Age | Commit message (Collapse) | Author |
|
PR: 377
|
|
|
|
Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>
|
|
(I wonder why s2_connect() handles the initial buffer allocation slightly
differently...)
PR: 416
|
|
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
|
|
and then didn't support it very well. And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
|
|
defined in DECC$TYPES.H. If _POSIX_C_SOURCE is defined, certain types do
not get defined (u_char, u_int, ...). DECC.H gets included by assert.h
and others. Now, in6.h uses the types u_char, u_int and so on, and gets
included as part of other header inclusions, and will of course fail because
of the missing types.
On the other hand, _XOPEN_SOURCE_EXTENDED is needed to get gethostname()
properly declared...
Solution: define _XOPEN_SOURCE_EXTENDED much later, so DECC$TYPES.H has
a chance to be included *first*, so the otherwise missing types get defined
properly.
Personal: *mumble* *mumble*
|
|
PR: 373
|
|
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.
This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing. The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones. The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.
There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
|
|
|
|
ZLIB a known compression method, with the identity 1.
|
|
PR: 379
|
|
gets defined).
PR: 371
|
|
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
|
|
always give the expected result on some platforms.
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
PR: 349
|
|
|
|
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
|
|
(we can't release it before the CRYPTO_mem_leaks() call!)
Submitted by: Nils Larsch
|
|
|
|
from external cache (using d2i_SSL_SESSION). Perform comparison based on
the cipher's id instead.
Submitted by: Steve Haslam <araqnid@innocent.com>
Reviewed by:
PR: 288
|
|
PR: 300
|
|
|
|
Submitted by: Nils Larsch
|
|
|
|
a year.
|
|
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
|
|
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
|
|
CertificateVerify for 4096 bit RSA signatures
|
|
PR: 189
|
|
PR: 189
|
|
the same source file.
|
|
|
|
PR: 189
|
|
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
|
|
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
|
|
Submitted by: "Chris Brook" <cbrook@v-one.com>
|
|
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
|
|
PR: 262
|
|
PR: 274
|
|
PR: 262
|
|
Submitted by:
Reviewed by:
PR: 212
|
|
|
|
become rather large. This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough. WRITE/SYMBOL
uses a 2048 byte large buffer instead.
|
|
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
|
|
Submitted by: Douglas Stebila
|
|
Submitted by: Douglas Stebila
|
|
Submitted by: Douglas Stebila
|
|
Submitted by: Nils Larsch
|