#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
d6e7ebba |
| 26-Jun-2023 |
Hugo Landau |
Minor fixes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/op
Minor fixes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
show more ...
|
#
82a2beca |
| 16-Jan-2023 |
Hugo Landau |
QUIC SSL: Prohibit early data functionailty Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (M
QUIC SSL: Prohibit early data functionailty Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
8c1cbc72 |
| 29-Jun-2020 |
Gustaf Neumann |
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from ht
Fix typos and repeated words CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12320)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
00c405b3 |
| 04-Jun-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12043)
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
b2a5001d |
| 13-May-2020 |
raja-ashok |
Update early data exchange scenarios in doc Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/1
Update early data exchange scenarios in doc Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816)
show more ...
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
6e4618a0 |
| 04-Oct-2019 |
Rich Salz |
Fix L<> entries without sections Add sections (almost always "(3)" to L<> references that were missing them. Among other things, this Fixes: #10226 Also remove two reference
Fix L<> entries without sections Add sections (almost always "(3)" to L<> references that were missing them. Among other things, this Fixes: #10226 Also remove two references to non-existant manpages that have never existed, and with the 3.0 structure, are unlikely to do so. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10240)
show more ...
|
#
9c0586d5 |
| 27-Sep-2019 |
Rich Salz |
Fix errors found by new find-doc-nits Also patch find-doc-nits to ignore a Microsoft trademark and not flag it as a spelling error. Reviewed-by: Richard Levitte <levitte@openssl
Fix errors found by new find-doc-nits Also patch find-doc-nits to ignore a Microsoft trademark and not flag it as a spelling error. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10023)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
df443918 |
| 31-Jan-2019 |
Sam Roberts |
Remove unnecessary trailing whitespace Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespa
Remove unnecessary trailing whitespace Trim trailing whitespace. It doesn't match OpenSSL coding standards, AFAICT, and it can cause problems with git tooling. Trailing whitespace remains in test data and external source. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8092)
show more ...
|
#
4746f25a |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/78
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7829)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
b5cd751c |
| 18-Jul-2018 |
Matt Caswell |
Add a note about aborts encountered while sending early_data In some circumstances it is possible for a client to have a session reporting a max early data value that is greater than the
Add a note about aborts encountered while sending early_data In some circumstances it is possible for a client to have a session reporting a max early data value that is greater than the server will support. In such cases the client could encounter an aborted connection. Fixes #6735 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6740)
show more ...
|
#
2ce71b60 |
| 05-Jul-2018 |
Matt Caswell |
Document SSL_CTX_set_recv_max_early_data() etc Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6655)
|
Revision tags: OpenSSL_1_1_1-pre8 |
|
#
dc7a3543 |
| 07-Jun-2018 |
Matt Caswell |
Document the new early data callback and option Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb() Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-b
Document the new early data callback and option Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb() Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
show more ...
|
#
41145c35 |
| 22-Jun-2018 |
Matt Caswell |
Document changes to SSL_OP_NO_TICKET for TLSv1.3 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/
Document changes to SSL_OP_NO_TICKET for TLSv1.3 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3 |
|
#
b0edda11 |
| 20-Mar-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
|
#
8a5ed9dc |
| 19-Mar-2018 |
Tomas Mraz |
Apply system_default configuration on SSL_CTX_new(). When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: Tim Hud
Apply system_default configuration on SSL_CTX_new(). When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4848)
show more ...
|
#
d2d67a4c |
| 16-Mar-2018 |
Matt Caswell |
Document the replay protection capabilities Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
|
#
c39e4048 |
| 28-Feb-2018 |
Benjamin Kaduk |
Do not set a nonzero default max_early_data When early data support was first added, this seemed like a good idea, as it would allow applications to just add SSL_read_early_data() ca
Do not set a nonzero default max_early_data When early data support was first added, this seemed like a good idea, as it would allow applications to just add SSL_read_early_data() calls as needed and have things "Just Work". However, for applications that do not use TLS 1.3 early data, there is a negative side effect. Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects derived from it) means that when generating a session ticket, tls_construct_stoc_early_data() will indicate to the client that the server supports early data. This is true, in that the implementation of TLS 1.3 (i.e., OpenSSL) does support early data, but does not necessarily indicate that the server application supports early data, when the default value is nonzero. In this case a well-intentioned client would send early data along with its resumption attempt, which would then be ignored by the server application, a waste of network bandwidth. Since, in order to successfully use TLS 1.3 early data, the application must introduce calls to SSL_read_early_data(), it is not much additional burden to require that the application also calls SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing so closes this scenario where early data packets would be sent on the wire but ignored. Update SSL_read_early_data.pod accordingly, and make s_server and our test programs into applications that are compliant with the new requirements on applications that use early data. Fixes #4725 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5483)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
c6a623ad |
| 27-Dec-2017 |
Matt Caswell |
Update the documentation for SSL_write_early_data() Now that we attempt to send early data in the first TCP packet along with the ClientHello, the documentation for SSL_write_early_data(
Update the documentation for SSL_write_early_data() Now that we attempt to send early data in the first TCP packet along with the ClientHello, the documentation for SSL_write_early_data() needed a tweak. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
show more ...
|
Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
f4411faa |
| 10-Sep-2017 |
FdaSilvaYY |
Various typo Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
|
#
0ef28021 |
| 31-Aug-2017 |
Matt Caswell |
Various review fixes for PSK early_data support Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
|
#
e17e1df7 |
| 13-Jul-2017 |
Matt Caswell |
Add documentation for SSL_SESSION_set_max_early_data() Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
|
#
0299f3f7 |
| 18-Jul-2017 |
Matt Caswell |
Add some performance notes about early data In particular add information about the effect of Nagle's algorithm on early data. Fixes #3906 Reviewed-by: Ben Kaduk <kaduk
Add some performance notes about early data In particular add information about the effect of Nagle's algorithm on early data. Fixes #3906 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3955)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f |
|
#
27b138e9 |
| 19-May-2017 |
Josh Soref |
Fix spelling errors in manpages spelling: algorithm spelling: anyway spelling: assigned spelling: authenticated spelling: callback spelling: certificate spelling: com
Fix spelling errors in manpages spelling: algorithm spelling: anyway spelling: assigned spelling: authenticated spelling: callback spelling: certificate spelling: compatibility spelling: configuration spelling: digest spelling: encrypted spelling: function spelling: output spelling: receive spelling: renegotiation spelling: signing spelling: similar spelling: string (Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3580)
show more ...
|
Revision tags: OpenSSL-fips-2_0_16 |
|
#
a8e75d56 |
| 30-Mar-2017 |
Kazuki Yamaguchi |
Fix a typo in the SSL_get_max_early_data() declarations SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the ticket_early_data_info extension", 2017-02-17) is supposed
Fix a typo in the SSL_get_max_early_data() declarations SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the ticket_early_data_info extension", 2017-02-17) is supposed to take an SSL, but it doesn't. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3113)
show more ...
|