| #
5f18bc58 |
| 23-Mar-2016 |
TJ Saunders |
Issue #719:
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks
Issue #719:
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
760f317d |
| 03-Mar-2016 |
Dr. Stephen Henson |
fix no-ec build
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
1db3107a |
| 25-Feb-2016 |
Dr. Stephen Henson |
TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|
| #
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
| #
3aeb9348 |
| 19-Jan-2016 |
Dr. Stephen Henson |
make EVP_PKEY opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
8382fd3a |
| 20-Dec-2015 |
Dr. Stephen Henson |
Use X509_get0_pubkey where appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
bc71f910 |
| 15-Dec-2015 |
Dr. Stephen Henson |
Remove fixed DH ciphersuites.
Remove all fixed DH ciphersuites and associated logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
| #
5f3d93e4 |
| 06-Nov-2015 |
Matt Caswell |
Ensure all EVP calls have their returns checked where appropriate
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the
Ensure all EVP calls have their returns checked where appropriate
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
a974e64a |
| 09-Nov-2015 |
Matt Caswell |
Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NUL
Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.
Reviewed-by: Stephen Henson <steve@openssl.org>
show more ...
|
| #
9982cbbb |
| 30-Sep-2015 |
Rich Salz |
Remove BIO_s_file_internal macro.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
984d6c60 |
| 11-Sep-2015 |
David Woodhouse |
Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h>
Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>
+Replace FILE BIO's with dummy ops that fail.
+Include <stdio.h> for sscanf() even with no-stdio (since the declaration
is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
variable, since it can be larger than a 'long'. And we don't rely on the
availability of strtoull().
+Remove OPENSSL_stderr(); not used.
+Make OPENSSL_showfatal() do nothing (currently without stdio there's
nothing we can do).
+Remove file-based functionality from ssl/. The function
prototypes were already gone, but not the functions themselves.
+Remove unviable conf functionality via SYS_UEFI
+Add fallback definition of BUFSIZ.
+Remove functions taking FILE * from header files.
+Add missing DECLARE_PEM_write_fp_const
+Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
so remove its prototype.
+Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
+Eliminate SRP_VBASE_init() and supporting functions. Users will need to
build the verifier manually instead.
+Eliminate compiler warning for unused do_pk8pkey_fp().
+Disable TEST_ENG_OPENSSL_PKEY.
+Disable GOST engine as is uses [f]printf all over the place.
+Eliminate compiler warning for unused send_fp_chars().
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
fae11ec7 |
| 15-Sep-2015 |
Kurt Roeckx |
Fix return values when adding serverinfo fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1128
|
| #
05f0fb9f |
| 31-Aug-2015 |
Dr. Stephen Henson |
Add X509_up_ref function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b |
|
| #
e481f9b9 |
| 15-May-2015 |
Matt Caswell |
Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSS
Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
4d69f9e6 |
| 18-May-2015 |
Dr. Stephen Henson |
move masks out of CERT structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL-fips-2_0_10 |
|
| #
fae4772c |
| 07-May-2015 |
Dr. Stephen Henson |
Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.
Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.
Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
25aaa98a |
| 01-May-2015 |
Rich Salz |
free NULL cleanup -- coda
After the finale, the "real" final part. :) Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" che
free NULL cleanup -- coda
After the finale, the "real" final part. :) Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
| #
222561fe |
| 30-Apr-2015 |
Rich Salz |
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_fre
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
61986d32 |
| 16-Apr-2015 |
Viktor Dukhovni |
Code style: space after 'if'
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
ca3a82c3 |
| 25-Mar-2015 |
Rich Salz |
free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
| #
69f68237 |
| 06-Mar-2015 |
Matt Caswell |
Fix missing return value checks
Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.
Fix missing return value checks
Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
2c382349 |
| 14-Mar-2015 |
Kurt Roeckx |
Remove ssl_cert_inst()
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can
never be NULL as the comments already said.
Reviewed-by: Dr. Stephen Henson <
Remove ssl_cert_inst()
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can
never be NULL as the comments already said.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
| #
c6ef15c4 |
| 29-Jan-2015 |
Richard Levitte |
clang on Linux x86_64 complains about unreachable code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
| #
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Revision tags: OpenSSL_1_0_2-post-auto-reformat, OpenSSL_0_9_8-post-auto-reformat, OpenSSL_0_9_8-pre-auto-reformat, OpenSSL_1_0_0-post-auto-reformat, OpenSSL_1_0_0-pre-auto-reformat, OpenSSL_1_0_1-post-auto-reformat, OpenSSL_1_0_1-pre-auto-reformat, master-post-reformat, OpenSSL_0_9_8-pre-reformat, OpenSSL_0_9_8ze, OpenSSL_1_0_0-pre-reformat, OpenSSL_1_0_0q, OpenSSL_1_0_1-pre-reformat, OpenSSL_1_0_1l, master-pre-reformat, OpenSSL_1_0_2-pre-reformat, OpenSSL_0_9_8zd, OpenSSL_1_0_0p, OpenSSL_1_0_1k, OpenSSL_0_9_8-post-reformat, OpenSSL-fips-2_0_9, OpenSSL_1_0_1j, OpenSSL_1_0_0o, OpenSSL_0_9_8zc, OpenSSL_1_0_2-beta3, OpenSSL_0_9_8zb, OpenSSL_1_0_0n, OpenSSL_1_0_1i, OpenSSL_1_0_2-beta2, OpenSSL-fips-2_0_8, OpenSSL_1_0_1h, OpenSSL_1_0_0m, OpenSSL_0_9_8za, OpenSSL-fips-2_0_7, OpenSSL_1_0_1g, OpenSSL_1_0_2-beta1, OpenSSL_1_0_0l, OpenSSL_1_0_1f, OpenSSL-fips-2_0_6, OpenSSL-fips-2_0_5, OpenSSL-fips-2_0_4 |
|
| #
e9e688ef |
| 09-Dec-2013 |
Jonas Maebe |
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <ma
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
