Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
PR: 1354, 1355, 1398, 1408
|
|
PR: 1343
|
|
|
|
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
|
|
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
|
|
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
|
|
|
|
|
|
|
|
Typo.
|
|
|
|
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
|
|
|
|
WANT_READ and WANT_WRITE conditions.
|
|
|
|
sessions in the external session cache might be removed.
Submitted by: "Nadav Har'El" <nyh@math.technion.ac.il>
PR: 547
|
|
PR: 538
|
|
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
|
|
Submitted by:
Reviewed by:
PR:
|
|
|
|
squashed.
|
|
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
|
|
Part of PR 196
|
|
|
|
Submitted by:
Reviewed by:
PR: 141
|
|
Submitted by: Martin Sjögren <martin@strakt.com>
PR: 137
|
|
Submitted by: Richard.Koenning@fujitsu-siemens.com
Reviewed by:
PR: 129
|
|
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
|
|
PR: 95
|
|
PR: 72
|
|
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
|
|
|
|
|
|
(shinagawa@star.zko.dec.com).
|
|
|
|
|
|
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
|
|
|
|
From: "Chris D. Peterson" <cpeterson@aventail.com>
Subject: Implementation Issues with OpenSSL
To: openssl-users@openssl.org
Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
|
|
|
|
|
|
Bodo Moeller).
|
|
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
|
|
|
|
|
|
|
|
|