- 09 10月, 2017 1 次提交
-
-
由 KaoruToda 提交于
unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by: NStephen Henson <steve@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4500)
-
- 23 8月, 2017 1 次提交
-
-
由 Rich Salz 提交于
Remove GETPID_IS_MEANINGLESS and osslargused. Move socket-related things to new file internal/sockets.h; this is now only needed by four(!!!) files. Compiles should be a bit faster. Remove USE_SOCKETS ifdef's Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4209)
-
- 21 6月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3585)
-
- 13 6月, 2017 1 次提交
-
-
由 Paul Yang 提交于
Mostly braces and NULL pointer check and also copyright year bump Signed-off-by: NPaul Yang <paulyang.inf@gmail.com> Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3657)
-
- 26 4月, 2017 1 次提交
-
-
由 Dmitry Belyavskiy 提交于
The CA names should be printed according to user's decision print_name instead of set of BIO_printf dump_cert_text instead of set of BIO_printf Testing cyrillic output of X509_CRL_print_ex Write and use X509_CRL_print_ex Reduce usage of X509_NAME_online Using X509_REQ_print_ex instead of X509_REQ_print Fix nameopt processing. Make dump_cert_text nameopt-friendly Move nameopt getter/setter to apps/apps.c Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3262)
-
- 04 4月, 2017 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
-
- 31 3月, 2017 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3083)
-
- 17 3月, 2017 1 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2970)
-
- 11 3月, 2017 1 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2900)
-
- 09 3月, 2017 1 次提交
-
-
由 Todd Short 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2882)
-
- 01 3月, 2017 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NAndy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2774)
-
- 27 2月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2747)
-
- 22 2月, 2017 1 次提交
-
-
由 Dmitry Belyavskiy 提交于
commands. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2695)
-
- 15 2月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When a certificate is prepended update the list pointer. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2628)
-
- 09 2月, 2017 1 次提交
-
-
由 Peter Wu 提交于
When idx is negative (as is the case with do_print_sigalgs in apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read). Even if the pointer is not dereferenced, this is undefined behavior. Change the user not to use "-1" as index since the function is documented to return 0 on out-of-range values. Tested with `openssl s_server` and `curl -k https://localhost:4433`. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2349)
-
- 08 2月, 2017 1 次提交
-
-
由 Peter Wu 提交于
The server and client demos (s_client and s_server) are extended with a -keylogfile option. This is similar as setting the SSLKEYLOGFILE environment variable for NSS and creates a keylog file which is suitable for Wireshark. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2343)
-
- 30 1月, 2017 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
由 Dr. Stephen Henson 提交于
Add function to retrieve signature type: in the case of RSA keys the signature type can be EVP_PKEY_RSA or EVP_PKEY_RSA_PSS. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
由 Dr. Stephen Henson 提交于
Extend support for PSS key signatures by using the EVP_PKEY_RSA_PSS type to distinguish them from PKCS1 signature types. Allow setting of PSS signature algorithms using the string "PSS" or "RSA-PSS". Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
-
- 15 11月, 2016 2 次提交
-
-
由 Richard Levitte 提交于
Done too soon, this is for future OpenSSL 1.2.0 This reverts commit 6c62f9e1. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
-
- 10 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 02 11月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 20 8月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Update certificate and CRL time routines to match new standard. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 8月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 8月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
into a structure , to avoid any accident . Plus some few cleanups Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 21 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 10 4月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Move the dh_st structure into an internal header file and provide relevant accessors for the internal fields. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 3月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Misc fixes for no-sock Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 3月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 3月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> MR: #1595
-
- 04 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 2月, 2016 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #2083
-
- 23 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 09 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa() are expected to return a negative match depth and nothing else when verification fails. However, this only happened when verification failed during chain construction. Errors in verification of the constructed chain did not have the intended effect on these functions. This commit updates the functions to check for verify_result == X509_V_OK, and no longer erases any accumulated match information when chain construction fails. Sophisticated developers can, with care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA info even when verification fail. They must of course first check and save the real error, and restore the original error as quickly as possible. Hiding by default seems to be the safer interface. Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED. This also changes the "-brief" output from s_client to include verification results and TLSA match information. Mentioned session resumption in code example in SSL_CTX_dane_enable(3). Also mentioned that depths returned are relative to the verified chain which is now available via SSL_get0_verified_chain(3). Added a few more test-cases to danetest, that exercise the new code. Resolved thread safety issue in use of static buffer in X509_verify_cert_error_string(). Fixed long-stating issue in apps/s_cb.c which always sets verify_error to either X509_V_OK or "chain to long", code elsewhere (e.g. s_time.c), seems to expect the actual error. [ The new chain construction code is expected to correctly generate "chain too long" errors, so at some point we need to drop the work-arounds, once SSL_set_verify_depth() is also fixed to propagate the depth to X509_STORE_CTX reliably. ] Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 2月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-