#
fe004a09 |
| 01-Aug-2024 |
David von Oheimb |
OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openss
OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25010)
show more ...
|
#
322517d8 |
| 06-Dec-2023 |
Matt Caswell |
Fix some invalid use of sscanf sscanf can return -1 on an empty input string. We need to appropriately handle such an invalid case. The instance in OSSL_HTTP_parse_url could cau
Fix some invalid use of sscanf sscanf can return -1 on an empty input string. We need to appropriately handle such an invalid case. The instance in OSSL_HTTP_parse_url could cause an uninitialised read of sizeof(unsigned int) bytes (typically 4). In many cases this uninit read will immediately fail on the following check (i.e. if the read value >65535). If the top 2 bytes of a 4 byte unsigned int are zero then the value will be <=65535 and the uninitialised value will be returned to the caller and could represent arbitrary data on the application stack. The OpenSSL security team has assessed this issue and consider it to be a bug only (i.e. not a CVE). Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/22961)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
ba189e0a |
| 01-Jun-2023 |
Randall S. Becker |
Modified OSSL_parse_url to initialize pport_num to 0. This change is intended to provide some safety for uninitialized stack failures that have appeared in 80-test_cmp_http on NonStop x8
Modified OSSL_parse_url to initialize pport_num to 0. This change is intended to provide some safety for uninitialized stack failures that have appeared in 80-test_cmp_http on NonStop x86 when run in a complex CI/CD Jenkins environment. This change also adds init_pint() to handle the initialization of a pointer to int value. Fixes: #21083 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21109) (cherry picked from commit 45cd2554efc82f8959b4e8ac53bc419b4d5e195a)
show more ...
|
#
e7cbb09f |
| 22-Apr-2023 |
Mukesh Bharsakle |
http proxy handling: Use ossl_safe_getenv() instead of getenv() CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged f
http proxy handling: Use ossl_safe_getenv() instead of getenv() CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20810)
show more ...
|
#
c7340583 |
| 23-Aug-2022 |
FdaSilvaYY |
crypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname
crypto/*: Fix various typos, repeated words, align some spelling to LDP. partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
show more ...
|
#
ab9d67ef |
| 12-Jun-2021 |
Dr. David von Oheimb |
HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c For this reason, export this function, which allows removing http_local.h Reviewed-by: Tomas Mraz <tom
HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.c For this reason, export this function, which allows removing http_local.h Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15764)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
#
79a2bccd |
| 30-Apr-2021 |
Dr. David von Oheimb |
HTTP client: Correct the use of optional proxy URL and its documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15104)
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
bf6aeeb4 |
| 21-Apr-2021 |
Tomas Mraz |
http/http_lib.c: Include stdio.h for sscanf() Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14953)
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
23183791 |
| 08-Mar-2021 |
Dr. David von Oheimb |
OSSL_parse_url(): Improve handling of IPv6 addresses Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14630)
|
#
ebdb5ccc |
| 18-Mar-2021 |
Shane Lontis |
Fix windows build compiler issue. Another case of snprintf() being used. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14600)
|
#
9500c823 |
| 24-Feb-2021 |
Shane Lontis |
Fix misc external ossl_ symbols. Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
|
#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
d546e8e2 |
| 17-Feb-2021 |
Dr. David von Oheimb |
Generalize schmeme parsing of OSSL_HTTP_parse_url() to OSSL_parse_url() Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14009)
|
Revision tags: OpenSSL_1_1_1j |
|
#
7932982b |
| 28-Jan-2021 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14009)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
9311d0c4 |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using ut
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
bde4aa8d |
| 16-Sep-2020 |
Dr. David von Oheimb |
Fix Coverity CID 1466708 - correct pointer calculation in one case Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12894)
|
#
d7fcee3b |
| 03-Sep-2020 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/
OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12786)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f |
|
#
4b1fe471 |
| 25-Mar-2020 |
Dr. David von Oheimb |
HTTP client: make server/proxy and port params more consistent; minor other improvements Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siem
HTTP client: make server/proxy and port params more consistent; minor other improvements Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11404)
show more ...
|
Revision tags: OpenSSL_1_1_1e |
|
#
afe554c2 |
| 19-Feb-2020 |
Dr. David von Oheimb |
Chunk 10 of CMP contribution to OpenSSL: CMP http client and related tests Also improve the generic HTTP client w.r.t. proxy and no_proxy options. Certificate Management Pro
Chunk 10 of CMP contribution to OpenSSL: CMP http client and related tests Also improve the generic HTTP client w.r.t. proxy and no_proxy options. Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11404)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
29f178bd |
| 30-Oct-2019 |
Dr. David von Oheimb |
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests
Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests and responses (ASN.1-encoded and plain) * does not include potentially busy loops when waiting for responses but * makes use of a new timeout mechanism integrated with socket-based BIO * supports the use of HTTP proxies and TLS, including HTTPS over proxies * supports HTTP redirection via codes 301 and 302 for GET requests * returns more useful diagnostics in various error situations Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/, crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
show more ...
|