functions are deprecated and users are recommended to use OPENSSL_thread_stop() instead. Documentation is changed to reflect this. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Richard Levitte authored
They were using the wrong variables. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 09, 2016
-
-
Richard Levitte authored
Originally submitted by Kurt Cancemi <kurt@x64architecture.com> Closes RT#4533 Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Benjamin authored
Per RFC 5246, Note: this extension is not meaningful for TLS versions prior to 1.2. Clients MUST NOT offer it if they are offering prior versions. However, even if clients do offer it, the rules specified in [TLSEXT] require servers to ignore extensions they do not understand. Although second sentence would suggest that there would be no interop problems in always offering the extension, WebRTC has reported issues with Bouncy Castle on < TLS 1.2 ClientHellos that still include signature_algorithms. See also https://bugs.chromium.org/p/webrtc/issues/detail?id=4223 RT#4390 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
BIO_eof() was always returning true when using a BIO pair. It should only be true if the peer BIO is empty and has been shutdown. RT#1215 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Hansruedi Patzen authored
Issue was introduced in https://github.com/openssl/openssl/commit/a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 This patch fixes an issue which causes the 'openssl ca' commands to fail if '-config' is not specified even if it says so otherwise. Problem is that the default config is not loaded and the conf variable is NULL which causes an exception. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-