| #
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
ead44e19 |
| 15-Jan-2024 |
Matt Caswell |
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tom
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23304)
show more ...
|
| #
441b3b7b |
| 11-Jan-2024 |
Akshat Maheshwari |
Fix grammar in documentation
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl
Fix grammar in documentation
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23266)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
19142ef1 |
| 06-Jan-2023 |
Hugo Landau |
QUIC Front End I/O API: Remove __owur from man pages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/
QUIC Front End I/O API: Remove __owur from man pages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
show more ...
|
| #
c572bed9 |
| 14-Nov-2022 |
Hugo Landau |
QUIC CSM: Documentation for new APIs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/197
QUIC CSM: Documentation for new APIs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
show more ...
|
| #
54b40531 |
| 29-Jul-2021 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16176)
|
| #
0c48fda8 |
| 15-Jul-2021 |
yangyangtiantianlonglong |
Add testcases for SSL_key_update() corner case calls
Test that SSL_key_update() is not allowed if there are writes pending.
Test that there is no reset of the packet pointer in ssl3_setu
Add testcases for SSL_key_update() corner case calls
Test that SSL_key_update() is not allowed if there are writes pending.
Test that there is no reset of the packet pointer in ssl3_setup_read_buffer().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16085)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6 |
|
| #
490c8711 |
| 17-Jul-2020 |
Gustaf Neumann |
Align documentation with recommendations of Linux Documentation Project
This change applies the recommendation of the Linux Documentation Project
to the documentation files of OpenSSL. A
Align documentation with recommendations of Linux Documentation Project
This change applies the recommendation of the Linux Documentation Project
to the documentation files of OpenSSL. Additionally, util/find-doc-nits
was updated accordingly.
The change follows a suggestion of mspncp on https://github.com/openssl/openssl/pull/12370
and incoporates the requested changes on the pull request
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12460)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha5 |
|
| #
8c1cbc72 |
| 29-Jun-2020 |
Gustaf Neumann |
Fix typos and repeated words
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht
Fix typos and repeated words
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
| #
00c405b3 |
| 04-Jun-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)
|
|
Revision tags: openssl-3.0.0-alpha2 |
|
| #
09b90e0e |
| 05-May-2020 |
Dmitry Belyavskiy |
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF
Partially fixes #11209.
Before OpenSSL 3.0 in case when peer does not send close_notify,
the behaviour was to set SSL_ERROR_SYSCA
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF
Partially fixes #11209.
Before OpenSSL 3.0 in case when peer does not send close_notify,
the behaviour was to set SSL_ERROR_SYSCALL error with errno 0.
This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores
the old behaviour for compatibility's sake.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11735)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| #
df9fd168 |
| 22-Oct-2018 |
Miquel Ruiz |
Add SSL_shutdown to SSL_get_error's documentation
SSL_shutdown can fail if called during initialization, and in such case, it'll
add an error to the error queue. This adds SSL_shutdown t
Add SSL_shutdown to SSL_get_error's documentation
SSL_shutdown can fail if called during initialization, and in such case, it'll
add an error to the error queue. This adds SSL_shutdown to the list of functions
that should preceed the call to SSL_get_error.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/7465)
show more ...
|
| #
f4800345 |
| 20-Feb-2019 |
Matt Caswell |
Clarify that SSL_shutdown() must not be called after a fatal error
Follow on from CVE-2019-1559
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
fc5ecadd |
| 09-Dec-2018 |
Dr. Matthias St. Pierre |
man: harmonize the various formulations in the HISTORY sections
While stereotyped repetitions are frowned upon in literature, they
serve a useful purpose in manual pages, because it is e
man: harmonize the various formulations in the HISTORY sections
While stereotyped repetitions are frowned upon in literature, they
serve a useful purpose in manual pages, because it is easier for
the user to find certain information if it is always presented in
the same way. For that reason, this commit harmonizes the varying
formulations in the HISTORY section about which functions, flags,
etc. were added in which OpenSSL version.
