[openssl] OpenSSL_1_1_1-stable update

[Richard Levitte]

The branch OpenSSL_1_1_1-stable has been updated
   via  5a604dfd86d0fee4f9abc257b2a81017ecc558d1 (commit)
  from  45ab67614a224bfbe0dd3500f535ef6db43451ef (commit)


- Log -
commit 5a604dfd86d0fee4f9abc257b2a81017ecc558d1
Author: Fangming.Fang 
Date:   Sun Sep 29 05:58:19 2019 +

Add arm64 in test matrix on TravisCI.

Change-Id: I5d2b729699cfd8e80c3df17db4a9d2edcbf64454

Reviewed-by: Shane Lontis 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/10046)

(cherry picked from commit 0399aba7e05ea9bb1a58bd2e1b164f353f6ef1c9)

---

Summary of changes:
 .travis.yml | 4 
 1 file changed, 4 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 88b8efc65a..cc0d082b77 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -32,6 +32,10 @@ env:
 
 matrix:
 include:
+- os: linux
+  arch: arm64
+  compiler: gcc
+  env: CONFIG_OPTS="--strict-warnings"
 - os: linux-ppc64le
   sudo: false
   compiler: clang

[openssl] master update

[Richard Levitte]

The branch master has been updated
   via  0399aba7e05ea9bb1a58bd2e1b164f353f6ef1c9 (commit)
  from  091aab66a6dbc3a3ecee7684aa30811b342f04e7 (commit)


- Log -
commit 0399aba7e05ea9bb1a58bd2e1b164f353f6ef1c9
Author: Fangming.Fang 
Date:   Sun Sep 29 05:58:19 2019 +

Add arm64 in test matrix on TravisCI.

Change-Id: I5d2b729699cfd8e80c3df17db4a9d2edcbf64454

Reviewed-by: Shane Lontis 
Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/10046)

---

Summary of changes:
 .travis.yml | 4 
 1 file changed, 4 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index ade61d1d60..9b655d84c8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -32,6 +32,10 @@ env:
 
 matrix:
 include:
+- os: linux
+  arch: arm64
+  compiler: gcc
+  env: CONFIG_OPTS="--strict-warnings"
 - os: linux-ppc64le
   sudo: false
   compiler: clang

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-err

Commit log since last time:

8dc57d76c9 doc/man1: fix malformed options
705128b0f0 util/find-doc-nits: more precise option and function name checker
2342f68f56 Update "missing documentation" function lists

Build log ended with (last 100 lines):

60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
65-test_cmp_asn.t .. ok
65-test_cmp_ctx.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests 
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . skipped: Only supported in no-shared builds
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz.t . ok

Test Summary Report
---
65-test_cmp_ctx.t(Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=179, Tests=1630, 316 wallclock secs ( 6.82 usr  1.18 sys + 291.85 cusr 
27.23 csys = 327.08 CPU)
Result: FAIL
Makefile:198: recipe for target '_tests' failed
make[1]: *** [_tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-err'
Makefile:196: recipe for target 'tests' failed
make: *** [tests] Error 2

Still Failing: openssl/openssl#28866 (OpenSSL_1_1_1-stable - 45ab676)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28866
Status: Still Failing

Duration: 16 mins and 42 secs
Commit: 45ab676 (OpenSSL_1_1_1-stable)
Author: Christian Heimes
Message: doc: EVP_DigestInit clears all flags

Mention that EVP_DigestInit() also clears all flags.

Fixes: 10031
Signed-off-by: Christian Heimes 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10032)

(cherry picked from commit 091aab66a6dbc3a3ecee7684aa30811b342f04e7)

View the changeset: 
https://github.com/openssl/openssl/compare/51f879a31f92...45ab67614a22

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592838686?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#28865 (master - 091aab6)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28865
Status: Still Failing

Duration: 29 mins and 54 secs
Commit: 091aab6 (master)
Author: Christian Heimes
Message: doc: EVP_DigestInit clears all flags

Mention that EVP_DigestInit() also clears all flags.

Fixes: 10031
Signed-off-by: Christian Heimes 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10032)

View the changeset: 
https://github.com/openssl/openssl/compare/9c0586d5fc79...091aab66a6db

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592838529?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Build failed: openssl master.28287

[AppVeyor]

Build openssl master.28287 failed


Commit 5a7624a917 by FdaSilvaYY on 9/11/2016 1:56 PM:

Discard a global variable.


