Age | Commit message (Collapse) | Author |
|
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
ssl/ssl_ciph.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)
Conflicts:
crypto/bn/bn_lcl.h
crypto/bn/bn_prime.c
crypto/engine/eng_all.c
crypto/rc4/rc4_utl.c
crypto/sha/sha.h
ssl/kssl.c
ssl/t1_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit db812f2d70f0695fd53b386fe5e870bef8ca3c22)
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit af6e2d51bfeabbae827030d4c9d58a8f7477c4a0)
|
|
see RT #3203
Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants. This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
|
|
PR#3440
(cherry picked from commit 924e5eda2c82d737cc5a1b9c37918aa6e34825da)
|
|
(cherry picked from commit 7cb472bd0d0fd9da3d42bed1acc56c3a79fc5328)
|
|
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
Bug discovered and fixed by Miod Vallat from the OpenBSD team.
PR#3375
|
|
This reverts commit 3d86077427f93dc46b18fee706b567ec32ac232a.
Incorrect attribution.
|
|
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
PR#3375
|
|
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
(cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67)
|
|
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
|
|
(cherry picked from commit b45e874d7c4a8fdac7ec10cff43f21d02e75d511)
|
|
|
|
(cherry picked from commit cbb67448277232c8403f96edad4931c4203e7746)
|
|
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.
Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
(cherry picked from commit 4544f0a69161a37ee3edce3cc1bc34c3678a4d64)
|
|
(cherry picked from commit 14536c8c9c0abb894afcadb9a58b4b29fc8f7a4d)
|
|
|
|
(backport from HEAD)
|
|
(backport from HEAD)
|
|
(backport from HEAD)
|
|
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
(backport from HEAD)
|
|
instead of waiting until server key exchange
(backport from HEAD)
|
|
(backport from HEAD)
|
|
|
|
|
|
|
|
PR: 2778
|
|
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
|
|
|
|
|
|
prohibit use of these ciphersuites for TLS < 1.2
|
|
|
|
no FIPS compilation support
|
|
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
|
|
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.
The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.
(backport from HEAD).
|
|
|
|
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
|
|
|
|
Reviewed by: steve@openssl.org
Check return value of sk_SSL_COMP_find() properly.
|
|
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
|
|
test for them!
|
|
|