- May 17, 2016
-
-
Matt Caswell authored
SSL_get_async_wait_fd() was replaced by SSL_get_all_async_fds() and SSL_get_changed_async_fds(). Reviewed-by:Richard Levitte <levitte@openssl.org>
-
- May 16, 2016
-
-
Andy Polyakov authored
Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: -
Matt Caswell authored
Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by:Matt Caswell <matt@openssl.org>
-
Steffan Karger authored
CLA: none; trivial Signed-off-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Rich Salz <rsalz@openssl.org> GH: #1070
-
Kurt Roeckx authored
Reviewed-by: -
TJ Saunders authored
This involves providing more session ticket key data, for both the cipher and the digest Signed-off-by:
-
TJ Saunders authored
Signed-off-by:
-
Dr. Stephen Henson authored
RT#4215 Reviewed-by: -
Richard Levitte authored
The given sizes to not include the final NUL character. RT#2622 Reviewed-by: -
Matt Caswell authored
Workaround an apparent IO:Socket::IP bug where a seemingly valid server socket is being returned even though a valid connection does not exist. This causes the tests to intermittently hang. We additionally check that the peerport looks ok to verify that the returned socket looks usable. Reviewed-by: -
Viktor Dukhovni authored
Document thread-safe lock creation Reviewed-by: -
Richard Levitte authored
RT#2534 Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
RT#2558 Reviewed-by: -
Richard Levitte authored
RT#2616 Reviewed-by: -
Cristian Stoica authored
Some setups use links inside .git directory and make clean should not remove them to avoid breaking git meta-information. Signed-off-by:
Cristian Stoica <cristian.stoica@nxp.com> CLA: none; trivial Reviewed-by:
-
Richard Levitte authored
Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
-
Alessandro Ghedini authored
Reviewed-by:
-
Matt Caswell authored
The previous commit added SSL_CTX_set_tlsext_status_type(). This one adds some documentation for it. Reviewed-by: -
jfigus authored
To allow OCSP stapling to work with libcurl. Github PR #200 Reviewed-by:
-
Kazuki Yamaguchi authored
Since 50932c4a "PACKETise ServerHello processing", ssl_next_proto_validate() incorrectly allows empty protocol name. draft-agl-tls-nextprotoneg-04[1] says "Implementations MUST ensure that the empty string is not included and that no byte strings are truncated." This patch restores the old correct behavior. [1] https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04 Reviewed-by:
-
FdaSilvaYY authored
Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by:
-
Richard Levitte authored
- "/Ox /O2 /Ob2" get's reduced to "/O2", the reason being: /Ox = /Ob2 /Og /Oi /Ot /Oy /Gs /O2 = /Ob2 /Og /Oi /Ot /Oy /Gs /GF /Gy - apps/openssl.cnf gets installed. - always delete files quietly, as they might not be there. Reviewed-by: -
FdaSilvaYY authored
Fix some missing OBJ_dup failure checks. Merged from https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E ! Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
-
- May 14, 2016
-
-
Richard Levitte authored
Reviewed-by: -
FdaSilvaYY authored
Reviewed-by:
-
Alessandro Ghedini authored
The current limit of 2^14 bytes is too low (e.g. RFC 5246 specifies the maximum size of just the extensions field to be 2^16-1), and may cause bogus failures. RT#4063 Reviewed-by:
-
Kirill Marinushkin authored
Currently point to wrong address Signed-off-by:
Kirill Marinushkin <k.marinushkin@gmail.com> Reviewed-by:
-
- May 13, 2016
-
-
Insu Yun authored
check source's kdf_ukm, not destination's use != NULL, instead of implicit checking don't free internal data structure like pkey_rsa_copy() Reviewed-by:
-
Richard Levitte authored
In some cases, perl's glob() thinks it needs to return file names with generation numbers, such as when a file name pattern includes two periods. Constructing other file names by simple appending to file names with generation numbers isn't a good idea, so for the VMS case, just peal the generation numbers if they are there. Fortunately, this is easy, as the returned generation number delimiter will always be a semi-colon. Reviewed-by: -
Matt Caswell authored
If the server does not send a session ticket extension, it should not then send the NewSessionTicket message. If the server sends the session ticket extension, it MUST then send the NewSessionTicket message. Reviewed-by: -
David Benjamin authored
Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by:
-
Dr. Stephen Henson authored
RT#4471 Reviewed-by: -
Dr. Stephen Henson authored
RT#4302 Reviewed-by:Viktor Dukhovni <viktor@openssl.org>
-
Dr. Stephen Henson authored
Fix -signer option in smime utility to output signer certificates when verifying. Add support for format SMIME for -inform and -outform with cms and smime utilities. PR#4215 Reviewed-by:
-
- May 12, 2016
-
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
* Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS. * crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of function names: sock_write, sock_read and sock_puts. * crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write, sock_read and sock_puts are redefined to their private names so their names must be undefined first before they can be redefined again. * crypto/bio/bss_file.c (file_fopen) [__DJGPP__]: Make a copy of the passed file name and replace the leading dots in the dirname part and the basname part of the file name, unless LFN is supported. * e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor FreeDOS provide 'egd' sockets. New macro HAS_LFN_SUPPORT checks if underlying file system supports long file names or not. Include sys/un.h. Define WATT32_NO_OLDIES. * INSTALL.DJGPP: Update URL of WATT-32 library. Submitted by Juan Manuel Guerrero <juan.guerrero@gmx.de> RT#4217 Reviewed-by:Andy Polyakov <appro@openssl.org>
-
