- Jun 25, 2014
-
-
Andy Polyakov authored
-
- Jun 24, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
This is to compensate for higher aes* instruction latency on Cortex-A57.
-
Andy Polyakov authored
-
- Jun 23, 2014
-
-
Viktor Dukhovni authored
-
Viktor Dukhovni authored
-
Viktor Dukhovni authored
Implemented as STACK_OF(OPENSSL_STRING).
-
Viktor Dukhovni authored
-
Viktor Dukhovni authored
-
Viktor Dukhovni authored
-
- Jun 22, 2014
-
-
Viktor Dukhovni authored
Just store NUL-terminated strings. This works better when we add support for multiple hostnames.
-
Viktor Dukhovni authored
-
Miod Vallat authored
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. Bug discovered and fixed by Miod Vallat from the OpenBSD team. PR#3375
-
Matt Caswell authored
This reverts commit abfb989f. Incorrect attribution
-
Matt Caswell authored
-
- Jun 19, 2014
-
-
Matt Caswell authored
-
Hubert Kario authored
cms, ocsp, s_client, s_server and smime tools also use args_verify() for parsing options, that makes them most of the same options verify tool does. Add those options to man pages and reference their explanation in the verify man page.
-
Hubert Kario authored
just making sure the options are listed in the alphabetical order both in SYNOPSIS and DESCRIPTION, no text changes
-
Hubert Kario authored
The options related to policy used for verification, verification of subject names in certificate and certificate chain handling were missing in the verify(1) man page. This fixes this issue.
-
Hubert Kario authored
-CAfile and -CApath is documented in OPTIONS but is missing in SYNOPSIS, add them there
-
Hubert Kario authored
Add -trusted_first description to help messages and man pages of tools that deal with certificate verification.
-
- Jun 17, 2014
-
-
Matt Caswell authored
-
rfkrocktk authored
-
rfkrocktk authored
-
Naftuli Tzvi Kay authored
-
Felix Laurie von Massenbach authored
-
Felix Laurie von Massenbach authored
-
- Jun 16, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jun 14, 2014
-
-
Viktor Dukhovni authored
-
Dr. Stephen Henson authored
Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400
-
Andy Polyakov authored
-
Andy Polyakov authored
PR: 3405
-
Andy Polyakov authored
PR: 3405
-
- Jun 13, 2014
-
-
Matt Caswell authored
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
-
Matt Caswell authored
This reverts commit 2f1dffa8. Missing attribution.
-
- Jun 12, 2014
-
-
Viktor Dukhovni authored
A client reference identity of ".example.com" matches a server certificate presented identity that is any sub-domain of "example.com" (e.g. "www.sub.example.com). With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches only direct child sub-domains (e.g. "www.sub.example.com").
-
Kurt Cancemi authored
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. PR#3375
-
Andy Polyakov authored
Fix SEH and stack handling in Win64 build.
-