1. 20 4月, 2016 1 次提交
  2. 18 4月, 2016 1 次提交
  3. 05 4月, 2016 2 次提交
  4. 31 3月, 2016 2 次提交
  5. 22 3月, 2016 2 次提交
  6. 18 3月, 2016 1 次提交
  7. 11 3月, 2016 1 次提交
  8. 10 3月, 2016 1 次提交
  9. 08 3月, 2016 1 次提交
    • T
      GH787: Fix ALPN · 817cd0d5
      Todd Short 提交于
      * Perform ALPN after the SNI callback; the SSL_CTX may change due to
        that processing
      * Add flags to indicate that we actually sent ALPN, to properly error
        out if unexpectedly received.
      * clean up ssl3_free() no need to explicitly clear when doing memset
      * document ALPN functions
      Signed-off-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      817cd0d5
  10. 04 3月, 2016 1 次提交
  11. 29 2月, 2016 1 次提交
    • M
      Refactor the async wait fd logic · ff75a257
      Matt Caswell 提交于
      Implementation experience has shown that the original plan for async wait
      fds was too simplistic. Originally the async logic created a pipe internally
      and user/engine code could then get access to it via API calls. It is more
      flexible if the engine is able to create its own fd and provide it to the
      async code.
      
      Another issue is that there can be a lot of churn in the fd value within
      the context of (say) a single SSL connection leading to continually adding
      and removing fds from (say) epoll. It is better if we can provide some
      stability of the fd value across a whole SSL connection. This is
      problematic because an engine has no concept of an SSL connection.
      
      This commit refactors things to introduce an ASYNC_WAIT_CTX which acts as a
      proxy for an SSL connection down at the engine layer.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      ff75a257
  12. 26 2月, 2016 1 次提交
  13. 23 2月, 2016 1 次提交
  14. 19 2月, 2016 1 次提交
    • R
      Remove outdated DEBUG flags. · d63a5e5e
      Rich Salz 提交于
      Add -DBIO_DEBUG to --strict-warnings.
      Remove comments about outdated debugging ifdef guards.
      Remove md_rand ifdef guarding an assert; it doesn't seem used.
      Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
      For pkcs12 stuff put OPENSSL_ in front of the macro name.
      Merge TLS_DEBUG into SSL_DEBUG.
      Various things just turned on/off asserts, mainly for checking non-NULL
      arguments, which is now removed: camellia, bn_ctx, crypto/modes.
      Remove some old debug code, that basically just printed things to stderr:
        DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
        RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
      Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d63a5e5e
  15. 17 2月, 2016 1 次提交
  16. 15 2月, 2016 1 次提交
  17. 03 2月, 2016 1 次提交
  18. 21 1月, 2016 1 次提交
  19. 14 1月, 2016 2 次提交
  20. 17 12月, 2015 1 次提交
    • R
      Rename some BUF_xxx to OPENSSL_xxx · 7644a9ae
      Rich Salz 提交于
      Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
      to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
      Add #define's for the old names.
      Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      7644a9ae
  21. 21 11月, 2015 1 次提交
  22. 10 11月, 2015 1 次提交
  23. 24 10月, 2015 1 次提交
  24. 25 9月, 2015 1 次提交
    • M
      Add support for -no-CApath and -no-CAfile options · 2b6bcb70
      Matt Caswell 提交于
      For those command line options that take the verification options
      -CApath and -CAfile, if those options are absent then the default path or
      file is used instead. It is not currently possible to specify *no* path or
      file at all. This change adds the options -no-CApath and -no-CAfile to
      specify that the default locations should not be used to all relevant
      applications.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      2b6bcb70
  25. 12 9月, 2015 1 次提交
  26. 07 9月, 2015 1 次提交
  27. 06 9月, 2015 3 次提交
  28. 16 7月, 2015 1 次提交
  29. 16 6月, 2015 1 次提交
    • R
      RT2547: Tighten perms on generated privkey files · 3b061a00
      Rich Salz 提交于
      When generating a private key, try to make the output file be readable
      only by the owner.  Put it in CHANGES file since it might be noticeable.
      
      Add "int private" flag to apps that write private keys, and check that it's
      set whenever we do write a private key.  Checked via assert so that this
      bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
      the code-paths where private keys are written.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      3b061a00
  30. 29 5月, 2015 2 次提交
  31. 23 5月, 2015 1 次提交
  32. 11 5月, 2015 1 次提交
  33. 07 5月, 2015 1 次提交