Age | Commit message (Collapse) | Author |
|
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494, which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).
|
|
Submitted by: Bob Buckholz <bbuckholz@google.com>
|
|
Submitted by: Adam Langley
|
|
Approved by: steve@openssl.org
Handle non-blocking I/O properly in SSL_shutdown() call.
|
|
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
|
|
its own TLS ticket keys.
|
|
|
|
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
now that ssl23_client_hello takes care of that
- fix buffer overrun checks in ssl_add_serverhello_tlsext()
|
|
|
|
|
|
Include server name and RFC4507bis support.
This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
|
|
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
|
|
Submitted by: Victor Duchovni
|
|
|
|
unless specifically requested)
|
|
|
|
|
|
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
|
|
|
|
Submitted by: Douglas Stebila
|
|
|
|
|
|
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
|
|
|
|
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
|
|
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make all test
work again (+ make update)
PR: 1159
|
|
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.
Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
|
|
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
|
|
|
|
|
|
|
|
tree. This further reduces header interdependencies, and makes some
associated cleanups.
|
|
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
|
|
PR: 189
|
|
PR: 189
|
|
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
|
|
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
|
|
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
|
|
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
|
|
|
|
|
|
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
|
|
|
|
|
|
|
|
His comments are:
. adds use of replay cache to protect against replay attacks
. adds functions kssl_tgt_is_available() and
kssl_keytab_is_available() which are used within s3_lib.c
and ssl_lib.c to determine at runtime whether or not
KRB5 ciphers can be supported during the current session.
|
|
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
|