Age | Commit message (Collapse) | Author |
|
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
|
|
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd799f38024d70847bab37d91aa5a2536e)
|
|
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
|
|
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file. However the value isn't used to generate the key, but it does
print it's generating such a key. The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.
We now read the config first and use the value from the config file when no size
is given.
PR: 2592
(cherry picked from commit 3343220327664680420d4068e1fbe46d2236f1b0)
|
|
(cherry picked from commit 2b4ffc659eabec29f76821f0ac624a2b8c19e4c7)
|
|
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
|
|
|
|
|
|
(cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
|
|
|
|
|
|
|
|
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
|
|
|
|
|
|
the old code came from SSLeay days before TLS was even supported.
|
|
|
|
Add more extension names in s_cb.c extension printing code.
|
|
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
|
|
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
|
|
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
|
|
|
|
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
|
|
PR: 2681
Submitted by: Annie Yousar
|
|
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
|
|
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
|
|
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
|
|
|
|
PR: 2655
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
|
|
|
|
relevant applications
|
|
|
|
be the server FQDN: change it.
[Reported by PSW Group]
|
|
|
|
|
|
|
|
|