- 25 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This is an internal facility, never documented, not for public consumption. Move it into ssl (where it's only used for DTLS). I also made the typedef's for pqueue and pitem follow our style: they name structures, not pointers. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 1月, 2016 1 次提交
-
-
由 Alessandro Ghedini 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 20 1月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Also remove depend/local_depend. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Calling SSL_shutdown while in init previously gave a "1" response, meaning everything was successfully closed down (even though it wasn't). Better is to send our close_notify, but fail when trying to receive one. The problem with doing a shutdown while in the middle of a handshake is that once our close_notify is sent we shouldn't really do anything else (including process handshake/CCS messages) until we've received a close_notify back from the peer. However the peer might send a CCS before acting on our close_notify - so we won't be able to read it because we're not acting on CCS messages! Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 1月, 2016 4 次提交
-
-
由 Alessandro Ghedini 提交于
RT#4080 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Viktor Dukhovni 提交于
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Modify libssl to use EVP_PKEY TLS PRF. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dmitry Belyavsky 提交于
Fix a typo in the definition of the GOST2012-NULL-GOST12 ciphersuite. RT#4213 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 18 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
Also report an SSL_dane_enable error when the basedomain is an invalid SNI name. Avoid side-effects when such a name is valid with X509_VERIFY_PARAM_set1_host(), as e.g. with an empty name, by setting the SNI name first. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
While empty inputs to SSL_set1_host() clear the reference identifier list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 1月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
It turns out that -pause calls the undocumented function SSL_set_debug. That just sets flag inside the SSL structure. That flag, despite the command is never used. So remove the flag, the field, and the function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 1月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Create Makefile's from Makefile.in Rename Makefile.org to Makefile.in Rename Makefiles to Makefile.in Address review feedback from Viktor and Richard Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 1月, 2016 6 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Fix the docs, and refactor some common code. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 11 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
These now take and return unsigned long, and get is constified. Updated related documentation and util/ssleay.num Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 1月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org>
-
- 08 1月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this. If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery. (Thanks to Jakob Bohm for the suggestion!) Make the "change wrapper functions" be the only paradigm. Wrote documentation! Format the 'set func' functions so their paramlists are legible. Format some multi-line comments. Remove ability to get/set the "memory debug" functions at runtme. Remove MemCheck_* and CRYPTO_malloc_debug_init macros. Add CRYPTO_mem_debug(int flag) function. Add test/memleaktest. Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Applications wishing to include their own stacks now just need to include DEFINE_STACK_OF(foo) in a header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 06 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Also tweak some of the code in demos/bio, to enable interactive testing of BIO_s_accept's use of SSL_dup. Changed the sconnect client to authenticate the server, which now exercises the new SSL_set1_host() function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 02 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
The protocol selection code is now consolidated in a few consecutive short functions in a single file and is table driven. Protocol-specific constraints that influence negotiation are moved into the flags field of the method structure. The same protocol version constraints are now applied in all code paths. It is now much easier to add new protocol versions without reworking the protocol selection logic. In the presence of "holes" in the list of enabled client protocols we no longer select client protocols below the hole based on a subset of the constraints and then fail shortly after when it is found that these don't meet the remaining constraints (suiteb, FIPS, security level, ...). Ideally, with the new min/max controls users will be less likely to create "holes" in the first place. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 01 1月, 2016 3 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 30 12月, 2015 4 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
SIZE_MAX is a great macro, and does unfortunately not exist everywhere. Since we check against half of it, using bitwise shift to calculate the value of half SIZE_MAX should be safe enough. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
If DSA parameters are absent return -1 (for unknown) in DSA_security_bits. If parameters are absent when a certificate is set in an SSL/SSL_CTX structure this will reject the certificate by default. This will cause DSA certificates which omit parameters to be rejected but that is never (?) done in practice. Thanks to Brian 'geeknik' Carpenter for reporting this issue. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-