Dr. Stephen Henson [Wed, 18 Nov 2009 14:45:32 +0000 (14:45 +0000)]
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
Dr. Stephen Henson [Wed, 18 Nov 2009 14:19:52 +0000 (14:19 +0000)]
Include a more meaningful error message when rejecting legacy renegotiation
Dr. Stephen Henson [Tue, 17 Nov 2009 13:25:35 +0000 (13:25 +0000)]
PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org
Initialise atm.flags to 0.
Dr. Stephen Henson [Sun, 15 Nov 2009 19:06:21 +0000 (19:06 +0000)]
PR: 2101 (additional)
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org
Another mingw fix.
Dr. Stephen Henson [Fri, 13 Nov 2009 14:23:44 +0000 (14:23 +0000)]
PR: 2095
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org
Fix for out range of signed 32bit displacement error on newer binutils
in file sha1-x86_64.pl
Dr. Stephen Henson [Fri, 13 Nov 2009 13:44:14 +0000 (13:44 +0000)]
PR: 2101
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org
Fixes for tests in cms-test.pl
Richard Levitte [Fri, 13 Nov 2009 08:45:52 +0000 (08:45 +0000)]
Add test_cms
Dr. Stephen Henson [Thu, 12 Nov 2009 19:57:39 +0000 (19:57 +0000)]
PR: 2088
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
Dr. Stephen Henson [Thu, 12 Nov 2009 19:24:34 +0000 (19:24 +0000)]
set engine to NULL after releasing it
Richard Levitte [Thu, 12 Nov 2009 14:05:04 +0000 (14:05 +0000)]
Compiling vms.mar doesn't work on other than VAX.
Richard Levitte [Thu, 12 Nov 2009 14:04:26 +0000 (14:04 +0000)]
Another symbol longer than 31 characters.
Richard Levitte [Thu, 12 Nov 2009 14:03:57 +0000 (14:03 +0000)]
Typo
Richard Levitte [Thu, 12 Nov 2009 14:03:35 +0000 (14:03 +0000)]
Everywhere was a little too much.
Dr. Stephen Henson [Wed, 11 Nov 2009 19:04:56 +0000 (19:04 +0000)]
PR: 2098
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org
For Cygwin enable zlib and mdc2 by default.
Dr. Stephen Henson [Wed, 11 Nov 2009 14:51:29 +0000 (14:51 +0000)]
add missing parts of reneg port, fix apps patch
Dr. Stephen Henson [Wed, 11 Nov 2009 14:10:09 +0000 (14:10 +0000)]
commit missing apps code for reneg fix
Dr. Stephen Henson [Tue, 10 Nov 2009 13:23:04 +0000 (13:23 +0000)]
make update
Dr. Stephen Henson [Tue, 10 Nov 2009 13:15:09 +0000 (13:15 +0000)]
Prepare for beta4 release
Dr. Stephen Henson [Tue, 10 Nov 2009 01:52:52 +0000 (01:52 +0000)]
PR: 1686
Submitted by: Hanno BÃ\83¶ck <hanno@hboeck.de>
Approved by: steve@openssl.org
Create engines dir if it doesn't already exist.
Dr. Stephen Henson [Tue, 10 Nov 2009 01:00:23 +0000 (01:00 +0000)]
PR: 2091
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
If an OID has no short name or long name return the numerical representation.
