- Dec 27, 2015
-
-
Matt Caswell authored
Move all calls of the OCSP callback into one place, rather than repeating it in two different places. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
Describe the usage of the OCSP callback functions on both the client and the server side. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
If a server sends the status_request extension then it may choose to send the CertificateStatus message. However this is optional. We were treating it as mandatory and the connection was failing. Thanks to BoringSSL for reporting this issue. RT#4120 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
Matt Caswell authored
If the client sends a status_request extension in the ClientHello and the server responds with a status_request extension in the ServerHello then normally the server will also later send a CertificateStatus message. However this message is *optional* even if the extensions were sent. This adds a test to ensure that if the extensions are sent then we can still omit the message. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Dec 24, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Dec 23, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Daniel Kahn Gillmor authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> RT: #4192, MR: #1533
-
Roumen Petrov authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #1523
-
Roumen Petrov authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #1522
-
Roumen Petrov authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> RT: #4195, MR: #1521
-
Kurt Roeckx authored
Suggested by David Benjamin Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org> MR: #1520
-
Kurt Roeckx authored
When it's the last item that is removed int_thread_hash == hash and we would still call int_thread_release(&hash) while hash is already freed. So int_thread_release would compare that dangling pointer to NULL which is undefined behaviour. Instead do already what int_thread_release() would do, and make the call do nothing instead. Reviewed-by: Rich Salz <rsalz@openssl.org> RT: #4155, MR: #1519
-
Todd Short authored
When EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt. RT#4197 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
DTLS cookie generation and verification were exact copies of each other save the last few lines. This refactors them to avoid code copying. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
After the recent change to use ossl_inline, builds were failing on some platforms due to a missing usage of "inline". Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 22, 2015
-
-
Dr. Stephen Henson authored
Add macro ossl_inline for use in public headers where a portable inline is required. Change existing inline to use ossl_inline Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
This adds support for SSL/TLS configuration using configuration modules. Sets of command value pairs are store and can be replayed through an SSL_CTX or SSL structure using SSL_CTX_config or SSL_config. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Rename to OPENSSL_mem_debug_{push,pop}. Remove simple calls; keep only calls used in recursive functions. Ensure we always push, to simplify so that we can always pop Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Just like *_clear_free routines. Previously undocumented, used a half-dozen times within OpenSSL source. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Kurt Roeckx authored
Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #1518
-
David Benjamin authored
Found by clang scan-build. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> RT: #4184, MR: #1496
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Dec 21, 2015
-
-
Andy Polyakov authored
(and unify table address calculation in ARMv8 code path). Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Dec 19, 2015
-
-
Matt Caswell authored
Some URLs in the source code ended up getting mangled by indent. This fixes it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca> Reviewed-by: Richard Levitte <levitte@openssl.org>
-