- Aug 26, 2015
-
-
Matt Caswell authored
A DTLS client will abort a handshake if the server attempts to renew the session ticket. This is caused by a state machine discrepancy between DTLS and TLS discovered during the state machine rewrite work. The bug can be demonstrated as follows: Start a DTLS s_server instance: openssl s_server -dtls Start a client and obtain a session but no ticket: openssl s_client -dtls -sess_out session.pem -no_ticket Now start a client reusing the session, but allow a ticket: openssl s_client -dtls -sess_in session.pem The client will abort the handshake. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Aug 25, 2015
-
-
Chris Watts authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Markus Rinne authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Rich Salz authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 24, 2015
-
-
Rich Salz authored
Came up on the mailing list, from Ken Goldman. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Peter Mosmans authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
janpopan authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Add DSA tests. Add tests to verify signatures against public keys. This will also check that a public key is read in correctly. Reviewed-by: Ben Laurie <ben@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Ben Laurie <ben@openssl.org>
-
- Aug 21, 2015
-
-
Rich Salz authored
L<foo|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Aug 17, 2015
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dmitry Belyavsky authored
Add new OIDs for latest GOST updates Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Tim Hudson authored
Submitted by: Eric Young <eay@pobox.com> Reviewed-by: Ben Laurie <ben@openssl.org>
-
Tim Hudson authored
Reviewed-by: Ben Laurie <ben@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Aug 16, 2015
-
-
Rich Salz authored
Best hope of keeping current. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Aug 14, 2015
-
-
Matt Caswell authored
Process CertificateRequest messages using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Use the new PACKET code to process the CKE message Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Process NewSessionTicket messages using the new PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Commit 9ceb2426 (PACKETise ClientHello) broke session tickets by failing to detect the session ticket extension in an incoming ClientHello. This commit fixes the bug. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Clarify and update documention for extra chain certificates. PR#3878. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Aug 13, 2015
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
- select an actual file handle for devnull - do not declare $msgdata twice - SKE records sometimes seem to come without sig - in SKE parsing, use and use $pub_key_len when parsing $pub_key Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Process the Certificate Status message using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Enhance the PACKET code readability, and fix a stale comment. Thanks to Ben Kaduk (bkaduk@akamai.com) for pointing this out. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
The new ClientHello PACKET code is missing a return value check. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Ismo Puustinen authored
Part of RT 3997 Per Ben, just jump to common exit code. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Use the PACKET API to process an incoming server Certificate message. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 12, 2015
-
-
Dr. Stephen Henson authored
PR#3974 PR#3975 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Aug 11, 2015
-
-
Rich Salz authored
This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
When config'd with "sctp" running "make test" causes a seg fault. This is actually due to the way ssltest works - it dives under the covers and frees up BIOs manually and so some BIOs are NULL when the SCTP code does not expect it. The simplest fix is just to add some sanity checks to make sure the BIOs aren't NULL before we use them. This problem occurs in master and 1.0.2. The fix has also been applied to 1.0.1 to keep the code in sync. Reviewed-by: Tim Hudson <tjh@openssl.org>
-