Dr. Stephen Henson [Tue, 10 Nov 2009 00:47:37 +0000 (00:47 +0000)]
PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
Dr. Stephen Henson [Mon, 9 Nov 2009 18:58:50 +0000 (18:58 +0000)]
oops, add missing prototypes
Dr. Stephen Henson [Mon, 9 Nov 2009 18:46:59 +0000 (18:46 +0000)]
fix CHANGES
Dr. Stephen Henson [Mon, 9 Nov 2009 18:45:42 +0000 (18:45 +0000)]
First cut of renegotiation extension. (port to 1.0.0-stable)
Dr. Stephen Henson [Mon, 9 Nov 2009 14:35:30 +0000 (14:35 +0000)]
make update
Dr. Stephen Henson [Mon, 9 Nov 2009 14:11:13 +0000 (14:11 +0000)]
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
Dr. Stephen Henson [Mon, 9 Nov 2009 14:09:53 +0000 (14:09 +0000)]
Combat gcc 4.4.1 aliasing rules. (from HEAD)
Dr. Stephen Henson [Sun, 8 Nov 2009 14:51:55 +0000 (14:51 +0000)]
file t1_reneg.c was added on branch OpenSSL_1_0_0-stable on 2009-11-09 18:45:42 +0000
Dr. Stephen Henson [Sun, 8 Nov 2009 14:36:32 +0000 (14:36 +0000)]
If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.
Dr. Stephen Henson [Wed, 4 Nov 2009 13:29:58 +0000 (13:29 +0000)]
Update ordinals.
Dr. Stephen Henson [Mon, 2 Nov 2009 13:37:17 +0000 (13:37 +0000)]
PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Fragment size bug fix.
Dr. Stephen Henson [Sat, 31 Oct 2009 19:21:47 +0000 (19:21 +0000)]
Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
Dr. Stephen Henson [Sat, 31 Oct 2009 13:34:19 +0000 (13:34 +0000)]
Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
Dr. Stephen Henson [Fri, 30 Oct 2009 14:06:18 +0000 (14:06 +0000)]
Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
Dr. Stephen Henson [Fri, 30 Oct 2009 13:29:08 +0000 (13:29 +0000)]
Move CHANGES entry to 0.9.8l section
Dr. Stephen Henson [Fri, 30 Oct 2009 13:22:44 +0000 (13:22 +0000)]
Fix statless session resumption so it can coexist with SNI
Dr. Stephen Henson [Wed, 28 Oct 2009 19:52:35 +0000 (19:52 +0000)]
Don't attempt session resumption if no ticket is present and session
ID length is zero.
Dr. Stephen Henson [Wed, 28 Oct 2009 17:49:37 +0000 (17:49 +0000)]
Add -no_cache option to s_server
Dr. Stephen Henson [Wed, 28 Oct 2009 15:33:20 +0000 (15:33 +0000)]
Don't replace whole AR line
Dr. Stephen Henson [Wed, 28 Oct 2009 14:00:41 +0000 (14:00 +0000)]
PR: 2081
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect AR and RANLIB environment variables if set.
Dr. Stephen Henson [Wed, 28 Oct 2009 13:55:55 +0000 (13:55 +0000)]
PR: 2080
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect MAKE environment variable if set.
Dr. Stephen Henson [Wed, 28 Oct 2009 13:51:56 +0000 (13:51 +0000)]
PR: 2078
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org
Corrections to bn_internal documentation.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:47:01 +0000 (12:47 +0000)]
Clarification
Dr. Stephen Henson [Fri, 23 Oct 2009 12:24:54 +0000 (12:24 +0000)]
Sync FAQ with HEAD.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:05:54 +0000 (12:05 +0000)]
If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
Dr. Stephen Henson [Thu, 22 Oct 2009 23:14:12 +0000 (23:14 +0000)]
Need to check <= 0 here.
Dr. Stephen Henson [Mon, 19 Oct 2009 13:13:14 +0000 (13:13 +0000)]
PR: 2070
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org
Fix wrong cast.
Dr. Stephen Henson [Sun, 18 Oct 2009 15:28:59 +0000 (15:28 +0000)]
Document additions for X509 chain verification from HEAD
Dr. Stephen Henson [Sun, 18 Oct 2009 14:44:51 +0000 (14:44 +0000)]
make update
Dr. Stephen Henson [Sun, 18 Oct 2009 14:42:27 +0000 (14:42 +0000)]
Add new function X509_STORE_set_verify_cb and use it in apps
Dr. Stephen Henson [Sun, 18 Oct 2009 14:26:46 +0000 (14:26 +0000)]
take install prefix from the environment
Dr. Stephen Henson [Fri, 16 Oct 2009 15:29:34 +0000 (15:29 +0000)]
PR: 2074
Submitted by: Bram Neijt <bneijt@gmail.com>
Approved by: steve@openssl.org
Typo: "contet".
