Minor docfix for OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(3) Also removal of duplicate assignment and addition of comment in test/http_test.c Follow up change to PR #23781 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23837)
SSL_add_dir_cert_subjects_to_stack(): Documented return values In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions returning int have undocumented return values. Fixes #23171 Signed-off-by: Shakti Shah <shaktishah33@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23433)
Limit the number of http headers when receiving the http response Change introduces a default limit on HTTP headers we expect to receive from server to 256. If limit is exceeded http client library indicates HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default. Setting limit to 0 implies no limit (current behavior). Fixes #22264 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23781)
Fix BIO_get_new_index() to return an error when it is exhausted. Fixes #23655 BIO_get_new_index() returns a range of 129..255. It is set to BIO_TYPE_START (128) initially and is incremented on each call. >= 256 is reserved for the class type flags (BIO_TYPE_DESCRIPTOR) so it should error if it reaches the upper bound. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23732)
Bring SSL_group_to_name docs in line with API definition docs say the SSL object in this function is const, but the api doesn't qualify it as such. Adjust the docs to match the definition Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23785)
Document that unknown groups and sigalgs marked with ? are ignored Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23050)
crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21660)
Correct the defined name of the parameter "micalg" in the documentation The EVP_DigestInit(3) manual page contains wrong name for the define macro for the OSSL_DIGEST_PARAM_MICALG param. Fixes #23580 CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23615)
KDF_CTX_new API has incorrect signature (const should not be there) https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html The pages for 3.0/3.1/master seem to have the following EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); which does not match with the actual header which is EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); Fixes #23532 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23541)