- 10 5月, 2016 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 4月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Give the API new names, document it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 4月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
A new X509_VERIFY_PARAM_set_auth_level() function sets the authentication security level. For verification of SSL peers, this is automatically set from the SSL security level. Otherwise, for now, the authentication security level remains at (effectively) 0 by default. The new "-auth_level" verify(1) option is available in all the command-line tools that support the standard verify(1) options. New verify(1) tests added to check enforcement of chain signature and public key security levels. Also added new tests of enforcement of the verify_depth limit. Updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 01 4月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reverts commit 087ca80a Instead of battling the odd format of argv given to main() in default P64 mode, tell the compiler to make it an array of 64-bit pointers when compiling in P64 mode. A note is added in NOTES.VMS regarding minimum DEC C version. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 31 3月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
The argument 'argv' in 'main' is a short pointer to a short pointer on VMS, regardless of initial pointer size. We must therefore make sure that 'copy_argv' gets a 32-bit pointer for argv, and that the copied argv is used for the rest of main(). This introduces the local type argv_t, which will have correct pointer size in all cases (and be harmless on all other platforms) as well as the macro Argv, which is defined as 'copied_argv' or 'argv', as the case may be. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 22 3月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Don't have #error statements in header files, but instead wrap the contents of that file in #ifndef OPENSSL_NO_xxx This means it is now always safe to include the header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 3月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
This reverts commit a45d7d53. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 3月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 3月, 2016 2 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Also improves some documentation of those functions. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 3月, 2016 1 次提交
-
-
由 Todd Short 提交于
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 26 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Fixes github issue 463. Building the app without OPENSSL_NO_SOCK isn't supported, so only do OPENSSL_NO_OCSP. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 23 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 2月, 2016 1 次提交
-
-
由 Roumen Petrov 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 17 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 15 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
On some platforms, the implementation is such that a signed char triggers a warning when used with is*() functions. On others, the behavior is outright buggy when presented with a char that happens to get promoted to a negative integer. The safest thing is to cast the char that's used to an unsigned char. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 11 2月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
Make these more correct, concise and less tautological. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
This was a developer debugging feature and was never a useful public interface. Added all missing X509 error codes to the verify(1) manpage, but many still need a description beyond the associated text string. Sorted the errors in x509_txt.c by error number. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 09 2月, 2016 1 次提交
-
-
由 A J Mohan Rao 提交于
* added missing help option messages * ecdh_single option is removed as it is a no-op and not an option supported in earlier versions * ssl_ctx_security_debug() was invoked before ctx check for NULL * trusted_first option can be removed, as it is always enabled in 1.1. But not removed the option, require confirmation. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 07 2月, 2016 1 次提交
-
-
由 A J Mohan Rao 提交于
opt_valtype 0 is same as '-' while printing cmd usage asn1parse/ca/ciphers help cleanup Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. Handle documented "ENGINE" form with -keyform and -peerform. Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA. RT2018 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 30 1月, 2016 2 次提交
-
-
由 Richard Levitte 提交于
Not all architectures have a time_t defined the same way. To make sure we get the same result, we need to cast &checkoffset to (intmax_t *) and make sure that intmax_t is defined somehow. To make really sure we don't pass a variable with the wrong size down to opt_imax(), we use a temporary intmax_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 21 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 14 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Well, I'm not actually changing time_t, just changing how time_t valued opt values are converted from string to time_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
s_server already had the ability to wait on an async file descriptor. This adds it to s_client too. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 9月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
For those command line options that take the verification options -CApath and -CAfile, if those options are absent then the default path or file is used instead. It is not currently possible to specify *no* path or file at all. This change adds the options -no-CApath and -no-CAfile to specify that the default locations should not be used to all relevant applications. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 18 9月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Real fix for RT 4033 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 9月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 9月, 2015 2 次提交
-
-
由 Richard Levitte 提交于
If the output to stdout or the input from stdin is meant to be binary, it's deeply unsetting to get the occasional LF converted to CRLF or the other way around. If someone happens to forget to redirect stdin or stdout, they will get gibberish anyway, line ending conversion will not change that. Therefore, let's not have dup_bio_* decide unilaterally what mode the BIO derived from stdin and stdout, and rather let the app decide by declaring the intended format. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: NTim Hudson <tjh@openssl.org>
-