#
c80149d9 |
| 20-Jun-2017 |
Rich Salz |
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/o
Merge Nokia copyright notice into standard This is done with the kind permission of Nokia. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3722)
show more ...
|
Revision tags: OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6, OpenSSL-fips-2_0_13 |
|
#
729ef856 |
| 05-Jun-2016 |
Cory Benfield |
s_client accepts host/port as positional argument. This allows the user to provide the target host and optional port to openssl s_client as an optional positional argument, rather than a
s_client accepts host/port as positional argument. This allows the user to provide the target host and optional port to openssl s_client as an optional positional argument, rather than as the argument to the -connect flag. This rationalises the user experience of s_client: given that the only logical purpose of s_client is to connect to a host, it is difficult to understand why there is an (effectively mandatory) command option to pass to make that happen. This patch forbids providing *both* -connect and the positional argument, because it would likely be too difficult to reconcile. Otherwise, using the positional argument behaves exactly the same as using -connect does. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1171)
show more ...
|
#
837f87c2 |
| 16-Jun-2017 |
Paul Yang |
Forbid to specify -nextprotoneg if -tls1_3 is enabled This applies both to s_client and s_server app. Reaction to Issue #3665. Signed-off-by: Paul Yang <paulyang.inf@gmail.
Forbid to specify -nextprotoneg if -tls1_3 is enabled This applies both to s_client and s_server app. Reaction to Issue #3665. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3697)
show more ...
|
#
481afe2a |
| 13-Jun-2017 |
Paul Yang |
Make SNI behavior more clear in s_client doc & help Update s_client -help and pod file. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Andy Polyakov <appro@
Make SNI behavior more clear in s_client doc & help Update s_client -help and pod file. Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3654)
show more ...
|
#
2234212c |
| 12-Jun-2017 |
Paul Yang |
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com>
Clean up a bundle of codingstyle stuff in apps directory Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
show more ...
|
#
3dce1099 |
| 08-Jun-2017 |
Rich Salz |
Fix possible memory over-read in apps/s_client.c a buffer returned from BIO_gets is not checked for it's length before reading its contents. Reviewed-by: Ben Kaduk <kaduk@mit.ed
Fix possible memory over-read in apps/s_client.c a buffer returned from BIO_gets is not checked for it's length before reading its contents. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3630)
show more ...
|
#
a2d9cfba |
| 13-May-2017 |
Keigo Tanaka |
Added mysql as starttls protocol. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3456)
|
#
36b2cfb1 |
| 07-Apr-2017 |
FdaSilvaYY |
Add checks on return code when applying some settings. Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
Add checks on return code when applying some settings. Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
show more ...
|
#
67887855 |
| 07-Apr-2017 |
FdaSilvaYY |
Output prog name within error message Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
Output prog name within error message Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
show more ...
|
#
28e5ea88 |
| 06-Apr-2017 |
FdaSilvaYY |
Add a 'max_send_frag' option to configure maximum size of send fragments Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richar
Add a 'max_send_frag' option to configure maximum size of send fragments Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
show more ...
|
#
9ff2cebf |
| 26-Apr-2017 |
Todd Short |
Fix s_client when no-dtls Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3344)
|
#
f2150cd7 |
| 27-Apr-2017 |
Rich Salz |
Remove (broken) diagnostic print Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3336)
|
#
11ba87f2 |
| 13-Feb-2017 |
Matt Caswell |
Ensure s_client sends an SNI extension by default Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit ch
Ensure s_client sends an SNI extension by default Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
show more ...
|
#
b5c4209b |
| 25-Apr-2017 |
Dmitry Belyavskiy |
Switch command-line utils to new nameopt API. The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO
Switch command-line utils to new nameopt API. The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3262)
show more ...
|
#
8ccc2377 |
| 20-Apr-2017 |
Matt Caswell |
Add a -sctp option to s_client Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3286)
|
#
5969a2dd |
| 31-Mar-2017 |
Dr. Stephen Henson |
Print CA names in s_server, add -requestCAfile to s_client Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
|
#
d2add501 |
| 20-Mar-2017 |
Dr. Stephen Henson |
Add requestCAfile option Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
|
#
7d672984 |
| 29-Mar-2017 |
Andy Polyakov |
apps/*.c: switch to platform-neutral format modifiers in BIO_print calls. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
|
#
12557a34 |
| 30-Mar-2017 |
Matt Caswell |
Fix s_client early data indicator s_client was always saying that early_data was rejected even when it was accepted. This was because it was using the wrong test to detect the end of
Fix s_client early data indicator s_client was always saying that early_data was rejected even when it was accepted. This was because it was using the wrong test to detect the end of the handshake. It was using SSL_in_init() which only tells you whether it is currently processing/sending/expecting handshake messages. It should use SSL_is_init_finished() which tells you that no handshake messages are being processed/sent/expected AND we have completed the handshake. In the early data case we are not processing/sending handshake messages and we are expecting early data (not a handshake message) - but the handshake has not yet completed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3090)
show more ...
|
#
96a5d7fd |
| 14-Mar-2017 |
Benjamin Kaduk |
Fix a -Wsign-compare warning Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2940)
|
#
8b0d4242 |
| 02-Mar-2017 |
Andy Polyakov |
apps/s_client.c: harden ldap_ExtendedResponse_parse. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
0665b4ed |
| 02-Mar-2017 |
Matt Caswell |
Rename SSL_write_early() to SSL_write_early_data() This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsal
Rename SSL_write_early() to SSL_write_early_data() This is for consistency with the rest of the API where all the functions are called *early_data*. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
#
ade1e888 |
| 27-Feb-2017 |
Matt Caswell |
Updates to s_server and s_client for the latest early_data API changes Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
0a5ece5b |
| 24-Feb-2017 |
Matt Caswell |
Tighten sanity checks when calling early data functions Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
576eb395 |
| 23-Feb-2017 |
Matt Caswell |
Get s_client to report on whether early data was accepted or not Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|