Branch: refs/heads/master
Home: https://github.openssl.org/openssl/openssl
Commit: 221d65ba534d23a240ccadd0c2679b222aae35b1
https://github.openssl.org/openssl/openssl/commit/221d65ba534d23a240ccadd0c2679b222aae35b1
Author: Benjamin Kaduk
Date: 2022-05-08 (Sun, 08 May 2022
Author: Piotr Kubaj
Date: Sat Dec 18 15:21:51 2021 +0100
Add support for BSD-riscv64 target
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
Reviewed-by: Paul Dale
(cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15)
(cherry picked from commit
: Piotr Kubaj
Date: Sat Dec 18 15:21:51 2021 +0100
Add support for BSD-riscv64 target
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
Reviewed-by: Paul Dale
(cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15)
(Merged from https://github.com
: yangyangtiantianlonglong
Date: Sun Jul 25 11:43:16 2021 +0800
Fix dtls timeout dead code
Delete dtls timeout dead code in dtls1_handle_timeout
Fix: #15559
Reviewed-by: Matt Caswell
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged from https://github.com
ve been used. Based on the review
comments in #16077.
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/16086)
---
Summary of changes:
ssl/record/rec_lay
Kaduk
Date: Tue Jul 6 07:49:39 2021 -0700
Fix comment for test_negotiated_group() test order
Because of how the 'client_multi' variable is set, we end up
running the tests where the client configures multiple groups (and
the server only configures one) before the
Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15485)
---
Summary of changes:
ssl/statem/statem_srvr.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/ssl
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15487)
---
Summary of changes:
ssl/statem/statem_srvr.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssl/statem
Kaduk
Date: Fri May 21 10:25:00 2021 -0700
Allow TLS13_AD_MISSING_EXTENSION for older versions
Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
ssl3_alert_code() and tls1_alert_code(), so that the call to
SSLfatal() in final_psk() will always actually
-
commit 6e495312fda0e669d105172c1ac8a8c0bf52da6d
Author: Benjamin Kaduk
Date: Thu Apr 8 18:41:46 2021 -0700
Update SSL_new_session_ticket() manual for triggered send
Document the recently added functionality
aa6bd216dd2691d1254eabcbd584691eb3b4b9b8 (commit)
from a8457b4c3d86a42209eabe90eddb605f59041f9e (commit)
- Log -
commit 6dc56df26c41666ee5138da6c97bdb400fd03025
Author: Benjamin Kaduk
Date: Tue Mar 16 22:03:36 2021 -0700
well as it should
have. A simple added flag that records the state of |*pp| before
calling OSSL_ENCODER_to_data() fixes the problem.
Fixes #14655
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/
)
from a812f8fc8f3c9ba30e5ecd2c168cca0613f15dcd (commit)
- Log -
commit b743b16113ca0e30c383191c804de37dbfc4f12e
Author: Benjamin Kaduk
Date: Mon Mar 29 23:05:22 2021 -0700
Update expected results for tls13kexmodes tests
Kaduk
Date: Sat May 8 08:49:36 2021 -0700
apps: improve hygeine for SET_EXPECT macro
Wrap all parameters in parentheses in the expansion, make explicit the
use of the 'expect' input, wrap the whole expression in parentheses, and
remove duplicate semicolon.
8f965908a53b4f0c5a735739e8a273a3a33a976e (commit)
- Log -
commit 80c25611abd7067815943187f36f5e1879201678
Author: Benjamin Kaduk
Date: Mon Mar 29 23:05:22 2021 -0700
Update expected results for tls13kexmodes tests
One of
Levitte
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15067)
---
Summary of changes:
.../implementations/encode_decode/decode_der2key.c | 5
test
Author: David Carlier
Date: Sat Apr 24 16:13:26 2021 +0100
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only
data and true
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15015)
(cherry picked
Carlier
Date: Sat Apr 24 16:13:26 2021 +0100
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only
data and true
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/15015
Kaduk
Date: Tue May 4 12:33:28 2021 -0700
tasn_dec: use do/while around statement macros
Use the do {} while (0) construct around macros whose bodies are complete
statements (including one that has internal control flow!). This is
safer and avoids any risk of
-
commit 6c0ac9b99f2b7278a5ec60ef0c29c71e9eb4f40d
Author: Benjamin Kaduk
Date: Mon May 3 13:23:53 2021 -0700
adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change
The "bad DTLS" tests run into trouble due to the specia
Mraz
Date: Wed Apr 14 15:12:52 2021 +0200
Update krb5 module to latest release
Fixes #14902
Also add workaround of `sudo hostname localhost` for the
intermittent test failures seen in CI.
