Age | Commit message (Collapse) | Author |
|
(cherry picked from commit a23a6e85d8dcd5733a343754f434201f3c9aa6f0)
|
|
|
|
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
|
|
|
|
-verify_return_error aren't in this release.
|
|
(cherry picked from commit b5071dc2f67d7667ab3cbbe50a30342f999b896a)
Conflicts:
doc/apps/s_client.pod
doc/apps/verify.pod
doc/apps/x509v3_config.pod
doc/crypto/ASN1_generate_nconf.pod
doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
doc/ssl/SSL_CONF_cmd.pod
doc/ssl/SSL_CONF_cmd_argv.pod
doc/ssl/SSL_CTX_set_cert_cb.pod
doc/ssl/SSL_CTX_set_security_level.pod
|
|
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
Add restrictions section present in other branches.
(cherry picked from commit 86cac6d3b25342ff17a2b6564f7592fd7c6829e8)
|
|
|
|
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
|
|
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.
Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
|
|
|
|
|
|
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
|
|
|
|
|
|
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
|
|
|
|
|
|
|
|
|
|
|
|
Initial secure renegotiation documentation.
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
|
|
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
|
|
|
|
|
|
|
|
PR: 1354, 1355, 1398
|
|
PR: 1343
|
|
Bump release ready for OpenSSL_0_9_8a tag
|
|
|
|
|
|
|
|
Typo.
|
|
|
|
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
|
|
|
|
WANT_READ and WANT_WRITE conditions.
|
|
|
|
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>
PR: 547
|
|
PR: 538
|
|
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
squashed.
|
|
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
|
|
Part of PR 196
|
|
|
|
Submitted by:
Reviewed by:
PR: 141
|
|
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
|