- Feb 10, 2015
-
-
Matt Caswell authored
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as required to fix Qt for OpenSSL 1.1.0. I have also added the former in order to determine whether a ticket is present or not - otherwise it is difficult to know whether a zero lifetime hint is because the server set it to 0, or because there is no ticket. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
From RFC4507: "The ticket_lifetime_hint field contains a hint from the server about how long the ticket should be stored. The value indicates the lifetime in seconds as a 32-bit unsigned integer in network byte order." Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Print usage message. Print expected and got values if mismatch. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Emilia Kasper authored
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion and result in a negative return value, which the "x509 -checkhost" command-line option incorrectly interpreted as success. Also update X509_check_host docs to reflect reality. Thanks to Sean Burford (Google) for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
./config --strict-warnings enable-deprecated Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Mark them as such with OPENSSL_USE_DEPRECATED Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in --strict-warnings as well this means you cannot combine enable-deprecated with --strict-warnings. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 09, 2015
-
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Andy Polyakov authored
- SIGSEGV/ILL in CCM (RT#3688); - SIGBUS in OCB; Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 08, 2015
-
-
Rich Salz authored
This is a final pass looking for '#if 0'/'#if 1' controls and removing the appropriate pieces. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Feb 07, 2015
-
-
Matt Caswell authored
There is no mechanism to do that at the moment - SSL_set_bio makes changes to the wbio even if you pass in SSL_get_wbio(). This commit introduces two new API functions SSL_set_rbio() and SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable you to manage the rbio and wbio individually. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 06, 2015
-
-
Rich Salz authored
Remove ui_compat.h from Makefile dependencies And from two VMS build/install scripts. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
This is the last of the old DES API. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Unused type; a pair X509 certificates. Intended for LDAP support. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
For code bracketed by "#if 1" then remove the alternate "#else .. #endif" lines. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
The mkstack.pl script now generates the entire safestack.h file. It generates output that follows the coding style. Also, removed all instances of the obsolete IMPLEMENT_STACK_OF macro. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Disabling HMAC doesn't work. If it did it would end up disabling a lot of OpenSSL functionality (it is required for all versions of TLS for example). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
This is an ancient bug workaround for Netscape clients. The documentation talks about versions 3.x and 4.x beta. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Feb 05, 2015
-
-
Rich Salz authored
Use memset() not inline code. Compilers are smarter now. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
A few minor cleanups to remove pre-processor "#if 1" stuff. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Feb 04, 2015
-
-
Rich Salz authored
TABLE wasn't updated from a previous Configure change Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl Makefile install_sw referenced file doc/openssl-shared.txt (RT3686) Needed to run 'make update' because - Various old code has been removed - Varous old #ifdef tests were removed Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-