| Age | Commit message (Collapse) | Author |
|---|
|
PR#3442
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c576f2395a10b05f14490688bc5f45a07)
|
|
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.
PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
|
|
PR#3445
(cherry picked from commit 1c3e9a7c67ccdc5e770829fe951e5832e600d377)
|
|
(cherry picked from commit ee724df75d9ad67fd954253ac514fddb46f1e3c6)
|
|
(cherry picked from commit a44f219c009798054d6741e919cba5b2e656dbf4)
|
|
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1361b9926eef8127debfc2e1bb8c484)
|
|
(cherry picked from commit 7ae6a4b659facfd7ad8131238aa1d349cb3fc951)
|
|
PR#3107
(cherry picked from commit 7c206db9280865ae4af352dbc14e9019a6c4795d)
|
|
PR#3403
|
|
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
|
|
(cherry picked from commit ea2bb861f0daaa20819bf9ac8c146f7593feacd4)
Conflicts:
apps/s_cb.c
(cherry picked from commit 14dc83ca779e91a267701a1fb05b2bbcf2cb63c4)
|
|
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
|
|
|
|
|
|
|
|
|
|
Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd350cc74498dd49daef5e6ee8c34d9857)
|
|
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73c1bdfd3aced09a628b1d7d7747cdca)
|
|
New -hash_old to generate CRL hashes using old
(before OpenSSL 1.0.0) algorithm.
(cherry picked from commit de2d97cd799f38024d70847bab37d91aa5a2536e)
|
|
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
|
|
If you use "-newkey rsa" it's supposed to read the default number of bits from the
config file. However the value isn't used to generate the key, but it does
print it's generating such a key. The set_keygen_ctx() doesn't call
EVP_PKEY_CTX_set_rsa_keygen_bits() and you end up with the default set in
pkey_rsa_init() (1024). Afterwards the number of bits gets read from the config
file, but nothing is done with that anymore.
We now read the config first and use the value from the config file when no size
is given.
PR: 2592
(cherry picked from commit 3343220327664680420d4068e1fbe46d2236f1b0)
|
|
(cherry picked from commit 2b4ffc659eabec29f76821f0ac624a2b8c19e4c7)
|
|
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
|
|
|
|
|
|
(cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
|
|
|
|
|
|
|
|
Always perform nexproto callback argument initialisation in s_server
otherwise we use uninitialised data if -nocert is specified.
|
|
|
|
|
|
the old code came from SSLeay days before TLS was even supported.
|
|
|
|
Add more extension names in s_cb.c extension printing code.
|
|
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
|
|
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
|
|
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
|
|
|
