| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
d6e7ebba |
| 26-Jun-2023 |
Hugo Landau |
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
show more ...
|
| #
82a2beca |
| 16-Jan-2023 |
Hugo Landau |
QUIC SSL: Prohibit early data functionailty
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(M
QUIC SSL: Prohibit early data functionailty
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
| #
8c1cbc72 |
| 29-Jun-2020 |
Gustaf Neumann |
Fix typos and repeated words
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht
Fix typos and repeated words
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
| #
00c405b3 |
| 04-Jun-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)
|
|
Revision tags: openssl-3.0.0-alpha2 |
|
| #
b2a5001d |
| 13-May-2020 |
raja-ashok |
Update early data exchange scenarios in doc
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/1
Update early data exchange scenarios in doc
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
| #
6e4618a0 |
| 04-Oct-2019 |
Rich Salz |
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two reference
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
show more ...
|
| #
9c0586d5 |
| 27-Sep-2019 |
Rich Salz |
Fix errors found by new find-doc-nits
Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.
Reviewed-by: Richard Levitte <levitte@openssl
Fix errors found by new find-doc-nits
Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10023)
show more ...
|
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
df443918 |
| 31-Jan-2019 |
Sam Roberts |
Remove unnecessary trailing whitespace
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.
Trailing whitespa
Remove unnecessary trailing whitespace
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.
Trailing whitespace remains in test data and external source.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)
show more ...
|
| #
4746f25a |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in doc/man3/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/78
Following the license change, modify the boilerplates in doc/man3/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)
show more ...
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
| #
b5cd751c |
| 18-Jul-2018 |
Matt Caswell |
Add a note about aborts encountered while sending early_data
In some circumstances it is possible for a client to have a session
reporting a max early data value that is greater than the
Add a note about aborts encountered while sending early_data
In some circumstances it is possible for a client to have a session
reporting a max early data value that is greater than the server will
support. In such cases the client could encounter an aborted connection.
Fixes #6735
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6740)
show more ...
|
| #
2ce71b60 |
| 05-Jul-2018 |
Matt Caswell |
Document SSL_CTX_set_recv_max_early_data() etc
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6655)
|
|
Revision tags: OpenSSL_1_1_1-pre8 |
|
| #
dc7a3543 |
| 07-Jun-2018 |
Matt Caswell |
Document the new early data callback and option
Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-b
Document the new early data callback and option
Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6469)
show more ...
|
| #
41145c35 |
| 22-Jun-2018 |
Matt Caswell |
Document changes to SSL_OP_NO_TICKET for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/
Document changes to SSL_OP_NO_TICKET for TLSv1.3
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6563)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
| #
b0edda11 |
| 20-Mar-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)
|
| #
8a5ed9dc |
| 19-Mar-2018 |
Tomas Mraz |
Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.
Reviewed-by: Tim Hud
Apply system_default configuration on SSL_CTX_new().
When SSL_CTX is created preinitialize it with system default
configuration from system_default section.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)
show more ...
|
| #
d2d67a4c |
| 16-Mar-2018 |
Matt Caswell |
Document the replay protection capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
|
| #
c39e4048 |
| 28-Feb-2018 |
Benjamin Kaduk |
Do not set a nonzero default max_early_data
When early data support was first added, this seemed like a good
idea, as it would allow applications to just add SSL_read_early_data()
ca
Do not set a nonzero default max_early_data
When early data support was first added, this seemed like a good
idea, as it would allow applications to just add SSL_read_early_data()
calls as needed and have things "Just Work". However, for applications
that do not use TLS 1.3 early data, there is a negative side effect.
Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects
derived from it) means that when generating a session ticket,
tls_construct_stoc_early_data() will indicate to the client that
the server supports early data. This is true, in that the implementation
of TLS 1.3 (i.e., OpenSSL) does support early data, but does not
necessarily indicate that the server application supports early data,
when the default value is nonzero. In this case a well-intentioned
client would send early data along with its resumption attempt, which
would then be ignored by the server application, a waste of network
bandwidth.
Since, in order to successfully use TLS 1.3 early data, the application
must introduce calls to SSL_read_early_data(), it is not much additional
burden to require that the application also calls
SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing
so closes this scenario where early data packets would be sent on
the wire but ignored.
Update SSL_read_early_data.pod accordingly, and make s_server and
our test programs into applications that are compliant with the new
requirements on applications that use early data.
Fixes #4725
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5483)
show more ...
|
|
Revision tags: OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
| #
c6a623ad |
| 27-Dec-2017 |
Matt Caswell |
Update the documentation for SSL_write_early_data()
Now that we attempt to send early data in the first TCP packet along with
the ClientHello, the documentation for SSL_write_early_data(
Update the documentation for SSL_write_early_data()
Now that we attempt to send early data in the first TCP packet along with
the ClientHello, the documentation for SSL_write_early_data() needed a
tweak.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4802)
show more ...
|
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
f4411faa |
| 10-Sep-2017 |
FdaSilvaYY |
Various typo
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4457)
|
| #
0ef28021 |
| 31-Aug-2017 |
Matt Caswell |
Various review fixes for PSK early_data support
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
|
| #
e17e1df7 |
| 13-Jul-2017 |
Matt Caswell |
Add documentation for SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
|
| #
0299f3f7 |
| 18-Jul-2017 |
Matt Caswell |
Add some performance notes about early data
In particular add information about the effect of Nagle's algorithm on
early data.
Fixes #3906
Reviewed-by: Ben Kaduk <kaduk
Add some performance notes about early data
In particular add information about the effect of Nagle's algorithm on
early data.
Fixes #3906
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3955)
show more ...
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f |
|
| #
27b138e9 |
| 19-May-2017 |
Josh Soref |
Fix spelling errors in manpages
spelling: algorithm
spelling: anyway
spelling: assigned
spelling: authenticated
spelling: callback
spelling: certificate
spelling: com
Fix spelling errors in manpages
spelling: algorithm
spelling: anyway
spelling: assigned
spelling: authenticated
spelling: callback
spelling: certificate
spelling: compatibility
spelling: configuration
spelling: digest
spelling: encrypted
spelling: function
spelling: output
spelling: receive
spelling: renegotiation
spelling: signing
spelling: similar
spelling: string
(Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3580)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_16 |
|
| #
a8e75d56 |
| 30-Mar-2017 |
Kazuki Yamaguchi |
Fix a typo in the SSL_get_max_early_data() declarations
SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed
Fix a typo in the SSL_get_max_early_data() declarations
SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)
show more ...
|
