Skip to content
  1. May 10, 2017
    • Matt Caswell's avatar
      Copy custom extension flags in a call to SSL_set_SSL_CTX() · c645f9de
      Matt Caswell authored
      
      
      The function SSL_set_SSL_CTX() can be used to swap the SSL_CTX used for
      a connection as part of an SNI callback. One result of this is that the
      s->cert structure is replaced. However this structure contains information
      about any custom extensions that have been loaded. In particular flags are
      set indicating whether a particular extension has been received in the
      ClientHello. By replacing the s->cert structure we lose the custom
      extension flag values, and it appears as if a client has not sent those
      extensions.
      
      SSL_set_SSL_CTX() should copy any flags for custom extensions that appear
      in both the old and the new cert structure.
      
      Fixes #2180
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3426)
      c645f9de
    • Richard Levitte's avatar
      Prefer TAP::Harness over Test::Harness · fbf09642
      Richard Levitte authored
      
      
      TAP:Harness came along in perl 5.10.1, and since we claim to support
      perl 5.10.0 in configuration and testing, we can only load it
      conditionally.
      
      The main reason to use TAP::Harness rather than Test::Harness is its
      capability to merge stdout and stderr output from the test recipes,
      which Test::Harness can't.  The merge gives much more comprehensible
      output when testing verbosely.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3424)
      (cherry picked from commit 76e0d0b2)
      fbf09642
  2. May 09, 2017
  3. May 08, 2017
  4. May 05, 2017
  5. May 04, 2017
  6. May 02, 2017
  7. Apr 30, 2017
  8. Apr 28, 2017
  9. Apr 27, 2017
  10. Apr 26, 2017
  11. Apr 25, 2017
  12. Apr 24, 2017
  13. Apr 23, 2017
  14. Apr 22, 2017
  15. Apr 19, 2017
  16. Apr 18, 2017
  17. Apr 17, 2017
    • Rich Salz's avatar
      Catch EC_R_UNKNOWN_GROUP in check_unsupported() · dca39445
      Rich Salz authored
      
      
      If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to
      an unsupported algorithm/curve (e.g. if binary EC support is disabled).
      
      Before this commit the issue arise for example if binary EC keys are added in
      evptests.txt, and the test is run when EC is enabled but EC2m is disabled.
      
      E.g. adding these lines to evptests.txt would reproduce the issue:
      
      ~~~
      
      PrivateKey=KAS-ECC-CDH_K-163_C0
      -----BEGIN PRIVATE KEY-----
      MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB
      SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA
      Z7icPpo=
      -----END PRIVATE KEY-----
      
      PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC
      -----BEGIN PUBLIC KEY-----
      MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe
      53YiHHK4SzR844PzgGe4nD6a
      -----END PUBLIC KEY-----
      
      PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
      -----BEGIN PUBLIC KEY-----
      MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM
      JRuNoCHLrCgfEj969PrFs9u4
      -----END PUBLIC KEY-----
      
      Derive=KAS-ECC-CDH_K-163_C0
      PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC
      Ctrl=ecdh_cofactor_mode:1
      SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc
      
      ~~~
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3226)
      
      (cherry picked from commit 0c44545c)
      dca39445