- 06 2月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The DTLSv1_listen function exposed details of the underlying BIO abstraction and did not properly allow for IPv6. This commit changes the "peer" argument to be a BIO_ADDR and makes it a first class function (rather than a ctrl) to ensure proper type checking. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 01 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
PACKET contents should be read-only. To achieve this, also - constify two user callbacks - constify BUF_reverse. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 26 1月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
The SSL and SSL_CTX structures are reference counted. However since libssl was made opaque there is no way for users of the library to manipulate the reference counts. This adds functions to enable that. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 20 1月, 2016 2 次提交
-
-
由 Matt Caswell 提交于
Calling SSL_shutdown while in init previously gave a "1" response, meaning everything was successfully closed down (even though it wasn't). Better is to send our close_notify, but fail when trying to receive one. The problem with doing a shutdown while in the middle of a handshake is that once our close_notify is sent we shouldn't really do anything else (including process handshake/CCS messages) until we've received a close_notify back from the peer. However the peer might send a CCS before acting on our close_notify - so we won't be able to read it because we're not acting on CCS messages! Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 15 1月, 2016 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
由 Rich Salz 提交于
It turns out that -pause calls the undocumented function SSL_set_debug. That just sets flag inside the SSL structure. That flag, despite the command is never used. So remove the flag, the field, and the function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 11 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
These now take and return unsigned long, and get is constified. Updated related documentation and util/ssleay.num Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 1月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 08 1月, 2016 5 次提交
-
-
由 Viktor Dukhovni 提交于
Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Don't define stacks in C source files: it causes warnings about unused functions in some compilers. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Applications wishing to include their own stacks now just need to include DEFINE_STACK_OF(foo) in a header file. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 06 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Also tweak some of the code in demos/bio, to enable interactive testing of BIO_s_accept's use of SSL_dup. Changed the sconnect client to authenticate the server, which now exercises the new SSL_set1_host() function. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 02 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
The protocol selection code is now consolidated in a few consecutive short functions in a single file and is table driven. Protocol-specific constraints that influence negotiation are moved into the flags field of the method structure. The same protocol version constraints are now applied in all code paths. It is now much easier to add new protocol versions without reworking the protocol selection logic. In the presence of "holes" in the list of enabled client protocols we no longer select client protocols below the hole based on a subset of the constraints and then fail shortly after when it is found that these don't meet the remaining constraints (suiteb, FIPS, security level, ...). Ideally, with the new min/max controls users will be less likely to create "holes" in the first place. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 30 12月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
It served a purpose, but not any more. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 24 12月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
Suggested by David Benjamin Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NViktor Dukhovni <openssl-users@dukhovni.org> MR: #1520
-
- 23 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 12月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
This adds support for SSL/TLS configuration using configuration modules. Sets of command value pairs are store and can be replayed through an SSL_CTX or SSL structure using SSL_CTX_config or SSL_config. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is redundant. Simplify associated code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 10 12月, 2015 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 09 12月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #364
-
- 05 12月, 2015 3 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Kurt Roeckx 提交于
This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 02 12月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 28 11月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 11月, 2015 1 次提交
-
-
由 Dmitry Belyavsky 提交于
This patch contains the necessary changes to provide GOST 2012 ciphersuites in TLS. It requires the use of an external GOST 2012 engine. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 23 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
During rebasing of the async changes some error codes ended up being duplicated so that "make errors" fails. This removes the duplication. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 21 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Make it clear that this function is ssl specific. Reviewed-by: NRich Salz <rsalz@openssl.org>
-