Skip to content
  1. Mar 27, 2014
    • Dr. Stephen Henson's avatar
      Update chain building function. · e970f63d
      Dr. Stephen Henson authored
      Don't clear verification errors from the error queue unless
      SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.
      
      If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
      is set return 2 so applications can issue warnings.
      (cherry picked from commit 2dd6976f)
      e970f63d
  2. Mar 24, 2014
  3. Mar 19, 2014
  4. Mar 18, 2014
  5. Mar 12, 2014
    • Dr. Stephen Henson's avatar
      Update ordinals. · 14c67a70
      Dr. Stephen Henson authored
      Use a previously unused value as we will be updating multiple released
      branches.
      (cherry picked from commit 0737acd2)
      14c67a70
    • Dr. Stephen Henson's avatar
      Fix for CVE-2014-0076 · f9b6c0ba
      Dr. Stephen Henson authored
      Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
      http://eprint.iacr.org/2014/140
      
      Thanks to Yuval Yarom and Naomi Benger for discovering this
      flaw and to Yuval Yarom for supplying a fix.
      (cherry picked from commit 2198be34)
      
      Conflicts:
      
      	CHANGES
      f9b6c0ba
  6. Mar 10, 2014
  7. Mar 07, 2014
  8. Mar 06, 2014
  9. Mar 03, 2014
  10. Mar 01, 2014
    • Dr. Stephen Henson's avatar
      PKCS#8 support for alternative PRFs. · 5693a308
      Dr. Stephen Henson authored
      Add option to set an alternative to the default hmacWithSHA1 PRF
      for PKCS#8 private key encryptions. This is used automatically
      by PKCS8_encrypt if the nid specified is a PRF.
      
      Add option to pkcs8 utility.
      
      Update docs.
      (cherry picked from commit b60272b0)
      5693a308
    • Dr. Stephen Henson's avatar
      Fix memory leak. · 01757858
      Dr. Stephen Henson authored
      (cherry picked from commit 124d2188)
      01757858
    • Dr. Stephen Henson's avatar
      Add function to free compression methods. · db7b5e0d
      Dr. Stephen Henson authored
      Although the memory allocated by compression methods is fixed and
      cannot grow over time it can cause warnings in some leak checking
      tools. The function SSL_COMP_free_compression_methods() will free
      and zero the list of supported compression methods. This should
      *only* be called in a single threaded context when an application
      is shutting down to avoid interfering with existing contexts
      attempting to look up compression methods.
      (cherry picked from commit 976c5830)
      db7b5e0d
  11. Feb 28, 2014
  12. Feb 27, 2014
  13. Feb 26, 2014
  14. Feb 25, 2014
  15. Feb 24, 2014