| #
0800318a |
| 24-May-2021 |
Tomas Mraz |
Deprecate old style BIO callback calls
New style BIO_debug_callback_ex() function added to provide
replacement for BIO_debug_callback().
Reviewed-by: Paul Dale <pauli@openssl.or
Deprecate old style BIO callback calls
New style BIO_debug_callback_ex() function added to provide
replacement for BIO_debug_callback().
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15440)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17 |
|
| #
359efeac |
| 17-May-2021 |
Dr. David von Oheimb |
DOC: Fix nits found by new check on SYNOPSIS and OPTIONS consistency
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15299)
|
| #
9be5f9a8 |
| 17-May-2021 |
Dr. David von Oheimb |
Move ossl_sleep() to e_os.h and use it in apps
Fixes #15304
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://githu
Move ossl_sleep() to e_os.h and use it in apps
Fixes #15304
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15308)
show more ...
|
| #
80a4ac57 |
| 12-May-2021 |
Dr. David von Oheimb |
apps/s_server: Add -proxy and -no_proxy options
Strongly related to feature request #6965
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope
apps/s_server: Add -proxy and -no_proxy options
Strongly related to feature request #6965
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)
show more ...
|
| #
88d96983 |
| 12-May-2021 |
Dr. David von Oheimb |
apps/ocsp: Add -proxy and -no_proxy options
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)
|
| #
55373bfd |
| 06-May-2021 |
Rich Salz |
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION
Add -client_renegotiation flag support. The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.
Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.
Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha16 |
|
| #
d382e796 |
| 30-Apr-2021 |
Tomas Mraz |
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
Th
Make the -inform option to be respected if possible
Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.
The input type format is enforced only in case the file
type file store is used.
By default we use FORMAT_UNDEF meaning the input type
is not enforced.
Fixes #14569
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
show more ...
|
| #
b0f96018 |
| 01-May-2021 |
Dr. David von Oheimb |
APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
|
| #
e9d62da6 |
| 28-Apr-2021 |
Shane Lontis |
Fix CRL app so that stdin works.
Fixes #15031
The maybe_stdin needed to be passed to load_key_certs_crls().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Pau
Fix CRL app so that stdin works.
Fixes #15031
The maybe_stdin needed to be passed to load_key_certs_crls().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15058)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
| #
3ad60309 |
| 03-Apr-2021 |
Dr. David von Oheimb |
APPS: make apps strict on app_RAND_load() and app_RAND_write() failure
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14840)
|
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
ea51096e |
| 05-Mar-2021 |
Tomas Mraz |
apps: Add maybe_stdin argument to load_certs and set it in pkcs12
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://
apps: Add maybe_stdin argument to load_certs and set it in pkcs12
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14449)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
| #
7932982b |
| 28-Jan-2021 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components
Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag]
by optionally providing any userinfo, query
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components
Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag]
by optionally providing any userinfo, query, and frag components.
All usages of this function, which are client-only,
silently ignore userinfo and frag components,
while the query component is taken as part of the path.
Update and extend the unit tests and all affected documentation.
Document and deprecat OCSP_parse_url().
Fixes an issue that came up when discussing FR #14001.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14009)
show more ...
|
| #
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
|
| #
574ca403 |
| 15-Feb-2021 |
Petr Gotthard |
Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client
The `openssl s_server` and `openssl s_client` currently ignore
the `-propquery` parameter. Fix patch fixes this.
Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client
The `openssl s_server` and `openssl s_client` currently ignore
the `-propquery` parameter. Fix patch fixes this.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14195)
show more ...
|
| #
6d2a1eff |
| 05-Feb-2021 |
Matt Caswell |
Deprecate the low level SRP APIs
The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.
Deprecate the low level SRP APIs
The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.
This could be added in a future release.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
show more ...
|
| #
51e5df0e |
| 08-Feb-2021 |
Rich Salz |
Load rand state after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Load rand state after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
| #
3a1ee3c1 |
| 17-Dec-2020 |
Richard Levitte |
Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.
Reviewed-by: Tomas Mraz <tmraz@fedor
Drop OPENSSL_NO_RSA everywhere
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i |
|
| #
c2403f36 |
| 02-Dec-2020 |
Richard Levitte |
Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
The apps, the CMS library and the X.509 library are primarly affected.
Reviewed-by: Tomas Mraz <tmraz@fedo
Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC
The apps, the CMS library and the X.509 library are primarly affected.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)
show more ...
|
| #
021410ea |
| 28-Nov-2020 |
Rich Salz |
Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent
Check non-option arguments
Make sure all commands check to see if there are any "extra" arguments
after the options, and print an error if so.
Made all error messages consistent (which is to say, minimal).
Fixes: #13527
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13563)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
| #
9c73e48a |
| 14-Dec-2017 |
David von Oheimb |
Minor cleanup of error output for various apps
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)
|
| #
13c45372 |
| 16-Oct-2020 |
Matt Caswell |
Only disabled what we need to in a no-dh build
no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quit
Only disabled what we need to in a no-dh build
no-dh disables the low level API for DH. However, since we're now using
the high level EVP API in most places we don't need to disable quite so
much.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
| #
163f6dc1 |
| 15-Oct-2020 |
Matt Caswell |
Implement a replacement for SSL_set_tmp_dh()
The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function
Implement a replacement for SSL_set_tmp_dh()
The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
| #
9912be1b |
| 14-Oct-2020 |
Matt Caswell |
Remove deprecated functionality from s_server
This will be added back in by a later commit
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/ope
Remove deprecated functionality from s_server
This will be added back in by a later commit
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
show more ...
|
| #
22dddfb9 |
| 24-Oct-2020 |
Richard Levitte |
APPS: Remove the format argument where it's not used
Also, restore a behaviour change, where load_cert() would look at
stdin when the input file name is NULL, and make sure to call
l
APPS: Remove the format argument where it's not used
Also, restore a behaviour change, where load_cert() would look at
stdin when the input file name is NULL, and make sure to call
load_cert_pass() with a corresponding argument where load_cert() was
used in OpenSSL 1.1.1.
Fixes #13235
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13236)
show more ...
|
| #
50eb2a50 |
| 16-Sep-2020 |
Dr. David von Oheimb |
load_key_certs_crls(): Restore output of fatal errors
Also improve credentials loading diagnostics for many apps.
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.
load_key_certs_crls(): Restore output of fatal errors
Also improve credentials loading diagnostics for many apps.
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
show more ...
|
