- May 06, 2015
-
-
Dr. Stephen Henson authored
If server requests a certificate, but the client doesn't send one, cache digested records. This is an optimisation and ensures the correct finished mac is used when extended master secret is used with client authentication. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
The file name given to -CAserial might not exist yet. The -CAcreateserial option decides if this is ok or not. Previous to this change, -CAserial was a type '<' option, and in that case, the existence of the file given as argument is tested quite early, and is a failure if it doesn't. With the type 's' option, the argument is just a string that the application can do whatever it wants with. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
This is just to make sure that option is tested on a Unix build. This option is already present in ms/testss.bat, so it's an easy steal. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Add command line switch entries to table and return SSL_CONF_TYPE_NONE for them in SSL_CONF_cmd_value_type. Update docs. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Gunnar Kudrjavets authored
Compiling OpenSSL code with MSVC and /W4 results in a number of warnings. One category of warnings is particularly interesting - C4701 (potentially uninitialized local variable 'name' used). This warning pretty much means that there's a code path which results in uninitialized variables being used or returned. Depending on compiler, its options, OS, values in registers and/or stack, the results can be nondeterministic. Cases like this are very hard to debug so it's rational to fix these issues. This patch contains a set of trivial fixes for all the C4701 warnings (just initializing variables to 0 or NULL or appropriate error code) to make sure that deterministic values will be returned from all the execution paths. RT#3835 Signed-off-by: Matt Caswell <matt@openssl.org> Matt's note: All of these appear to be bogus warnings, i.e. there isn't actually a code path where an unitialised variable could be used - its just that the compiler hasn't been able to figure that out from the logic. So this commit is just about silencing spurious warnings. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
A copy&paste error as a result of the big apps cleanup broke the version specific methods in s_server. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
What could be better than to refer to the RFC that defines it? Reviewed-by: Stephen Henson <steve@openssl.org>
-
- May 05, 2015
-
-
Matt Caswell authored
Fix error in WIN32_rename() introduced by commit b4faea50 . Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Ensure all fatal errors transition into the new error state on the client side. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Ensure all fatal errors transition into the new error state on the server side. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
mancha security authored
Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
mancha security authored
Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Remove dependency on ssl_locl.h from v3_scts.c, and incidentally fix a build problem with kerberos (the dependency meant v3_scts.c was trying to include krb5.h, but without having been passed the relevanant -I flags to the compiler) Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- May 04, 2015
-
-
Rich Salz authored
RLE is a no-op only for testing. Remove it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
If CA.pl is reading from /dev/null, then "chop $FILE" gives a warning. Sigh. Have to add "if $FILE". This just silences a build warning. Thanks to GitHub user andrejs-igumenovs for help with this. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Was memset with wrong sizeof. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Don't do access check on destination directory; it breaks when euid/egid is different from real uid/gid. Reviewed-by: Richard Levitte <levitte@openssl.org> Signed-off-by: Rich Salz <rsalz@akamai.com>
-
Dr. Stephen Henson authored
Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- May 03, 2015
-
-
mancha security authored
Incorrect name used for SSL_AD_INTERNAL_ERROR. Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Alok Menghrajani authored
This is the last of Alok's PR260 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Alok Menghrajani authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Alok Menghrajani authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
https://github.com/openssl/openssl/pull/176 (CHANGES) https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt) https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod) Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Add OSSL_NELEM macro to e_os.h to determine the number of elements in an array. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- May 02, 2015
-
-
Richard Levitte authored
ONEDIRS, EDIRS and WDIRS aren't used anywhere. Most probably remains from a build system of the past, it's time they get put to rest. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Ben Laurie authored
Reviewed-by: Rich Salz
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-