1. 02 7月, 2019 1 次提交
  2. 01 7月, 2019 2 次提交
  3. 27 6月, 2019 2 次提交
  4. 25 6月, 2019 1 次提交
  5. 27 6月, 2019 3 次提交
    • B
      Move 'shared_sigalgs' from cert_st to ssl_st · 915430a0
      Benjamin Kaduk 提交于
      It was only ever in cert_st because ssl_st was a public structure
      and could not be modified without breaking the API.  However, both
      structures are now opaque, and thus we can freely change their layout
      without breaking applications.  In this case, keeping the shared
      sigalgs in the SSL object prevents complications wherein they would
      inadvertently get cleared during SSL_set_SSL_CTX() (e.g., as run
      during a cert_cb).
      
      Fixes #9099
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/9157)
      
      (cherry picked from commit 29948ac80c1388cfeb0bd64539ac1fa6e0bb8990)
      915430a0
    • B
      Revert "Delay setting the sig algs until after the cert_cb has been called" · 572492aa
      Benjamin Kaduk 提交于
      This reverts commit 524006dd1b80c1a86a20119ad988666a80d8d8f5.
      
      While this change did prevent the sigalgs from getting inadvertently
      clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be
      set when the cert_cb runs.  This, in turn, caused significant breakage,
      such as SSL_check_chain() failing to find any valid chain.  An alternate
      approach to fixing the issue from #7244 will follow.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/9157)
      
      (cherry picked from commit 6f34d7bc7d0c7fcd86c6f2772f26e42c925d8505)
      572492aa
    • B
      Add regression test for #9099 · 9863b419
      Benjamin Kaduk 提交于
      Augment the cert_cb sslapitest to include a run that uses
      SSL_check_chain() to inspect the certificate prior to installing
      it on the SSL object.  If the check shows the certificate as not
      valid in that context, we do not install a certificate at all, so
      the handshake will fail later on in processing (tls_choose_sigalg()),
      exposing the indicated regression.
      
      Currently it fails, since we have not yet set the shared sigalgs
      by the time the cert_cb runs.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/9157)
      
      (cherry picked from commit 7cb8fb07e8b71dc1fdcb0de10af7fed4347f6ea4)
      9863b419
  6. 24 6月, 2019 2 次提交
  7. 21 6月, 2019 1 次提交
  8. 19 6月, 2019 4 次提交
  9. 18 6月, 2019 5 次提交
  10. 15 6月, 2019 1 次提交
  11. 13 6月, 2019 1 次提交
  12. 12 6月, 2019 2 次提交
  13. 11 6月, 2019 4 次提交
  14. 10 6月, 2019 1 次提交
  15. 09 6月, 2019 2 次提交
  16. 07 6月, 2019 2 次提交
  17. 06 6月, 2019 1 次提交
  18. 04 6月, 2019 3 次提交
  19. 03 6月, 2019 2 次提交