- Sep 16, 2013
-
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
Bodo Moeller authored
-
Bodo Moeller authored
Merge branch 'OpenSSL_1_0_2-stable' of /usr/local/google/home/bmoeller/openssl/openssl into OpenSSL_1_0_2-stable
-
Bodo Moeller authored
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
-
Bodo Moeller authored
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
-
- Sep 15, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
PR: 3125 Submitted by: Kyle McMartin (cherry picked from commit 8e52a906)
-
- Sep 14, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 139cd16c)
-
Dr. Stephen Henson authored
-
- Sep 10, 2013
-
-
Ben Laurie authored
-
- Sep 09, 2013
-
-
Andy Polyakov authored
Avoid occasional up to 8% performance drops. (cherry picked from commit 7a1a1223)
-
Andy Polyakov authored
(cherry picked from commit 72a15870)
-
Andy Polyakov authored
This reverts commit 514f1a78.
-
- Sep 08, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit ce455596)
-
Dr. Stephen Henson authored
When verifying a partial path always check to see if the EE certificate is explicitly trusted: the path could contain other untrusted certificates. (cherry picked from commit 52073b76)
-
- Sep 03, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit c3eb3376)
-
- Aug 21, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit b093a06866bf632a97a9a0286e2d08f69c3cf7dd)
-
- Aug 20, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
-
- Aug 19, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit f7ac0ec8)
-
Dr. Stephen Henson authored
Backport of ASN1_TIME_diff and OPENSSL_gmtime_diff functions from master branch.
-
Dr. Stephen Henson authored
(cherry picked from commit 51b9115b)
-
Dr. Stephen Henson authored
is needed to test some profiles/protocols which reject certificates with unsupported versions. (cherry picked from commit df316fd4)
-
Dr. Stephen Henson authored
(cherry picked from commit 96cfba0f)
-
Dr. Stephen Henson authored
(cherry picked from commit 7c8ac505)
-
Dr. Stephen Henson authored
(cherry picked from commit b5cadfb5)
-
Dr. Stephen Henson authored
(cherry picked from commit 68575593)
-
Dr. Stephen Henson authored
just like a "real" server making it easier to trace any problems. (manually applied from commit 35b0ea4e)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit 14536c8c)
-
Dr. Stephen Henson authored
by client and send back to server. Also prints an abbreviated summary of the connection parameters. (cherry picked from commit 4f3df8be)
-
Dr. Stephen Henson authored
New option -verify_quiet to shut up the verify callback unless there is an error. (manually applied from commit 2a7cbe77)
-
- Aug 18, 2013
-
-
Dr. Stephen Henson authored
Preliminary documentation for chain and verify stores and certificate chain setting functions. (cherry picked from commit eeb15452)
-
Dr. Stephen Henson authored
(cherry picked from commit 42082eda)
-
- Aug 13, 2013
-
-
Michael Tuexen authored
This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation. (cherry picked from commit b62f4daa)
-
- Aug 08, 2013
-
-
Michael Tuexen authored
Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake. (cherry picked from commit 0c75eeac)
-
- Aug 06, 2013
-
-
Dr. Stephen Henson authored
PR #3090 Reported by: Franck Youssef <fry@open.ch> If no new reason codes are obtained after checking a CRL exit with an error to avoid repeatedly checking the same CRL. This will only happen if verify errors such as invalid CRL scope are overridden in a callback. (cherry picked from commit 4b26645c)
-
Kaspar Brand authored
PR: 3028 Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys correctly if they appeared first. (cherry picked from commit 5ae8d6bc)
-
- Aug 03, 2013
-
-
Andy Polyakov authored
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by Ard Biesheuvel of Linaro. (cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
-