Dr. Stephen Henson [Fri, 16 Oct 2009 15:24:19 +0000 (15:24 +0000)]
PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Avoid potential doublefree and reuse of freed handshake_buffer.
Dr. Stephen Henson [Fri, 16 Oct 2009 13:41:52 +0000 (13:41 +0000)]
PR: 2073
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Don't access freed SSL_CTX in SSL_free().
Dr. Stephen Henson [Thu, 15 Oct 2009 23:44:11 +0000 (23:44 +0000)]
Fixes to CROSS_COMPILE, don't override command line option from environment
Dr. Stephen Henson [Thu, 15 Oct 2009 18:48:47 +0000 (18:48 +0000)]
Fix for WIN32 (and possibly other platforms) which don't define in_port_t.
Dr. Stephen Henson [Thu, 15 Oct 2009 18:04:43 +0000 (18:04 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:41:44 +0000 (17:41 +0000)]
PR: 2069
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
IPv6 support for DTLS.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:27:47 +0000 (17:27 +0000)]
PR: 1847
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Integrated patches to CA.sh to bring it into line with CA.pl functionality.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:18:03 +0000 (17:18 +0000)]
PR: 2066
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org
Add -r option to dgst to produce format compatible with core utilities.
Dr. Stephen Henson [Thu, 15 Oct 2009 13:05:41 +0000 (13:05 +0000)]
Rename CROSS_COMPILE_PREFIX to CROSS_COMPILE
Dr. Stephen Henson [Wed, 7 Oct 2009 16:46:51 +0000 (16:46 +0000)]
Allow uname values to be overridden by the environment
Dr. Stephen Henson [Wed, 7 Oct 2009 16:41:33 +0000 (16:41 +0000)]
Allow cross compilation prefix to come from CROSS_COMPILE environment variable
Dr. Stephen Henson [Sun, 4 Oct 2009 16:52:35 +0000 (16:52 +0000)]
Fix unitialized warnings
Dr. Stephen Henson [Sun, 4 Oct 2009 16:43:21 +0000 (16:43 +0000)]
Fix warnings about ignoring fgets return value
Dr. Stephen Henson [Sun, 4 Oct 2009 14:04:14 +0000 (14:04 +0000)]
Prevent ignored return value warning
Dr. Stephen Henson [Sun, 4 Oct 2009 14:02:03 +0000 (14:02 +0000)]
Prevent aliasing warning
Dr. Stephen Henson [Thu, 1 Oct 2009 12:17:18 +0000 (12:17 +0000)]
Yes it is a typo ;-)
Dr. Stephen Henson [Thu, 1 Oct 2009 00:26:07 +0000 (00:26 +0000)]
PR: 2061
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct i2b_PVK_bio error handling in rsa.c, dsa.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:21:55 +0000 (00:21 +0000)]
PR: 2062
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BN_rand error handling in bntest.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:17:35 +0000 (00:17 +0000)]
PR: 2059
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_SealInit error handling in pem_seal.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:11:49 +0000 (00:11 +0000)]
PR: 2056
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:07:10 +0000 (00:07 +0000)]
PR: 2055
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling in s2_srvr.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:03:50 +0000 (00:03 +0000)]
PR: 2054
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling
Dr. Stephen Henson [Wed, 30 Sep 2009 23:59:16 +0000 (23:59 +0000)]
PR: 2063
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
Dr. Stephen Henson [Wed, 30 Sep 2009 23:55:29 +0000 (23:55 +0000)]
PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
Dr. Stephen Henson [Wed, 30 Sep 2009 23:50:10 +0000 (23:50 +0000)]
PR: 2058
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
Dr. Stephen Henson [Wed, 30 Sep 2009 23:40:52 +0000 (23:40 +0000)]
Change version from 0.9.9 to 1.0.0 in docs
Dr. Stephen Henson [Wed, 30 Sep 2009 21:41:53 +0000 (21:41 +0000)]
PR: 2064, 728
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
Dr. Stephen Henson [Wed, 30 Sep 2009 21:35:26 +0000 (21:35 +0000)]
Free SSL_CTX after BIO
Dr. Stephen Henson [Tue, 22 Sep 2009 11:34:25 +0000 (11:34 +0000)]
PR: 2050
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
Dr. Stephen Henson [Sun, 20 Sep 2009 16:40:59 +0000 (16:40 +0000)]
PR: 2047
Submitted by: David Lee <live4thee@gmail.com>, steve@openssl.org
Approved by: steve@openssl.org
Fix for IPv6 handling in BIO_get_accept_socket().
