Prepare for 3.0 beta 3

Reviewed-by: Richard Levitte <levitte@openssl.org>

Prepare for release of 3.0 beta 2

Reviewed-by: Richard Levitte <levitte@openssl.org>

tls_process_{client,server}_certificate(): allow verify_callback return > 1

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)

changes: add entry noting the removal of ERR_GET_FUNC()

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16004)

Prepare for 3.0 beta 2

Reviewed-by: Richard Levitte <levitte@openssl.org>

Prepare for release of 3.0 beta 1

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add support for ISO 8601 datetime format

Fixes #5430

Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex wh

Add support for ISO 8601 datetime format

Fixes #5430

Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex which supports the new datetime format using the
flag ASN1_DTFLGS_ISO8601

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14384)

show more ...

changes: fix woring that mentions SHA* one shot functions are deprecated

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>

changes: fix woring that mentions SHA* one shot functions are deprecated

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15668)

show more ...

Remove I_CAN_LIVE_WITH_LNK4049

Fixes #9332

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org

Remove I_CAN_LIVE_WITH_LNK4049

Fixes #9332

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15649)

show more ...

Add NCONF_get_section_names()

And a few additional fixups to make the no-deprecated configuration
to build.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://g

Add NCONF_get_section_names()

And a few additional fixups to make the no-deprecated configuration
to build.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)

show more ...

Make conf_method_st and conf_st deprecated

So they can be made opaque in a future release.

Fixes #15101

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Da

Make conf_method_st and conf_st deprecated

So they can be made opaque in a future release.

Fixes #15101

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15466)

show more ...

Add documentation of the old names kept as alias macros

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_,

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

show more ...

Fix issues found by md-nits

Fixes #15460

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/open

Fix issues found by md-nits

Fixes #15460

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15461)

show more ...

Rework and make DEBUG macros consistent.

Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG.

Rename REF_PRINT to REF_DEBUG for consistency, and add a new
tracing category and use it

Rework and make DEBUG macros consistent.

Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG.

Rename REF_PRINT to REF_DEBUG for consistency, and add a new
tracing category and use it for printing reference counts.

Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG

Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to
be set also.

Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.

Fixes #15357

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15353)

show more ...

Deprecate old style BIO callback calls

New style BIO_debug_callback_ex() function added to provide
replacement for BIO_debug_callback().

Reviewed-by: Paul Dale <pauli@openssl.or

Deprecate old style BIO callback calls

New style BIO_debug_callback_ex() function added to provide
replacement for BIO_debug_callback().

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15440)

show more ...

Add PBKDF1 to the legacy provider

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Add PBKDF1 to the legacy provider

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14326)

show more ...

Prepare for 3.0 beta 1

Reviewed-by: Richard Levitte <levitte@openssl.org>

Prepare for release of 3.0 alpha 17

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add migration guide for 3.0

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14710)

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.

Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)

show more ...

Add a CHANGES entry for fully pluggable groups

Fixes #12283

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lont

Add a CHANGES entry for fully pluggable groups

Fixes #12283

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15282)

show more ...

Slightly reformat ssl.h.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https:

Slightly reformat ssl.h.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15230)

show more ...

HTTP client: Minimal changes that include the improved API

This is a minimal version of pull request #15053 including all the
proposed improvements to the HTTP client API and its documen

HTTP client: Minimal changes that include the improved API

This is a minimal version of pull request #15053 including all the
proposed improvements to the HTTP client API and its documentation
but only those code adaptations strictly needed for it.

The proposed new features include
* support for persistent connections (keep-alive),
* generalization to arbitrary request and response types, and
* support for streaming BIOs for request and response data.

The related API changes include:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15147)

show more ...

Add convenience functions and macros for asymmetric key generation

Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid

Add convenience functions and macros for asymmetric key generation

Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)

show more ...