- 05 8月, 2016 15 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dániel Bakai 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 David Woodhouse 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
Baroque, almost uncommented code triggers behaviour which is undefined by the C standard. You might quite reasonably not care that the code was broken on ones-complement machines, but if we support a ubsan build then we need to at least pretend to care. It looks like the special-case code for 64-bit big-endian is going to behave differently (and wrongly) on wrap-around, because it treats the values as signed. That seems wrong, and allows replay and other attacks. Surely you need to renegotiate and start a new epoch rather than wrapping around to sequence number zero again? Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
DTLSv1_client_method() is deprecated, but it was the only way to obtain DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with DTLS_client_method(), and it's relatively non-trivial to make it work without expanding the hack into lots of places. So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
Commit 3eb2aff4 ("Add support for minimum and maximum protocol version supported by a cipher") disabled all ciphers for DTLS1_BAD_VER. That wasn't helpful. Give them back. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
DTLS version numbers are strange and backwards, except DTLS1_BAD_VER so we have to make a special case for it. This does leave us with a set of macros which will evaluate their arguments more than once, but it's not a public-facing API and it's not like this is the kind of thing where people will be using DTLS_VERSION_LE(x++, y) anyway. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
The Change Cipher Spec message in this ancient pre-standard version of DTLS that Cisco are unfortunately still using in their products, is 3 bytes. Allow it. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 David Woodhouse 提交于
Commit d8e8590e ("Fix missing return value checks in SCTP") made the DTLS handshake fail, even for non-SCTP connections, if SSL_export_keying_material() fails. Which it does, for DTLS1_BAD_VER. Apply the trivial fix to make it succeed, since there's no real reason why it shouldn't even though we never need it. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Benjamin Kaduk 提交于
The options RC4_CHUNK_LL, DES_PTR, and BF_PTR were removed by Rich in commit 3e9e810f but were still sticking around in a coupule configuration entries. Since they're unused, remove them. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1390)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1389)
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1389)
-
由 Dr. Stephen Henson 提交于
Thanks to Shi Lei for reporting this issue. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 04 8月, 2016 16 次提交
-
-
由 FdaSilvaYY 提交于
into a structure , to avoid any accident . Plus some few cleanups Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 JimC 提交于
- Commit a95ce7f builds *.manifest files on windows -- added them to .gitignore. - ignore pod -> html temp file Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
... get_by_fingerprint() and get_by_alias() Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
of X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_ENTRY_create_by_NID Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
- append_ia5 - old_entry_print Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 FdaSilvaYY 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The rationale is that installation from a tarball is a common task that everyone performs. For all other builds, we do specialised tests, and might as well build them directly in the checkout, which also gives us fuzz corpora. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The release scripts expect to see the date "xx XXX xxxx" in CHANGES. At some point the year got changed from xxxx to 2016. This changes it back. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 8月, 2016 5 次提交
-
-
由 Richard Levitte 提交于
Because proxy certificates typically come without any CRL information, trying to check revocation on them will fail. Better not to try checking such information for them at all. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
The diverse notations used in INSTALL are not as self explanatory as we might imagine, so let's attempt a consistent notation for mandatory and optional pieces of a command line, and to explain the meaning of each notation. This does away with the bash notation used in one spot, as it isn't universally understood and will only confuse the unknowing more. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Experience shows that pod2html changes directory during its process without properly adjusting the given source directory. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 02 8月, 2016 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-