- 25 3月, 2015 2 次提交
-
-
由 Rich Salz 提交于
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free BIO_free BIO_free_all BIO_vfree Reviewed-by: NMatt Caswell <matt@openssl.org> -
由 Matt Caswell 提交于
Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 24 3月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Also removes for it being NULL Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 23 3月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 20 3月, 2015 1 次提交
-
-
由 David Woodhouse 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 15 3月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 11 3月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 07 2月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
There is no mechanism to do that at the moment - SSL_set_bio makes changes to the wbio even if you pass in SSL_get_wbio(). This commit introduces two new API functions SSL_set_rbio() and SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable you to manage the rbio and wbio individually. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 2月, 2015 3 次提交
-
-
由 Rich Salz 提交于
I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: NAndy Polyakov <appro@openssl.org> -
由 Rich Salz 提交于
The mkstack.pl script now generates the entire safestack.h file. It generates output that follows the coding style. Also, removed all instances of the obsolete IMPLEMENT_STACK_OF macro. Reviewed-by: NAndy Polyakov <appro@openssl.org> -
由 Rich Salz 提交于
A few minor cleanups to remove pre-processor "#if 1" stuff. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 2月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Document SSL_get_extms_support(). Modify behaviour of SSL_get_extms_support() so it returns -1 if the master secret support of the peer is not known (e.g. handshake in progress). Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Retrieve handshake hashes in a separate function. This tidies the existing code and will be used for extended master secret generation. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 28 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default, so the work here is removing the 'maintain our own freelist' code. Also removed a minor old Windows-multibyte/widechar conversion flag. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 22 1月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> -
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> -
由 Matt Caswell 提交于
Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 13 1月, 2015 1 次提交
-
-
由 Rich Salz 提交于
This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 07 1月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
context was also inherited (matches that of the existing SSL_CTX). Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 1月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> -
由 Adam Langley 提交于
when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3aReviewed-by: NRich Salz <rsalz@openssl.org>
-
- 05 1月, 2015 1 次提交
-
-
由 Piotr Sikora 提交于
RT3638 Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 17 12月, 2014 1 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 16 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 09 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 08 12月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS capable. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 04 12月, 2014 1 次提交
-
-
由 Kurt Roeckx 提交于
The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 10月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the supported signature algorithms and raw cipherlist. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 22 10月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
listed after TLS_FALLBACK_SCSV. RT: 3575 Reviewed-by: NEmilia Kasper <emilia@openssl.org>
-
- 15 10月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 29 8月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom server and client extensions and remove a lot of code duplication. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 15 8月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Move custom extension structures from SSL_CTX to CERT structure. This change means the form can be revised in future without binary compatibility issues. Also since CERT is part of SSL structures so per-SSL custom extensions could be supported in future as well as per SSL_CTX. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- 13 5月, 2014 1 次提交
-
-
由 Kurt Roeckx 提交于
-
- 12 5月, 2014 1 次提交
-
-
由 Günther Noack 提交于
PR: 3317
-
- 28 3月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
-
由 Dr. Stephen Henson 提交于
New function ssl_cipher_disabled. Check for disabled client ciphers using ssl_cipher_disabled. New function to return only supported ciphers. New option to ciphers utility to print only supported ciphers.
-