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl
Kaduk
Date: Mon Mar 22 15:02:04 2021 -0700
Increase HKDF_MAXBUF from 1024 to 2048
We've encountered some scenarios that need to use more than 1 kB of
data as the HKDF-Expand() "info" argument (which, per RFC 5869,
contains "optional context and
Author: Chenglong Zhang
Date: Mon Mar 22 15:29:28 2021 +0800
Fix missing INVALID_EXTENSION
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/14639
Author: Benjamin Kaduk
Date: Wed Feb 24 13:38:25 2021 -0800
Check ASN1_item_ndef_i2d() return value.
Return an error instead of trying to malloc a negative number.
The other usage in this file already had a similar check, and the caller
should have put an entry on the error
Kaduk
Date: Wed Feb 24 13:38:25 2021 -0800
Check ASN1_item_ndef_i2d() return value.
Return an error instead of trying to malloc a negative number.
The other usage in this file already had a similar check, and the caller
should have put an entry on the error stack already
Kaduk
Date: Wed May 27 11:17:07 2020 -0700
Remove disabled TLS 1.3 ciphers from the SSL(_CTX)
In ssl_create_cipher_list() we make a pass through the ciphers to
remove those which are disabled in the current libctx. We are
careful to not include such disabled TLS 1.3 ciphers
-
commit a12c6442f24a32867c971b6feb5db61d01b02c1f
Author: John Baldwin
Date: Thu Jan 7 14:09:41 2021 -0800
Close /dev/crypto file descriptor after CRIOGET ioctl().
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(cherry picked from commit
Author: Benjamin Kaduk
Date: Wed Jan 27 12:19:08 2021 -0800
Remove unused 'peer_type' from SSL_SESSION
This field has not been used since #3858 was merged in 2017 when we
moved to a table-based lookup for certificate type properties instead of
an index
Kaduk
Date: Wed Jan 27 12:19:08 2021 -0800
Remove unused 'peer_type' from SSL_SESSION
This field has not been used since #3858 was merged in 2017 when we
moved to a table-based lookup for certificate type properties instead of
an index-based one.
Reviewe
Baldwin
Date: Thu Jan 7 14:09:41 2021 -0800
Close /dev/crypto file descriptor after CRIOGET ioctl().
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13807
d driver via the CIOCFINDDEV ioctl.
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13468)
commit b39c215decf6e68c28cb64dcfaf5ae5a7e8d35b4
Author: John Baldwin
Date: Fri Nov 20 17:07:35 2020 -0800
Use CRIOGET to f
Author: David Carlier
Date: Tue Dec 8 17:43:10 2020 +
CRYPTO_secure_malloc_init: BSD support improvements.
Backport of #13394
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13637
Author: Benjamin Kaduk
Date: Sat Nov 28 17:11:46 2020 -0800
Fix comment in do_dtls1_write()
This code started off as a copy of ssl3_write_bytes(), and the comment
was not updated with the implementation.
Reported by yangyangtiantianlonglong in #13518
Reviewed-by
Kaduk
Date: Sat Nov 28 17:11:46 2020 -0800
Fix comment in do_dtls1_write()
This code started off as a copy of ssl3_write_bytes(), and the comment
was not updated with the implementation.
Reported by yangyangtiantianlonglong in #13518
Reviewed-by: Shane Lontis
BIO_set_ktls_ctrl_msg().
