- 25 8月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
It should not have been removed. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 7月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Update find-doc-nits to find errors in SYNOPSIS (the most common place where they were missing). Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 21 6月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Add missing entries to NAME section Add SYNOPSIS lines, remove old NAME entries Update find-doc-nits; better regexp's for parsing SYNOPSIS sections. Rename a couple of files to have an API name. Remove RSA_private_decrypt; it was duplicate content Update for recent doc additions Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 17 6月, 2016 1 次提交
-
-
由 FdaSilvaYY 提交于
Reviewed-by: NKurt Roeckx <kurt@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1219)
-
- 10 6月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Also fix typo noted on GitHub. Suppport typedef and #define to find-doc-nits Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Fix some code examples, trailing whitespace Fix TBA sections in verify, remove others. Remove empty sections Use Mixed Case not ALL CAPS in head2 Enhance doc-nits script. Remove extra =cut line Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Add doc-nit-check to help find future issues. Make podchecker be almost clean. Remove trailing whitespace. Tab expansion Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 5月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 4月, 2016 1 次提交
-
-
由 Matt Caswell 提交于
Some X509_STORE macros do not work since the type was made opaque. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 17 4月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 16 4月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 22 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
L<foo|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 7月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
The -show_chain flag to the verify command line app shows information about the chain that has been built. This commit adds the text "untrusted" against those certificates that have been used from the untrusted list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The function X509_verify_cert checks the value of |ctx->chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx->untrusted. The normal way to use X509_verify_cert() is to first call X509_STORE_CTX_init(); then set up various parameters etc; then call X509_verify_cert(); then check the results; and finally call X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets |ctx->chain| to NULL. The only place in the OpenSSL codebase where |ctx->chain| is set to anything other than a non NULL value is in X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be non NULL on entry to X509_verify_cert is if one of the following occurs: 1) An application calls X509_verify_cert() twice without re-initialising in between. 2) An application reaches inside the X509_STORE_CTX structure and changes the value of |ctx->chain| directly. With regards to the second of these, we should discount this - it should not be supported to allow this. With regards to the first of these, the documentation is not exactly crystal clear, but the implication is that you must call X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail to do this then, at best, the results would be undefined. Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is likely to have unexpected results, and could be dangerous. This commit changes the behaviour of X509_verify_cert() so that it causes an error if |ctx->chain| is anything other than NULL (because this indicates that we have not been initialised properly). It also clarifies the associated documentation. This is a follow up commit to CVE-2015-1793. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 03 5月, 2015 1 次提交
-
-
由 Alok Menghrajani 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 01 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Don't check for NULL before calling a free routine. This gets X509_.*free: x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free X509_STORE_free X509_STORE_CTX_free X509_PKEY_free X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 18 10月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-