It also attempts to make the pod files more grep friendly by
avoiding to insert line breaks between the symbol names and the
corresponding version number in which they were introduced
(wherever possible). Some punctuation and typographical errors
were fixed on the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7854)
show more ...
|
| #
4746f25a |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in doc/man3/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/78
Following the license change, modify the boilerplates in doc/man3/
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)
show more ...
|
| #
8e593f0a |
| 11-Sep-2018 |
Kurt Roeckx |
Improve SSL_shutdown() documentation
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #7188
|
|
Revision tags: OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
| #
57fd5170 |
| 13-May-2018 |
Kurt Roeckx |
Improve documentation about reading and writing
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #6240
|
|
Revision tags: OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4 |
|
| #
c4d3c19b |
| 03-Apr-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5851)
|
| #
2f6f913e |
| 31-Mar-2018 |
Kurt Roeckx |
Update documentation on how to close a connection
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
GH: #5823
|
|
Revision tags: OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
| #
a9c0d8be |
| 07-Sep-2017 |
David Benjamin |
Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb.
"Early callback" is a little ambiguous now that early data exists.
Perhaps "ClientHello callback"?
Reviewed-by: Rich
Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb.
"Early callback" is a little ambiguous now that early data exists.
Perhaps "ClientHello callback"?
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4349)
show more ...
|
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
| #
73fb82b7 |
| 02-Mar-2017 |
Rich Salz |
Remove ref to err(7), update copyright.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2825)
|
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
| #
6b1bb98f |
| 23-Jan-2017 |
Benjamin Kaduk |
Add SSL_CTX early callback
Provide a callback interface that gives the application the ability
to adjust the nascent SSL object at the earliest stage of ClientHello
processing, immed
Add SSL_CTX early callback
Provide a callback interface that gives the application the ability
to adjust the nascent SSL object at the earliest stage of ClientHello
processing, immediately after extensions have been collected but
before they have been processed.
This is akin to BoringSSL's "select_certificate_cb" (though it is not
API compatible), and as the name indicates, one major use is to examine
the supplied server name indication and select what certificate to
present to the client. However, it can also be used to make more
sweeping configuration changes to the SSL object according to the
selected server identity and configuration. That may include adjusting
the permitted TLS versions, swapping out the SSL_CTX object (as is
traditionally done in a tlsext_servername_callback), changing the
server's cipher list, and more.
We also wish to allow an early callback to indicate that it needs to perform
additional work asynchronously and resume processing later. To that effect,
refactor the second half of tls_process_client_hello() into a subroutine to be
called at the post-processing stage (including the early callback itself), to
allow the callback to result in remaining in the same work stage for a later
call to succeed. This requires allocating for and storing the CLIENTHELLO_MSG
in the SSL object to be preserved across such calls, but the storage is
reclaimed after ClientHello processing finishes.
Information about the CliehtHello is available to the callback by means of
accessor functions that can only be used from the early callback. This allows
extensions to make use of the existing internal parsing machinery without
exposing structure internals (e.g., of PACKET), so that applications do not
have to write fragile parsing code.
Applications are encouraged to utilize an early callback and not use
a servername_callback, in order to avoid unexpected behavior that
occurs due to the relative order of processing between things like
session resumption and the historical servername callback.
Also tidy up nearby style by removing unnecessary braces around one-line
conditional bodies.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_15 |
|
| #
beacb0f0 |
| 15-Nov-2016 |
Kurt Roeckx |
Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit 4880672a9b41a09a0984b55e219f02a2de7ab75e.
Fixes: #1903
Reviewed-by: Matt Caswell <
Make SSL_read and SSL_write return the old behaviour and document it.
This reverts commit 4880672a9b41a09a0984b55e219f02a2de7ab75e.
Fixes: #1903
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #1931
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_14 |
|
| #
b97fdb57 |
| 11-Nov-2016 |
Richard Levitte |
Fix referenses in section 3 manuals
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1900)
|
