- 01 1月, 2016 3 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 12月, 2015 8 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
It served a purpose, but not any more. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
SIZE_MAX is a great macro, and does unfortunately not exist everywhere. Since we check against half of it, using bitwise shift to calculate the value of half SIZE_MAX should be safe enough. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
If DSA parameters are absent return -1 (for unknown) in DSA_security_bits. If parameters are absent when a certificate is set in an SSL/SSL_CTX structure this will reject the certificate by default. This will cause DSA certificates which omit parameters to be rejected but that is never (?) done in practice. Thanks to Brian 'geeknik' Carpenter for reporting this issue. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reuse is deprecated and ReuseAddr is prefered, according to documentation. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 29 12月, 2015 3 次提交
-
-
由 Ben Laurie 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 28 12月, 2015 6 次提交
-
-
由 Matt Caswell 提交于
Previous versions of OpenSSL had the max size limit for a CertificateRequest message as |s->max_cert_list|. Previously master had it to be SSL3_RT_MAX_PLAIN_LENGTH. However these messages can get quite long if a server is configured with a long list of acceptable CA names. Therefore the size limit has been increased to be consistent with previous versions. RT#4198 Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
Move all calls of the OCSP callback into one place, rather than repeating it in two different places. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
Describe the usage of the OCSP callback functions on both the client and the server side. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
If a server sends the status_request extension then it may choose to send the CertificateStatus message. However this is optional. We were treating it as mandatory and the connection was failing. Thanks to BoringSSL for reporting this issue. RT#4120 Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Matt Caswell 提交于
If the client sends a status_request extension in the ClientHello and the server responds with a status_request extension in the ServerHello then normally the server will also later send a CertificateStatus message. However this message is *optional* even if the extensions were sent. This adds a test to ensure that if the extensions are sent then we can still omit the message. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 24 12月, 2015 11 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Daniel Kahn Gillmor 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> RT: #4192, MR: #1533
-
由 Roumen Petrov 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #1523
-
由 Roumen Petrov 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #1522
-
由 Roumen Petrov 提交于
Signed-off-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRich Salz <rsalz@openssl.org> RT: #4195, MR: #1521
-
由 Kurt Roeckx 提交于
Suggested by David Benjamin Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org> MR: #1520
-
由 Kurt Roeckx 提交于
When it's the last item that is removed int_thread_hash == hash and we would still call int_thread_release(&hash) while hash is already freed. So int_thread_release would compare that dangling pointer to NULL which is undefined behaviour. Instead do already what int_thread_release() would do, and make the call do nothing instead. Reviewed-by: NRich Salz <rsalz@openssl.org> RT: #4155, MR: #1519
-
- 23 12月, 2015 7 次提交
-
-
由 Todd Short 提交于
When EC is disabled, and an error occurs in ssl_generate_master_secret() or RAND_bytes(), the error path does not free rsa_decrypt. RT#4197 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
DTLS cookie generation and verification were exact copies of each other save the last few lines. This refactors them to avoid code copying. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
After the recent change to use ossl_inline, builds were failing on some platforms due to a missing usage of "inline". Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add macro ossl_inline for use in public headers where a portable inline is required. Change existing inline to use ossl_inline Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-