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13090)
commit 410f5bb18908d89e5e35339049adf4070925faec
Author: John Baldwin
Date: Wed Oct 7 14:34:19 2020 -0700
Allow zero-byte writes to be reported as
-
commit 25fa346e906c4f487727cfebd5a40740709e677b
Author: Benjamin Kaduk
Date: Sun Sep 27 15:01:12 2020 -0700
Unify ssl3_get_cipher_by_std_name() implementation
The handling for the SCSVs was the same as for regular ciphers;
just merge them into the same table-driven
-
commit e7a8fecd0b1138b156bee71d92372abda956f1a8
Author: Benjamin Kaduk
Date: Mon Oct 26 12:20:31 2020 -0700
Add more diagnostics to ossl_shim
We had several cases where the connection failed but we did not
have an error
Kaduk
Date: Sun Sep 27 15:01:12 2020 -0700
Unify ssl3_get_cipher_by_std_name() implementation
The handling for the SCSVs was the same as for regular ciphers;
just merge them into the same table-driven handler.
Reviewed-by: Paul Dale
(Merged from https://github.com
Author: Matt Caswell
Date: Thu Oct 22 13:53:27 2020 +0100
Ensure we raise SSLfatal on error
We were missing a call to SSLfatal. A comment claimed that we had already
called it - but that is incorrect.
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl
Caswell
Date: Thu Oct 22 13:53:27 2020 +0100
Ensure we raise SSLfatal on error
We were missing a call to SSLfatal. A comment claimed that we had already
called it - but that is incorrect.
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13229
Author: Ikko Ashimine
Date: Tue Oct 13 00:30:07 2020 +0900
Fixed typo in ssl_lib.c
orignal -> original
CLA: trivial
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13111)
(cherry picked from com
Ashimine
Date: Tue Oct 13 00:30:07 2020 +0900
Fixed typo in ssl_lib.c
orignal -> original
CLA: trivial
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/13
, compute the length
to pass to setsockopt() inside of ktls_start(). This isolates the
OS-specific behavior to ktls.h and removes it from the socket BIO
implementations.
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull
-
commit 1010e4ac9743a273d12e4f7c49959607aa4f6403
Author: Todd Short
Date: Tue Sep 1 14:50:03 2020 -0400
Fix post-condition in algorithm_do_this
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl
14f32a9e86)
Target: x86_64-unknown-freebsd13.0
Thread model: posix
InstalledDir: /usr/bin
This prevented us from properly detecting AVX support, etc.
CLA: trivial
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged
et: x86_64-unknown-freebsd13.0
Thread model: posix
InstalledDir: /usr/bin
This prevented us from properly detecting AVX support, etc.
CLA: trivial
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged from https://github.c
Kaduk
Date: Wed Sep 19 21:14:04 2018 -0500
Mark SSL_CTX_set_ssl_version() as deprecated in 3.0
Also, document its unusual semantics of resetting the
cipher list (but preserving other configuration).
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from
79f4417ed940793fe7d48d613c9b903d00630b69 (commit)
via 8489026850b38447d8e3e68c4d4260585b7e8e3a (commit)
from 31d2daecb384475da13c4bf7c76a2dde0077b2f2 (commit)
- Log -
commit 520150151bc5993194ba34464220454d8135099d
Author: Benjamin Kaduk
Date: Tue Jul
remove the now obsolete warning against using
security levels higher than 1. For example Ubuntu, compiles OpenSSL
with security level set to 2, and further restricts algorithm versions
available at that security level.
Reviewed-by: Kurt Roeckx
Reviewed-by: Ben Kaduk
Kaduk
(Merged from https://github.com/openssl/openssl/pull/12444)
(cherry picked from commit 02e14a65fd6cc63204b43a79d510e95a63bdd901)
---
Summary of changes:
doc/man3/SSL_CTX_set_security_level.pod | 6 --
1
Kaduk
Date: Thu Jul 2 12:14:52 2020 -0700
Providerized libssl fallout: cleanup init
Since libssl is entirely using fetched cipher/digest implementations
from providers, we don't need to register the libcrypto cipher/digest
implementations in ossl_init_ssl
tls_early_post_process_client_hello()
may never come to the point where pre_proc_exts is freed.
Fixes #12194
CLA: trivial
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/12330)
(cherry picked from commit
()
may never come to the point where pre_proc_exts is freed.
