- 19 3月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 18 3月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 3月, 2016 2 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rob Percival 提交于
Also improves some documentation of those functions. Reviewed-by: NEmilia Käsper <emilia@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 08 3月, 2016 1 次提交
-
-
由 Todd Short 提交于
* Perform ALPN after the SNI callback; the SSL_CTX may change due to that processing * Add flags to indicate that we actually sent ALPN, to properly error out if unexpectedly received. * clean up ssl3_free() no need to explicitly clear when doing memset * document ALPN functions Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 3月, 2016 1 次提交
-
-
由 Rob Percival 提交于
Reviewed-by: NBen Laurie <ben@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 26 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Fixes github issue 463. Building the app without OPENSSL_NO_SOCK isn't supported, so only do OPENSSL_NO_OCSP. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 23 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 19 2月, 2016 1 次提交
-
-
由 Roumen Petrov 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 17 2月, 2016 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 15 2月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
On some platforms, the implementation is such that a signed char triggers a warning when used with is*() functions. On others, the behavior is outright buggy when presented with a char that happens to get promoted to a negative integer. The safest thing is to cast the char that's used to an unsigned char. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 11 2月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
Make these more correct, concise and less tautological. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
This was a developer debugging feature and was never a useful public interface. Added all missing X509 error codes to the verify(1) manpage, but many still need a description beyond the associated text string. Sorted the errors in x509_txt.c by error number. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 09 2月, 2016 1 次提交
-
-
由 A J Mohan Rao 提交于
* added missing help option messages * ecdh_single option is removed as it is a no-op and not an option supported in earlier versions * ssl_ctx_security_debug() was invoked before ctx check for NULL * trusted_first option can be removed, as it is always enabled in 1.1. But not removed the option, require confirmation. Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 07 2月, 2016 1 次提交
-
-
由 A J Mohan Rao 提交于
opt_valtype 0 is same as '-' while printing cmd usage asn1parse/ca/ciphers help cleanup Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 06 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 2月, 2016 1 次提交
-
-
由 Emilia Kasper 提交于
CRIME protection: disable compression by default, even if OpenSSL is compiled with zlib enabled. Applications can still enable compression by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using the SSL_CONF library to configure compression. SSL_CONF continues to work as before: SSL_CONF_cmd(ctx, "Options", "Compression") enables compression. SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now no-op by default). The command-line switch has changed from -no_comp to -comp. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 03 2月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Also fix option processing in pkeyutl to allow use of (formerly) "out-of-order" switches that were needless implementation limitations. Handle documented "ENGINE" form with -keyform and -peerform. Better handling of OPENSSL_NO_ENGINE and OPENSSL_NO_RSA. RT2018 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 30 1月, 2016 2 次提交
-
-
由 Richard Levitte 提交于
Not all architectures have a time_t defined the same way. To make sure we get the same result, we need to cast &checkoffset to (intmax_t *) and make sure that intmax_t is defined somehow. To make really sure we don't pass a variable with the wrong size down to opt_imax(), we use a temporary intmax_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 27 1月, 2016 1 次提交
-
-
由 Rich Salz 提交于
This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 21 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 14 1月, 2016 2 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 13 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Well, I'm not actually changing time_t, just changing how time_t valued opt values are converted from string to time_t. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 21 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
s_server already had the ability to wait on an async file descriptor. This adds it to s_client too. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 9月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
For those command line options that take the verification options -CApath and -CAfile, if those options are absent then the default path or file is used instead. It is not currently possible to specify *no* path or file at all. This change adds the options -no-CApath and -no-CAfile to specify that the default locations should not be used to all relevant applications. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 18 9月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Real fix for RT 4033 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 9月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 9月, 2015 4 次提交
-
-
由 Richard Levitte 提交于
If the output to stdout or the input from stdin is meant to be binary, it's deeply unsetting to get the occasional LF converted to CRLF or the other way around. If someone happens to forget to redirect stdin or stdout, they will get gibberish anyway, line ending conversion will not change that. Therefore, let's not have dup_bio_* decide unilaterally what mode the BIO derived from stdin and stdout, and rather let the app decide by declaring the intended format. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
The different apps had the liberty to decide whether they would open their input and output files in binary mode or not, which could be confusing if two different apps were handling the same type of file in different ways. The solution is to centralise the decision of low level file organisation, and that the apps would use a selection of formats to state the intent of the file. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Richard Levitte 提交于
Most of all, we needed to sort out which ones are binary and which ones are text, and make sure they are treated accordingly and consistently so Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 David Woodhouse 提交于
In some environments, such as firmware, the current system time is entirely meaningless. Provide a clean mechanism to suppress the checks against it. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 27 8月, 2015 1 次提交
-
-
由 Hubert Kario 提交于
add -help description of sigalgs, client_sigalgs, curves and named_curve Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 11 8月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 30 7月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 16 7月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Remove support for RSA_NET and Netscape key format (-keyform n). Also removed documentation of SGC. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 16 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 29 5月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: NStephen Henson <steve@openssl.org>
-