Dr. Stephen Henson [Sun, 20 Sep 2009 12:47:04 +0000 (12:47 +0000)]
Ooops, missing close quote
Dr. Stephen Henson [Sun, 20 Sep 2009 12:39:16 +0000 (12:39 +0000)]
Don't use __try+__except unless on VC++
Dr. Stephen Henson [Sun, 20 Sep 2009 11:39:59 +0000 (11:39 +0000)]
add version info for VC-WIN64I too
Dr. Stephen Henson [Sat, 19 Sep 2009 23:01:24 +0000 (23:01 +0000)]
PR: 2048
Submitted by: john blair <mailtome200420032002@yahoo.com>
Approved by: steve@openssl.org
Add version info in VC-WIN64A too.
Andy Polyakov [Thu, 17 Sep 2009 19:35:49 +0000 (19:35 +0000)]
cmll-x86_64.pl: small buglet in CBC subroutine [from HEAD].
PR: 2035
Dr. Stephen Henson [Tue, 15 Sep 2009 22:48:30 +0000 (22:48 +0000)]
PR: 2039
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen bug fix,
Dr. Stephen Henson [Sun, 13 Sep 2009 11:27:27 +0000 (11:27 +0000)]
Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
Dr. Stephen Henson [Sat, 12 Sep 2009 23:34:56 +0000 (23:34 +0000)]
PR: 2023
Submitted by: James Beckett <jmb.openssl@nospam.hackery.net>, steve
Approved by: steve@openssl.org
Fix documentation errors in d2i_X509 manual pages.
Dr. Stephen Henson [Sat, 12 Sep 2009 23:18:09 +0000 (23:18 +0000)]
PR: 2025
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
Dr. Stephen Henson [Sat, 12 Sep 2009 23:09:26 +0000 (23:09 +0000)]
PR: 1411
Submitted by: steve@openssl.org
Allow use of trusted certificates in SSL_CTX_use_chain_file()
Dr. Stephen Henson [Fri, 11 Sep 2009 11:03:31 +0000 (11:03 +0000)]
PR: 2038
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org
Avoid double call to BIO_free().
Dr. Stephen Henson [Wed, 9 Sep 2009 17:05:42 +0000 (17:05 +0000)]
PR: 2033
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen support.
Dr. Stephen Henson [Wed, 9 Sep 2009 16:32:19 +0000 (16:32 +0000)]
Add new option --strict-warnings to Configure script. This is used to add
in devteam warnings into other configurations.
Dr. Stephen Henson [Wed, 9 Sep 2009 12:14:36 +0000 (12:14 +0000)]
Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
Dr. Stephen Henson [Mon, 7 Sep 2009 17:57:02 +0000 (17:57 +0000)]
PR: 2031
Submitted by: steve@openssl.org
Tolerate application/timestamp-response which some servers send out.
Dr. Stephen Henson [Sun, 6 Sep 2009 17:55:40 +0000 (17:55 +0000)]
Typo presumably...
Dr. Stephen Henson [Sun, 6 Sep 2009 15:55:54 +0000 (15:55 +0000)]
Make update, deleting bogus DTLS error code
Dr. Stephen Henson [Sun, 6 Sep 2009 15:49:12 +0000 (15:49 +0000)]
PR: 1644
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
projects / openssl.git / log