Fixes #12194
CLA: trivial
Reviewed-by: Paul Dale
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/12330
-
commit 7cc5e0d283800c757e46d1476273d271120aa38d
Author: Benjamin Kaduk
Date: Mon Jun 1 12:31:55 2020 -0700
Allow oversized buffers for provider cipher IV fetch
When we're fetching an IV, there's no need to enforce that the
provided buffer is exactly the same size as the
Kaduk
Date: Fri Jun 12 19:56:11 2020 -0700
Fix logic error for building x86 CAST assembly
The assembly code is not PIC, so we should only try to build it
when the configuration has disabled PIC, not the other way around.
Reviewed-by: Kurt Roeckx
(Merged from https
Author: Benjamin Kaduk
Date: Thu May 28 14:34:10 2020 -0700
Fix a typo in SSL_CTX_set_session_ticket_cb.pod
"SSL" takes two esses, not three.
[skip ci]
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/12038)
(che
Kaduk
Date: Thu May 28 14:34:10 2020 -0700
Fix a typo in SSL_CTX_set_session_ticket_cb.pod
"SSL" takes two esses, not three.
[skip ci]
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/
-
commit 9c44916ce555a0280170c5fc519a0ebf693292f8
Author: Benjamin Kaduk
Date: Fri May 22 11:13:24 2020 -0700
RSA: Do not set NULL OAEP labels
As of the previous commit, when a zero-length (string) parameter
is present in
-
commit de5e2cb541699e11a2b82de1d7f98f62bc207a1d
Author: raja-ashok
Date: Wed May 13 23:37:14 2020 +0530
Update early data exchange scenarios in doc
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11816
-
commit b2a5001d954e81e2a582f2a935212ab554a3cbbe
Author: raja-ashok
Date: Wed May 13 23:37:14 2020 +0530
Update early data exchange scenarios in doc
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11816)
commit
-
commit 0b2b0be948404cefe7160c9b1096bc554e982f03
Author: raja-ashok
Date: Sun May 10 22:47:00 2020 +0530
Test TLSv1.3 out-of-band PSK with all 5 ciphersuites
Reviewed-by: Tomas Mraz
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl
Kaduk
Date: Mon May 11 09:29:24 2020 -0700
Fix FreeBSD build with --strict-warnings
apps/lib/http_server.c needs to include string.h in order to get a prototype
for strerror().
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/11797
Bolli
Date: Thu May 7 14:19:22 2020 +0200
doc: fix two invalid tags
Signed-off-by: Beat Bolli
Reviewed-by: Richard Levitte
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11759
lines have been read completely or only partially. In case of a
previous partial read, a newline will be ignored.
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11741)
(cherry
been read completely or only partially. In case of a
previous partial read, a newline will be ignored.
Reviewed-by: Dmitry Belyavskiy
Reviewed-by: Tomas Mraz
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11741
Kaduk
Date: Mon May 4 11:50:25 2020 -0700
Fix up whitespace nits introduced by PR #11416
Expand a couple literal tabs, and de-indent the body of a function.
Reviewed-by: Shane Lontis
(Merged from https://github.com/openssl/openssl/pull/11728
90113096186e185cd07ee1c4c7267d0e68e67793 (commit)
- Log -
commit e908f292de6383c5d4dbece9381b523d4ce41c69
Author: Benjamin Kaduk
Date: Wed Apr 1 17:08:10 2020 -0700
make update for SSL_new_session_ticket
Reviewed-by
Author: Benjamin Kaduk
Date: Wed Apr 1 13:51:40 2020 -0700
sslapitest: only compile test when it will be used
The test_ccs_change_cipher() test routine is used only when TLS 1.2
is enabled; to fix the strict-warnings build we should not try to
compile it when TLS 1.2 is
Kaduk
Date: Wed Apr 1 13:51:40 2020 -0700
sslapitest: only compile test when it will be used
The test_ccs_change_cipher() test routine is used only when TLS 1.2
is enabled; to fix the strict-warnings build we should not try to
compile it when TLS 1.2 is disabled, either
Kaduk
Date: Wed Apr 8 10:05:27 2020 -0700
Fix krb5 external test
Since commit c3845ceba84aab9ddeb43f043549238fd10de63b ("Build file
templates: don't set OPENSSL_{ENGINES,MODULES}") the krb5 external test
has been failing. This is because it relied on OPENSSL_
Author: Richard Könning
Date: Fri Mar 20 20:17:50 2020 +0100
Use ctx2 instead ctx.
