#
8020d79b |
| 11-Mar-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
|
#
7932982b |
| 28-Jan-2021 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14009)
show more ...
|
Revision tags: openssl-3.0.0-alpha10 |
|
#
46949153 |
| 09-Dec-2020 |
Ankita Shetty |
openssl.pod: Fix openSSL options doc Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.ohe
openssl.pod: Fix openSSL options doc Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13651)
show more ...
|
Revision tags: OpenSSL_1_1_1i |
|
#
ac093b3f |
| 27-Nov-2020 |
Ankita Shetty |
openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and Format Options Move detailed doc to specific new files in doc/man1/openssl-*-options.pod Reviewed-by: Tomas
openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and Format Options Move detailed doc to specific new files in doc/man1/openssl-*-options.pod Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13315)
show more ...
|
#
f91d003a |
| 30-Nov-2020 |
Richard Levitte |
APPS: Adapt load_key() and load_pubkey() for the engine: loader These two functions react when the FORMAT_ENGINE format is given, and use the passed ENGINE |e| and the passed key argumen
APPS: Adapt load_key() and load_pubkey() for the engine: loader These two functions react when the FORMAT_ENGINE format is given, and use the passed ENGINE |e| and the passed key argument to form a URI suitable for the engine: loader. Co-authored-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13570)
show more ...
|
Revision tags: openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
d55e4487 |
| 21-Sep-2020 |
Dr. David von Oheimb |
openssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12932)
|
#
2a33470b |
| 16-Aug-2020 |
Dr. David von Oheimb |
Make better use of new load_cert_pass() variant of load_cert() in apps/ allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server Reviewed-by: Richard Levitte
Make better use of new load_cert_pass() variant of load_cert() in apps/ allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
show more ...
|
#
b3c5aadf |
| 14-Aug-2020 |
Dr. David von Oheimb |
apps: make use of OSSL_STORE for generalized certs and CRLs loading Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12647)
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4 |
|
#
0f221d9c |
| 25-Jun-2020 |
Pauli |
apps: document the deprecation of the -engine option Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12226)
|
#
8c1cbc72 |
| 29-Jun-2020 |
Gustaf Neumann |
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from ht
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12320)
show more ...
|
Revision tags: openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
09b90e0e |
| 05-May-2020 |
Dmitry Belyavskiy |
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCA
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCALL error with errno 0. This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores the old behaviour for compatibility's sake. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735)
show more ...
|
#
6d382c74 |
| 06-May-2020 |
Dr. David von Oheimb |
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(
Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
show more ...
|
#
90fc2c26 |
| 02-May-2020 |
Nikolay Morozov |
SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.
SSL_OP_DISABLE_TLSEXT_CA_NAMES option implementation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11709)
show more ...
|
Revision tags: openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
2b264aee |
| 06-Mar-2020 |
Dr. David von Oheimb |
Fix descriptions of credentials and verification options for various apps fix doc of s_client and s_server credentials and verification options fix doc of verification options also for s
Fix descriptions of credentials and verification options for various apps fix doc of s_client and s_server credentials and verification options fix doc of verification options also for s_time, x509, crl, req, ts, and verify correcting and extending texts regarding untrusted and trusted certs, making the order of options in the docs and help texts more consistent, etc. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11273)
show more ...
|
#
cd81ac7b |
| 13-Mar-2020 |
Tianjia Zhang |
apps: support sendfile in s_server when ktls enabled When the -WWW or -HTTP option is specified, s_server can choose to use SSL_sendfile to transmit the file requested by client with
apps: support sendfile in s_server when ktls enabled When the -WWW or -HTTP option is specified, s_server can choose to use SSL_sendfile to transmit the file requested by client with KTLS is enabled, taking full advantage of the performance advantages of Kernel TLS, and adding the '-sendfile' command line parameter to control this behavior. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11318)
show more ...
|
#
6bd4e3f2 |
| 25-Feb-2020 |
Pauli |
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option t
cmdline app: add provider commandline options. Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
8b3efb53 |
| 12-Oct-2019 |
Rich Salz |
Update the SSL/TLS connection options Refactor common flags for SSL/TLS connection options. Update SSL_CONF_cmd.pod to match ordering. Rewrite much of the documentation. Fix
Update the SSL/TLS connection options Refactor common flags for SSL/TLS connection options. Update SSL_CONF_cmd.pod to match ordering. Rewrite much of the documentation. Fixes #10160 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10191)
show more ...
|
#
65718c51 |
| 16-Jan-2020 |
Rich Salz |
Document most missing options Add cmd-nits make target. Listing options should stop when it hits the "parameters" separator. Add missing .pod.in files to doc/man1/build.inf
Document most missing options Add cmd-nits make target. Listing options should stop when it hits the "parameters" separator. Add missing .pod.in files to doc/man1/build.info Tweak find-doc-nits to try openssl-XXX before XXX for POD files and change an error messavge to be more useful. Fix the following pages: ca, cms, crl, dgst, enc, engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand, rehash, req, rsautil, s_server, speed, s_time, sess_id, smime, srp, ts, x509. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873)
show more ...
|
#
21d08b9e |
| 12-Oct-2019 |
Rich Salz |
Update man3/verify documentation, error text Move the x509_V_ERR_xxx definitions from openssl-verify to X509_STORE_CTX_get_error.pod. Add some missing ones. Consistently start with
Update man3/verify documentation, error text Move the x509_V_ERR_xxx definitions from openssl-verify to X509_STORE_CTX_get_error.pod. Add some missing ones. Consistently start with a lowercase letter, unless it's an acronym. Fix some markup mistakes in X509_verify_cert. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10132)
show more ...
|
#
0b3b2b33 |
| 12-Dec-2019 |
Rich Salz |
Better documentation of -www,-WWW,-HTTP flags Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/ope
Better documentation of -www,-WWW,-HTTP flags Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10134)
show more ...
|
#
d4bff20d |
| 12-Oct-2019 |
Rich Salz |
Refactor the tls/dlts version options Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/ope
Refactor the tls/dlts version options Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10134)
show more ...
|
#
018aaeb4 |
| 12-Oct-2019 |
Rich Salz |
Refactor -engine documentation Common wording courtesy Richard Levitte. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Refactor -engine documentation Common wording courtesy Richard Levitte. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10128)
show more ...
|
#
bc24e3ee |
| 25-Oct-2019 |
Rich Salz |
Move -nameopt to openssl.pod Also clarify the description of the options. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> R
Move -nameopt to openssl.pod Also clarify the description of the options. Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10259)
show more ...
|
#
625c781d |
| 31-Oct-2019 |
Rich Salz |
Use a function to generate do-not-edit comment Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/op
Use a function to generate do-not-edit comment Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10316)
show more ...
|