- 04 2月, 2016 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Emilia Kasper 提交于
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 2月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 2月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Iteratively improved with Richard and Andy. Reviewed-by: NAndy Polyakov <appro@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
New functions to return internal pointer for order and cofactor. This avoids the need to allocate a new BIGNUM which to copy the value to. Simplify code to use new functions. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 1月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#4280 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 30 1月, 2016 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Remove depend hacks from demos/engines. Remove clean-depend; just call makedepend (or $CC -M) and use that. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 29 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Also turn B<foo> into foo() in the pod page. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 26 1月, 2016 5 次提交
-
-
由 Matt Caswell 提交于
The SSL and SSL_CTX structures are reference counted. However since libssl was made opaque there is no way for users of the library to manipulate the reference counts. This adds functions to enable that. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Recent changes have removed some directories which is causing mkfiles.pl to fail. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Now that we're using templates, we should warn people not to edit the resulting file. We do it through util/dofile.pl, which is enhanced with an option to tell what file it was called from. We also change the calls so the template files are on the command line instead of being redirected through standard input. That way, we can display something like this (example taken from include/openssl/opensslconf.h): /* WARNING: do not edit! */ /* Generated by Configure from include/openssl/opensslconf.h.in */ Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This is an internal facility, never documented, not for public consumption. Move it into ssl (where it's only used for DTLS). I also made the typedef's for pqueue and pitem follow our style: they name structures, not pointers. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 24 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 1月, 2016 4 次提交
-
-
由 Richard Levitte 提交于
For this adaptation, the variables $options and $version needed to move to %config in Configure, and why not move all other variables holding diverse version numbers at the same time? Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
For our own convenience, we need a mechanism to be able to fall back on bundled Perl modules. It's a minimal package that's called like this: use with_fallback qw(Module1 Module2 ...); For each module, it will try to require them from the system installation, and failing that, it will temporarly add external/perl and try to require transfer::{ModuleName}. It requires that each bundled Perl modules is accompanied by a small transfer module (external/perl/transfer/ModuleName.pm in our example) that knows exactly what to load. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
apps/CA.pl and tools/c_rehash are built from template files. So far, this was done by Configure, which created its own problems as it forced everyone to reconfigure just because one of the template files had changed. Instead, have those files created as part of the normal build in apps/ and in tools/. Furthermore, this prepares for a future where Configure may produce entirely other build files than Makefile, and the latter can't be guaranteed to be the holder of all information for other scripts. Instead, configdata.pm (described below) becomes the center of configuration information. This introduces a few new things: %config a hash table to hold all kinds of configuration data that can be used by any other script. configdata.pm a perl module that Configure writes. It currently holds the hash tables %config and %target. util/dofile.pl a script that takes a template on STDIN and outputs the result after applying configuration data on it. It's supposed to be called like this: perl -I$(TOP) -Mconfigdata < template > result or perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result Note: util/dofile.pl requires Text::Template. As part of this changed, remove a number of variables that are really just copies of entries in %target, and use %target directly. The exceptions are $target{cflags} and $target{lflags}, they do get copied to $cflags and $lflags. The reason for this is that those variable potentially go through a lot of changes and would rather deserve a place in %config. That, however, is for another commit. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
--prefix is now exclusively used for software and manual installation. --openssldir is not exclusively used as a default location for certs, keys and the default openssl.cnf. This change is made to bring clarity, to have the two less intertwined, and to be more compatible with the usual ways of software installation. Please change your habits and scripts to use --prefix rather than --openssldir for installation location now. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 20 1月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The GOST engine is now out of date and is removed by this commit. An up to date GOST engine is now being maintained in an external repository. See: https://wiki.openssl.org/index.php/BinariesReviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 1月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 18 1月, 2016 2 次提交
-
-
由 Kristian Amlie 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 17 1月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Author: Remi Gacogne <rgacogne-github@coredump.fr> GH334: Add an OCSP_SINGLERESP_get0_id() accessor to the OCSP_CERTID of a OCSP_SINGLERESP. It is possible to do it the other way around using OCSP_resp_find(), but this is more efficient when you have a tree indexed by OCSP_CERTID, like haproxy does. (This is also RT4251) Author: Marek Klein <kleinmrk@gmail.com> GH556: OCSP_resp_get_produced_at() accessor to the producedAt of a OCSP_BASICRESP GH555: TS_STATUS_INFO_get_status(), TS_STATUS_INFO_get_text() and TS_STATUS_INFO_get_failure_info() accessors for a TS_STATUS_INFO Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 1月, 2016 4 次提交
-
-
由 Richard Levitte 提交于
It seems that the r modifier for s/// is fairly new. It's reported not to exist in perl 5.10.1, so it's better to avoid it when possible. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Benjamin Kaduk 提交于
The entropy-gathering daemon is used only on a small number of machines. Provide a configure knob so that EGD support can be disabled by default but re-enabled on those systems that do need it. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
It turns out that -pause calls the undocumented function SSL_set_debug. That just sets flag inside the SSL structure. That flag, despite the command is never used. So remove the flag, the field, and the function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 14 1月, 2016 5 次提交
-
-
由 Viktor Dukhovni 提交于
Regenerated expired test certificates, good for the next 100 years. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
util/mk1mf.pl was relying on the platform having the 'debug-' prefix for doing a debug build. Since the setup of targets has changed, this is no longer true. However, it can look for '--debug' in the command line options. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Add CRYPTO_EX_DATA add EndC_KEY_[gs]et_method, From Roumen Petrov. Had to add various exdata calls to init/copy/free the exdata. Had to remove const from some EC functions because exdata isn't const-correct. :( Also remove EC_EXTRA_DATA and use a union to hold the possible pre-computed values and an enum to tell which value is in the union. (Rich Salz) Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 12 1月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-