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11372)
(cherry picked from commit
Könning
Date: Fri Mar 20 20:17:50 2020 +0100
Use ctx2 instead ctx.
CLA: trivial
Reviewed-by: Matt Caswell
Reviewed-by: Ben Kaduk
(Merged from https://github.com/openssl/openssl/pull/11372
2f0dab7e59cc50c89b6d54962b81cf96c30fe725
Author: Benjamin Kaduk
Date: Fri Mar 6 13:19:45 2020 -0800
Add test that changes ciphers on CCS
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate
the switch from the unencrypted to encrypted part of the handshake.
However, it can also be used in
: Benjamin Kaduk
Date: Fri Mar 6 13:19:45 2020 -0800
Add test that changes ciphers on CCS
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate
the switch from the unencrypted to encrypted part of the handshake.
However, it can also be used in cases where
Author: Benjamin Kaduk
Date: Thu Jan 23 17:08:34 2020 -0800
openssl-config: add example libssl system-defaults
Provide a "simple" example for affecting the systemwide default behavior
of libssl. The large number of mandatory nested sections makes this
less simple tha
Kaduk
Date: Thu Jan 23 17:08:34 2020 -0800
openssl-config: add example libssl system-defaults
Provide a "simple" example for affecting the systemwide default behavior
of libssl. The large number of mandatory nested sections makes this
less simple than the main d
Author: Benjamin Kaduk
Date: Tue Jan 14 16:22:52 2020 -0800
Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
The existing documentation for the new-session callback was unclear
about the requirements on the callback with respect to reference-handling
of the session object
Kaduk
Date: Tue Jan 14 16:22:52 2020 -0800
Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
The existing documentation for the new-session callback was unclear
about the requirements on the callback with respect to reference-handling
of the session object being created
Kaduk
Date: Mon Dec 23 10:35:48 2019 -0800
Update the krb5 submodule
Bring us up to date with upstream's 1.17.1 release. Among other
things, it includes commit c2497d46b4bad473e164943d67b58cd1ae261c3a
which fixes several issues that affect running the test suite
Author: Benjamin Kaduk
Date: Wed Nov 13 09:42:19 2019 -0800
Fix a race condition in SNI handling
As was done for ciphers, supported groups, and EC point formats in
https://github.com/openssl/openssl/pull/9162, only write the negotiated
SNI hostname value to the session object
Kaduk
Date: Wed Nov 13 09:42:19 2019 -0800
Fix a race condition in SNI handling
As was done for ciphers, supported groups, and EC point formats in
https://github.com/openssl/openssl/pull/9162, only write the negotiated
SNI hostname value to the session object when not
)
- Log -
commit 915430a0a9b3602017689cdd65934b3582ea1e01
Author: Benjamin Kaduk
Date: Thu Jun 13 12:26:12 2019 -0700
Move 'shared_sigalgs' from cert_st to ssl_st
It was only ever in cert_st because ssl_st wa
-
commit 29948ac80c1388cfeb0bd64539ac1fa6e0bb8990
Author: Benjamin Kaduk
Date: Thu Jun 13 12:26:12 2019 -0700
Move 'shared_sigalgs' from cert_st to ssl_st
It was only ever in cert_st because ssl_st was a public
-
commit 33a37a6179bcef6917a28edf7c90a65dcd89ff4a
Author: Benjamin Kaduk
Date: Mon Oct 22 11:54:20 2018 -0500
Restore sensible "sess_accept" counter tracking
Commit 9ef9088c1585e13b9727796f15f77da64dbbe623 switched the SSL/SSL_CTX
statistics counters to us
-
commit 2aaa0b146b967397a6e61fa8df969e7847f82086
Author: Benjamin Kaduk
Date: Mon Oct 22 11:54:20 2018 -0500
Restore sensible "sess_accept" counter tracking
Commit 9ef9088c1585e13b9727796f15f77da64dbbe623 switched the SSL/SSL_CTX
statistics counters to using Thread
Author: Benjamin Kaduk
Date: Thu Oct 4 13:49:21 2018 -0500
apps: allow empty attribute values with -subj
Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=
Kaduk
Date: Tue Oct 9 09:27:11 2018 -0500
mkdef: bsd-gcc uses solaris symbol version scripts
As for linux, make bsd-gcc an alias to the solaris semantics for
shared library symbol version handling.