Configure your notification preferences

Build failed: openssl master.28285

[AppVeyor]

Build openssl master.28285 failed


Commit 2238aee781 by Richard Levitte on 10/2/2019 8:54 PM:

fixup! Adapt existing providers to have name lists


Configure your notification preferences

Still Failing: openssl/openssl#28864 (master - 9c0586d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28864
Status: Still Failing

Duration: 26 mins and 27 secs
Commit: 9c0586d (master)
Author: Rich Salz
Message: Fix errors found by new find-doc-nits

Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10023)

View the changeset: 
https://github.com/openssl/openssl/compare/65c76cd2c9e8...9c0586d5fc79

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592837916?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#28863 (OpenSSL_1_1_1-stable - 51f879a)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28863
Status: Still Failing

Duration: 24 mins and 36 secs
Commit: 51f879a (OpenSSL_1_1_1-stable)
Author: Daniil Zotkin
Message: Do not print extensions in Certificate message for TLS1.2 and lower

According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9994)

(cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582)

View the changeset: 
https://github.com/openssl/openssl/compare/9e2747646de3...51f879a31f92

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592837145?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still Failing: openssl/openssl#28862 (master - 65c76cd)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28862
Status: Still Failing

Duration: 22 mins and 40 secs
Commit: 65c76cd (master)
Author: Daniil Zotkin
Message: Do not print extensions in Certificate message for TLS1.2 and lower

According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9994)

View the changeset: 
https://github.com/openssl/openssl/compare/12fca1afd227...65c76cd2c9e8

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592836913?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] OpenSSL_1_1_1-stable update

[Dr . Paul Dale]

The branch OpenSSL_1_1_1-stable has been updated
   via  45ab67614a224bfbe0dd3500f535ef6db43451ef (commit)
  from  51f879a31f926ba12b783c68f4ba9e4ee490145f (commit)


- Log -
commit 45ab67614a224bfbe0dd3500f535ef6db43451ef
Author: Christian Heimes 
Date:   Fri Sep 27 11:08:43 2019 +0200

doc: EVP_DigestInit clears all flags

Mention that EVP_DigestInit() also clears all flags.

Fixes: 10031
Signed-off-by: Christian Heimes 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10032)

(cherry picked from commit 091aab66a6dbc3a3ecee7684aa30811b342f04e7)

---

Summary of changes:
 doc/man3/EVP_DigestInit.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index a24d7bf0c7..d5cbee45ca 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -122,7 +122,7 @@ few bytes.
 =item EVP_DigestInit()
 
 Behaves in the same way as EVP_DigestInit_ex() except it always uses the
-default digest implementation.
+default digest implementation and calls EVP_MD_CTX_reset().
 
 =item EVP_DigestFinal()
 

[openssl] master update

[Dr . Paul Dale]

The branch master has been updated
   via  091aab66a6dbc3a3ecee7684aa30811b342f04e7 (commit)
  from  9c0586d5fc7988d2f8544f7884572a3b430406f6 (commit)


- Log -
commit 091aab66a6dbc3a3ecee7684aa30811b342f04e7
Author: Christian Heimes 
Date:   Fri Sep 27 11:08:43 2019 +0200

doc: EVP_DigestInit clears all flags

Mention that EVP_DigestInit() also clears all flags.

Fixes: 10031
Signed-off-by: Christian Heimes 

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10032)

---

Summary of changes:
 doc/man3/EVP_DigestInit.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 1e37160faa..dfc63eba49 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -226,7 +226,7 @@ few bytes.
 =item EVP_DigestInit()
 
 Behaves in the same way as EVP_DigestInit_ex() except it always uses the
-default digest implementation.
+default digest implementation and calls EVP_MD_CTX_reset().
 
 =item EVP_DigestFinal()
 

[openssl] master update

[Dr . Paul Dale]

The branch master has been updated
   via  9c0586d5fc7988d2f8544f7884572a3b430406f6 (commit)
   via  60a7817cacacf4b30a16414479789c2774360782 (commit)
  from  65c76cd2c9e8da9468dd490b334e56c51dbef582 (commit)


- Log -
commit 9c0586d5fc7988d2f8544f7884572a3b430406f6
Author: Rich Salz 
Date:   Fri Sep 27 13:17:09 2019 -0400

Fix errors found by new find-doc-nits

Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10023)

commit 60a7817cacacf4b30a16414479789c2774360782
Author: Rich Salz 
Date:   Wed Sep 25 15:39:03 2019 -0400

Add wordlist from man7.org

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10023)

