- 19 1月, 2016 11 次提交
-
-
由 Alessandro Ghedini 提交于
RT#4080 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Prayag Verma 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Modify libssl to use EVP_PKEY TLS PRF. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Add EVP_PKEY algorithm for TLS1 PRF. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dmitry Belyavsky 提交于
Fix a typo in the definition of the GOST2012-NULL-GOST12 ciphersuite. RT#4213 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Viktor Dukhovni 提交于
It seems risky in the context of cross-signed certificates when the same certificate might have multiple potential issuers. Also rarely used, since chains in OpenSSL typically only employ self-signed trust-anchors, whose self-signatures are not checked, while untrusted certificates are generally ephemeral. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 18 1月, 2016 10 次提交
-
-
由 Kristian Amlie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Cygwin was used for x86 before, so let's keep it around for those who still use it (it make Configure reconf possible). Cygwin-i[3456]86 for those that might generate and pass a target name directly to Configure. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
This is to reflect that it's not limited to just i686. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Corinna Vinschen 提交于
This patch allows to recognize the architectures supported by Cygwin and to choose the right configuration from there. Drop -march to use default architecture on 32 bit x86. Drop pre-Cygwin-1.3 recognition since it's long gone and there's no valid configuration for this anymore. Signed-off-by: NCorinna Vinschen <vinschen@redhat.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Corinna Vinschen 提交于
Building for the Cygwin distro requires to be able to build debuginfo files. This in turn requires to build object files without stripping. The stripping is performed by the next step after building which creates the debuginfo files. Signed-off-by: NCorinna Vinschen <vinschen@redhat.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Corinna Vinschen 提交于
Signed-off-by: NCorinna Vinschen <vinschen@redhat.com> Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
Remove lint, tags, dclean, tests. This is prep for a new makedepend scheme. This is temporary pending unified makefile, and might help it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 17 1月, 2016 8 次提交
-
-
由 Rich Salz 提交于
Author: Remi Gacogne <rgacogne-github@coredump.fr> GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of a OCSP_SINGLERESP. It is possible to do it the other way around using OCSP_resp_find(), but this is more efficient when you have a tree indexed by OCSP_CERTID, like haproxy does. (This is also RT4251) Author: Marek Klein <kleinmrk@gmail.com> GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a OCSP_BASICRESP GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
Missed the camellia EVP update. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
Make sure they detect that. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
This avoids explicit double spaces between sentences. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Also s/s/ssl/ as appropriate in the code example. Suggested by Claus Assmann. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Also report an SSL_dane_enable error when the basedomain is an invalid SNI name. Avoid side-effects when such a name is valid with X509_VERIFY_PARAM_set1_host(), as e.g. with an empty name, by setting the SNI name first. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
While empty inputs to SSL_set1_host() clear the reference identifier list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 16 1月, 2016 5 次提交
-
-
由 Rich Salz 提交于
Via Rainer Jung Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Zi Lin 提交于
- bugfix: should not treat '--' as invalid domain substring. - '-' should not be the first letter of a domain Signed-off-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 15 1月, 2016 6 次提交
-
-
由 Matt Caswell 提交于
The windows installation instructions were very out of date. Substantial update to the text. Remove a lot of historical stuff that isn't relevant any more, and merge the win64 and win32 instructions into one file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Also remove the INSTALL.W64 file. Next commit will update INSTALL.WIN to cover both. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
The previous 'Relax the requirements for a debug build' commit had an extra line of code that shouldn't have been there. This fixes it. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
It seems that the r modifier for s/// is fairly new. It's reported not to exist in perl 5.10.1, so it's better to avoid it when possible. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-