Reviewed-by: Richard Levitte
(Merged from https://github.com
Author: Benjamin Kaduk
Date: Thu Oct 4 13:49:21 2018 -0500
apps: allow empty attribute values with -subj
Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=
Kaduk
Date: Thu Oct 4 13:49:21 2018 -0500
apps: allow empty attribute values with -subj
Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=
Author: Benjamin Kaduk
Date: Wed Sep 19 09:02:04 2018 -0500
Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default. Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that
Kaduk
Date: Wed Sep 19 09:02:04 2018 -0500
Reset TLS 1.3 ciphers in SSL_CTX_set_ssl_version()
Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default. Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that TLS 1.3 cipher
Author: Benjamin Kaduk
Date: Thu Aug 16 15:42:55 2018 -0500
Avoid shadowing 'free' in X509_LOOKUP_met_set_free
gcc 4.6 (arguably erroneously) warns about our use of 'free' as
the name of a function parameter, when --strict-warnings is enabled:
crypto/
Kaduk
Date: Thu Aug 16 15:42:55 2018 -0500
Avoid shadowing 'free' in X509_LOOKUP_met_set_free
gcc 4.6 (arguably erroneously) warns about our use of 'free' as
the name of a function parameter, when --strict-warnings is enabled:
crypto/x509/x509
-
commit a75be9fd34b5d66f349186f21cd8d063d2fa87a4
Author: Benjamin Kaduk
Date: Wed Jul 25 21:00:45 2018 -0500
Improve backwards compat for SSL_get_servername()
Commit 1c4aa31d79821dee9be98e915159d52cc30d8403 changed how we process
and store SNI information during the handshake, so
-
commit c5d1fb78fd0fdbe1f1e61211bd56192a0f95bc91
Author: Benjamin Kaduk
Date: Wed May 30 11:12:22 2018 -0500
Add TODO comment for a nonsensical public API
The API used to set what SNI value to send in the ClientHello
can
Kaduk
Date: Sun Jul 1 12:49:24 2018 -0500
Address coverity-reported NULL dereference in SSL_SESSION_print()
We need to check the provided SSL_SESSION* for NULL before
attempting to derference it to see if it's a TLS 1.3 session.
Reviewed-by: Kurt Roeckx
(M
Kaduk
Date: Sun Jun 17 20:00:02 2018 -0500
ecdsa_ossl: address coverity nit
BN_CTX_end() does not handle NULL input, so we must manually check
before calling from the cleanup handler.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull
Author: Benjamin Kaduk
Date: Mon Apr 16 07:32:02 2018 -0500
Fix regression with session cache use by clients
Commit d316cdcf6d8d6934663278145fe0a8191e14a8c5 introduced some extra
checks into the session-cache update procedure, intended to prevent
the caching of sessions whose
Kaduk
Date: Mon Apr 16 07:32:02 2018 -0500
Fix regression with session cache use by clients
Commit d316cdcf6d8d6934663278145fe0a8191e14a8c5 introduced some extra
checks into the session-cache update procedure, intended to prevent
the caching of sessions whose resumption
-
commit 88b8d83e9e8869c60c556a86bee09f92c56c5a64
Author: Vitezslav Cizek
Date: Tue Jan 9 20:18:24 2018 +0100
BIO_s_accept.pod: add documentation for the new macros
Reviewed-by: Rich Salz
Reviewed-by: Ben Kaduk
1 - 100 of 180 matches
Mail list logo
