- Sep 08, 2017
-
-
Richard Levitte authored
This allows completely arbitrary passphrases to be entered, including NUL bytes. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3821)
-
xemdetia authored
It is talked around but not explicitly stated in one part of the documentation that you should put library configuration lines at the start of the configuration file. CLA: trivial Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
Matt Caswell authored
If an alert gets sent and then we close the connection immediately with data still in the input buffer then a TCP-RST gets sent. Some OSs immediately abandon data in their input buffer if a TCP-RST is received - meaning the alert data itself gets ditched. Sending a TCP-FIN before the TCP-RST seems to avoid this. This was causing test failures in MSYS2 builds. Reviewed-by:
-
- Sep 07, 2017
-
-
Rich Salz authored
Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4326)
-
Benjamin Kaduk authored
The extensions not sent when TLS 1.2 is not used caused the message length to be 109, which is less than the 127 threshold needed to activate the F5 workaround. Add another 20 bytes of dummy ALPN data do push it over the threshold. Also, fix the definition of the (unused) local macro indicating the threshold. Reviewed-by:
-
Benjamin Kaduk authored
In OpenSSL 1.1.0, when there were no extensions added to the ServerHello, we did not write the extension data length bytes to the end of the ServerHello; this is needed for compatibility with old client implementations that do not support TLS extensions (such as the default configuration of OpenSSL 0.9.8). When ServerHello extension construction was converted to the new extensions framework in commit 7da160b0 , this behavior was inadvertently limited to cases when SSLv3 was negotiated (and similarly for ClientHellos), presumably since extensions are not defined at all for SSLv3. However, extensions for TLS prior to TLS 1.3 have been defined in separate RFCs (6066, 4366, and 3546) from the TLS protocol specifications, and as such should be considered an optional protocol feature in those cases. Accordingly, be conservative in what we send, and skip the extensions block when there are no extensions to be sent, regardless of the TLS/SSL version. (TLS 1.3 requires extensions and can safely be treated differently.) Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- Sep 06, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Alfred E. Heggestad authored
Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4011)
-
- Sep 05, 2017
-
-
Richard Levitte authored
This quiets down complaints about the use of uninitialised memory [extended tests] Reviewed-by:
-
- Sep 04, 2017
-
-
Matt Caswell authored
clienthellotest tries to fill out the size of the ClientHello by adding extra ciphersuites in order to test the padding extension. This is unreliable because they are very dependent on configuration options. If we add too much data the test will fail! We were already also adding some dummy ALPN protocols to pad out the size, and it turns out that this is sufficient just in itself, so drop the extra ciphersuites. Reviewed-by:
-
Matt Caswell authored
The padding extension should always be at least 1 byte long Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
- Sep 03, 2017
-
-
Pauli authored
[extended tests] Reviewed-by:
-
Richard Levitte authored
Some URIs get "mistreated" (converted) by the MSYS run-time. Unfortunately, avoiding this conversion doesn't help either. http://www.mingw.org/wiki/Posix_path_conversion Fixes #4314 Reviewed-by:Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4322)
-
- Sep 02, 2017
-
-
Rich Salz authored
Reviewed-by:
-
Andy Polyakov authored
Addresses GH#2167. Reviewed-by:
-
Andy Polyakov authored
Ironically enough not all installations get Module::Load::Conditional installed by default... [It's a bit half-hearted, because such installations are likely to lack more stuffi that is needed, but nevertheless, it proved to be helpful.] Reviewed-by:
-
Rich Salz authored
Deprecated functions are still documented. Put HISTORY after SEE ALSO; add HISTORY to BN_zero Reviewed-by:
-
- Sep 01, 2017
-
-
Richard Levitte authored
Reviewed-by:
-
Benjamin Kaduk authored
If the server_name extension is long enough to require two bytes to hold the length of either field, the test suite would not decode the length properly. Using the PACKET_ APIs would have avoided this, but it was desired to avoid using private APIs in this part of the test suite, to keep ourselves honest. Reviewed-by:
-
Benjamin Kaduk authored
The include search path was not picking up files in the root of the tree. [extended tests] Reviewed-by:
-
Benjamin Kaduk authored
This function is really emulating what would happen in client mode, and does not necessarily reflect what is usable for a server SSL. Make this a bit more explicit, and do some wordsmithing while here. Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Andy Polyakov authored
OPENSSL_ia32cap.pod discusses possibility to disable operations on XMM register bank. This formally means that this flag has to be checked in combination with other flags. But it customarily isn't. But instead of chasing all the cases we can flip more bits together with FXSR one. Reviewed-by:
-
Andy Polyakov authored
Reviewed-by:
-
Andy Polyakov authored
This is actually not all warnings, only return values. Reviewed-by:
-
- Aug 31, 2017
-
-
Pauli authored
Move struct timeval includes into e_os.h (where the Windows ones were). Enaure that the include is guarded canonically. Refer #4271 Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4313)
-
Rich Salz authored
Reviewed-by:
-
Richard Levitte authored
The program will fail to run if it doesn't exist anyway, no need to check its existence here. Fixes #4306 Reviewed-by:
-
Richard Levitte authored
When parsing the header files, mkdef.pl didn't clear the line terminator properly. In most cases, this didn't matter, but there were moments when this caused parsing errors (such as CRLFs in certain cases). Fixes #4267 Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
Matt Caswell authored
Reviewed-by:
-
