Stop symlinking, move files to intended directory Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
Move s->rstate to s->rlayer.rstate Reviewed-by: Richard Levitte <levitte@openssl.org>
Resolve swallowed returns codes The recent updates to libssl to enforce stricter return code checking, left a small number of instances behind where return codes were being swallowed (typically because the function they were being called from was declared as void). This commit fixes those instances to handle the return codes more appropriately. Reviewed-by: Richard Levitte <levitte@openssl.org>
Support key loading from certificate file Support loading of key and certificate from the same file if SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the filename used for each certificate type and attempting to load a private key from the file when SSL_CONF_CTX_finish is called. Update docs. Reviewed-by: Richard Levitte <levitte@openssl.org>
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG was disabled in 0.9.8q and 1.0.0c. This commit sets the value of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG to zero. Reviewed-by: Richard Levitte <levitte@openssl.org>
return unexpected message when receiving kx with kDHr or kDHd It was saying that it was an illegal parameter / unsupported cipher Reviewed-by: Matt Caswell <matt@openssl.org>
ssl3_set_handshake_header returns Change ssl_set_handshake_header from return void to returning int, and handle error return code appropriately. Reviewed-by: Richard Levitte <levitte@openssl.org>
Fix missing return value checks Ensure that all functions have their return values checked where appropriate. This covers all functions defined and called from within libssl. Reviewed-by: Richard Levitte <levitte@openssl.org>
Check libssl function returns Mark most functions returning a result defined in any libssl header file with __owur to warn if they are used without checking the return value. Use -DUNUSED_RETURN compiler flag with gcc to activate these warnings. Some functions returning a result are skipped if it is common and valid to use these functions without checking the return value. Reviewed-by: Richard Levitte <levitte@openssl.org>
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: Matt Caswell <matt@openssl.org>
Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed the "-hack" option from s_server that set this option. Reviewed-by: Tim Hudson <tjh@openssl.org>
Add SSL_SESSION_get0_ticket API function. Reviewed-by: Tim Hudson <tjh@openssl.org>
Provide the API functions SSL_SESSION_has_ticket and SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as required to fix Qt for OpenSSL 1.1.0. I have also added the former in order to determine whether a ticket is present or not - otherwise it is difficult to know whether a zero lifetime hint is because the server set it to 0, or because there is no ticket. Reviewed-by: Tim Hudson <tjh@openssl.org>
Apache Traffic Server has a need to set the rbio without touching the wbio. There is no mechanism to do that at the moment - SSL_set_bio makes changes to the wbio even if you pass in SSL_get_wbio(). This commit introduces two new API functions SSL_set_rbio() and SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable you to manage the rbio and wbio individually. Reviewed-by: Tim Hudson <tjh@openssl.org>
Remove support for SSL_OP_NETSCAPE_CA_DN_BUG. This is an ancient bug workaround for Netscape clients. The documentation talks about versions 3.x and 4.x beta. Reviewed-by: Tim Hudson <tjh@openssl.org>
Ctrl to retrieve extms support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Make libssl opaque. Move all structures that were previously protected by OPENSSL_NO_SSL_INTERN into internal header files. Reviewed-by: Richard Levitte <levitte@openssl.org>
Remove support for opaque-prf An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: Richard Levitte <levitte@openssl.org>
Dead code removal: Fortezza identifiers Not interested in helping the NSA in the slightest. And anyway, it was never implemented, #if'd out. Reviewed-by: Richard Levitte <levitte@openssl.org>
"#if 0" removal: header files Remove all "#if 0" blocks from header files. Reviewed-by: Tim Hudson <tjh@openssl.org>