d2i_X509: revert calling X509v3_cache_extensions()

Fixes #13754

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15705)

Windows GitHub CI: Introduce --strict-warnings

This involves making a more comprehensive matrix for the different
architectures we build for.

Reviewed-by: Shane Lontis <shane.lo

Windows GitHub CI: Introduce --strict-warnings

This involves making a more comprehensive matrix for the different
architectures we build for.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)

show more ...

Windows Github CI: test in Windows 2016 as well

This brings an older version of MSVC, which may bring some "interesting"
failures.

Reviewed-by: Shane Lontis <shane.lontis@oracle

Windows Github CI: test in Windows 2016 as well

This brings an older version of MSVC, which may bring some "interesting"
failures.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)

show more ...

Building: Add necessary dependencies for linker scripts and .rc files

These files depend on the data from configdata.pm, so need a dependency
on that one to always be properly updated.

Building: Add necessary dependencies for linker scripts and .rc files

These files depend on the data from configdata.pm, so need a dependency
on that one to always be properly updated. The same goes for .rc files.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15717)

show more ...

Configure: Allow spaces around '=' in all build.info statements

This was allowed already for some statements, but not consistently for all.

Fixes #15684

Reviewed-by: Paul D

Configure: Allow spaces around '=' in all build.info statements

This was allowed already for some statements, but not consistently for all.

Fixes #15684

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15691)

show more ...

Rename OSSL_HTTP_set_request() to OSSL_HTTP_set1_request() for clarity

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15697)

HTTP client: Fix GET request handling when rctx is reused (keep-alive)

This also updates the documentation of OSSL_HTTP_REQ_CTX_set1_req().

Reviewed-by: Tomas Mraz <tomas@openssl.or

HTTP client: Fix GET request handling when rctx is reused (keep-alive)

This also updates the documentation of OSSL_HTTP_REQ_CTX_set1_req().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15697)

show more ...

Add support for ISO 8601 datetime format

Fixes #5430

Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex wh

Add support for ISO 8601 datetime format

Fixes #5430

Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex which supports the new datetime format using the
flag ASN1_DTFLGS_ISO8601

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14384)

show more ...

Update krb5 module and re-enable pkinit tests

pkinit tests were disabled in cd0aca532091de4dfadf2f12b18dd99e9cba7615

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Rev

Update krb5 module and re-enable pkinit tests

pkinit tests were disabled in cd0aca532091de4dfadf2f12b18dd99e9cba7615

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15444)

show more ...

Do not depend on the exact exit failure value of dgst app

On most platforms the EXIT_FAILURE is 1 but on NonStop platform
the EXIT_FAILURE is -1 truncated to 255.

Fixes #15633

Do not depend on the exact exit failure value of dgst app

On most platforms the EXIT_FAILURE is 1 but on NonStop platform
the EXIT_FAILURE is -1 truncated to 255.

Fixes #15633

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15694)

show more ...

Clean away remaining Travis related files

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15692)

fuzz/asn1parse: Use BIO_s_mem() as fallback output

/dev/null is not available everywhere.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/open

fuzz/asn1parse: Use BIO_s_mem() as fallback output

/dev/null is not available everywhere.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)

show more ...

BIO_write_ex: No error only on 0 bytes to write

Fixes #15682

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)

Windows CI: Enable fuzz test in plain build

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)

apps/lib/s_socket.c: Alias getpid with _getpid for _WIN32

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

apps/lib/s_socket.c: Alias getpid with _getpid for _WIN32

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15710)

show more ...

Fix FIPS provider value in docs

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15676)

STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions

The argument order was different on this one.

Fixes #15688

Reviewed-by: Matt Caswell <matt@o

STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions

The argument order was different on this one.

Fixes #15688

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15689)

show more ...

Document that provider name can be a full path

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl

Document that provider name can be a full path

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)

show more ...

dl_name_converter: Avoid unnecessary overallocation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/op

dl_name_converter: Avoid unnecessary overallocation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)

show more ...

ossl_provider_set_module_path: Prevent potential UAF

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/o

ossl_provider_set_module_path: Prevent potential UAF

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)

show more ...

OpenSSL::Test: If __cwd() is to create the directory, do it early

This is to ensure that abs_path() has an existing directory to look at.

Reviewed-by: Tomas Mraz <tomas@openssl.org>

OpenSSL::Test: If __cwd() is to create the directory, do it early

This is to ensure that abs_path() has an existing directory to look at.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15701)

show more ...

Fix s_server app to not report an error when using a non DH certificate.

Fixes #15071

It always tries loading the cert as DH which previously did not produce
an error. The error

Fix s_server app to not report an error when using a non DH certificate.

Fixes #15071

It always tries loading the cert as DH which previously did not produce
an error. The errors are not suppressed for these operations.
The output now matches previous versions of OpenSSL.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15670)

show more ...

OpenSSL::Test: Treat SRCDATA directory specially, as it might not exist

Not all tests come with a SRCDATA directory. if it doesn't exist, we
simply drop it from the internal table of di

OpenSSL::Test: Treat SRCDATA directory specially, as it might not exist

Not all tests come with a SRCDATA directory. if it doesn't exist, we
simply drop it from the internal table of directories.

OpenSSL::Test::srcdata_dir() and OpenSSL::Test::srcdata_file() may
return undef in that case. However, recipes shouldn't try to refer to
a non-existing data directory, so if that happens, it's a programming
error and must be corrected.

Fixes #15679

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15700)

show more ...

doc: fix OSSL_PARAM_BLD pointers in the example

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl

doc: fix OSSL_PARAM_BLD pointers in the example

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15663)

show more ...

store: Avoid spurious error from decoding at EOF

Fixes #15596

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15661)