- Jul 20, 2016
-
-
FdaSilvaYY authored
Fix some indentation at the same time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
-
Hannes Magnusson authored
f0e0fd51 added X509_STORE_CTX_set_verify_cb with a typedef'd argument, making the original one redundant. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
-
FdaSilvaYY authored
Fix some code indentation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
-
FdaSilvaYY authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1284)
-
Todd Short authored
There are two failure cases for OCSP_request_add_id(): 1. OCSP_ONEREQ_new() failure, where |cid| is not freed 2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed This changes makes the error behavior consistent, such that |cid| is not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes ownership of |cid| when the function succeeds. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1289)
-
- Jul 19, 2016
-
-
Dr. Stephen Henson authored
RT#4600 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
RT#4610 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Coty Sutherland authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1312)
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
That way, we have a way to check if the init function was successful or not. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Richard Levitte authored
Because pthread_once() takes a function taking no argument and returning nothing, and we want to be able to check if they're successful, we define a few internal macros to get around the issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Rich Salz authored
Update find-doc-nits to find errors in SYNOPSIS (the most common place where they were missing). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
The new fuzzing code broke no-cms Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
- Always process ALPN (previously there was an early return in the certificate status handling) - Don't send a duplicate alert. Previously, both ssl_check_clienthello_tlsext_late and its caller would send an alert. Consolidate alert sending code in the caller. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
mrpre authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1281)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
After the refactor of tls_process_key_exchange(), this commit tidies up some loose ends. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Continuing from the previous commit. Refactor tls_process_key_exchange() to split out into a separate function the ECDHE aspects. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Continuing from the previous commit. Refactor tls_process_key_exchange() to split out into a separate function the DHE aspects. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Continuing from the previous commit. Refactor tls_process_key_exchange() to split out into a separate function the SRP aspects. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The tls_process_key_exchange() function is too long. This commit starts the process of splitting it up by moving the PSK preamble code to a separate function. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The function tls_process_key_exchange() is too long. This commit moves the PSK preamble processing out to a separate function. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Narrow the scope of the local vars in preparation for split up this function. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add some more tests for sessions following on from the previous commit to ensure the callbacks are called when appropriate. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache, e.g. if an alert occurs the session is supposed to be automatically removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
If underlying type is boolean don't check field is NULL. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 18, 2016
-
-
Matt Caswell authored
Don't call strncpy with strlen of the source as the length. Don't call strlen multiple times. Eventually we will want to replace this with a proper PACKET style handling (but for construction of PACKETs instead of just reading them as it is now). For now though this is safe because PSK_MAX_IDENTITY_LEN will always fit into the destination buffer. This addresses an OCAP Audit issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-