---

Summary of changes:
 doc/HOWTO/proxy_certificates.txt   |   2 +-
 doc/internal/man3/evp_generic_fetch.pod|   2 +-
 .../man3/ossl_cmp_asn1_octet_string_set1.pod   |   2 +-
 doc/internal/man3/ossl_namemap_new.pod |   2 +-
 doc/internal/man3/ossl_provider_new.pod|   2 +-
 doc/man1/CA.pl.pod |   2 +-
 doc/man1/openssl-info.pod  |   2 +-
 doc/man1/openssl-ocsp.pod  |   2 +-
 doc/man1/openssl-ts.pod| 106 ++---
 doc/man1/openssl-tsget.pod |  28 +++---
 doc/man1/openssl-x509.pod  |   2 +-
 doc/man1/openssl.pod   |   2 +-
 doc/man3/ASN1_TIME_set.pod |   4 +-
 doc/man3/ASN1_TYPE_get.pod |   8 +-
 doc/man3/BIO_get_data.pod  |   2 +-
 doc/man3/BIO_parse_hostserv.pod|   4 +-
 doc/man3/BIO_s_connect.pod |   2 +-
 doc/man3/BIO_s_file.pod|   2 +-
 doc/man3/BN_bn2bin.pod |   2 +-
 doc/man3/CONF_modules_free.pod |   2 +-
 doc/man3/CRYPTO_memcmp.pod |   4 +-
 doc/man3/CT_POLICY_EVAL_CTX_new.pod|   2 +-
 doc/man3/DES_random_key.pod|   4 +-
 doc/man3/DH_get0_pqg.pod   |   2 +-
 doc/man3/DH_set_method.pod |   2 +-
 doc/man3/DSA_set_method.pod|   2 +-
 doc/man3/EC_GROUP_new.pod  |   8 +-
 doc/man3/ENGINE_add.pod|  12 +--
 doc/man3/ERR_get_error.pod |   4 +-
 doc/man3/ERR_load_strings.pod  |   2 +-
 doc/man3/ERR_new.pod   |   2 +-
 doc/man3/ERR_print_errors.pod  |   2 +-
 doc/man3/ERR_put_error.pod |   4 +-
 doc/man3/EVP_PKEY_CTX_ctrl.pod |   4 +-
 doc/man3/HMAC.pod  |   2 +-
 doc/man3/OCSP_cert_to_id.pod   |   2 +-
 doc/man3/OCSP_request_add1_nonce.pod   |   2 +-
 doc/man3/OCSP_resp_find_status.pod |   4 +-
 doc/man3/OPENSSL_LH_COMPFUNC.pod   |   2 +-
 doc/man3/OSSL_CMP_CTX_new.pod  |   2 +-
 doc/man3/OSSL_CMP_log_open.pod |   2 +-
 doc/man3/OpenSSL_version.pod   |   2 +-
 doc/man3/RAND_add.pod  |   2 +-
 doc/man3/RAND_load_file.pod|   4 +-
 doc/man3/RSA_set_method.pod|   2 +-
 doc/man3/SCT_new.pod   |   5 +-
 doc/man3/SSL_CONF_cmd.pod  |   2 +-
 doc/man3/SSL_CTX_dane_enable.pod   |   2 +-
 doc/man3/SSL_CTX_set_client_hello_cb.pod   |   2 +-
 doc/man3/SSL_CTX_set_info_callback.pod |   2 +-
 doc/man3/SSL_CTX_set_mode.pod  |  12 +--
 doc/man3/SSL_CTX_set_options.pod   |  16 ++--
 doc/man3/SSL_read_early_data.pod   |   4 +-
 doc/man3/SSL_set1_host.pod |   2 +-
 doc/man3/SSL_set_shutdown.pod  |   2 +-
 doc/man3/UI_UTIL_read_pw.pod   |   2 +-
 doc/man3/UI_new.pod|   6 +-
 doc/man3/X509_ALGOR_dup.pod|   4 +-
 doc/man3/X509_LOOKUP_hash_dir.pod  |   2 +-
 doc/man3/X509_VERIFY_PARAM_set_flags.pod   |   2 +-
 doc/man3/X509_check_ca.pod |   2 +-
 doc/man3/X509_check_host.pod   |   4 +-
 doc/man3/X509v3_get_ext_by_NID.pod |   2 +-
 doc/man3/d2i_X509.pod  |   2 +-
 doc/man5/config.pod  

[openssl] OpenSSL_1_1_1-stable update

[Dr . Paul Dale]

The branch OpenSSL_1_1_1-stable has been updated
   via  51f879a31f926ba12b783c68f4ba9e4ee490145f (commit)
  from  9e2747646de3de12179a2635da9f6c76ab0ed6fb (commit)


- Log -
commit 51f879a31f926ba12b783c68f4ba9e4ee490145f
Author: Daniil Zotkin 
Date:   Tue Sep 24 11:08:23 2019 +0300

Do not print extensions in Certificate message for TLS1.2 and lower

According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9994)

(cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582)

---

Summary of changes:
 ssl/t1_trce.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 0559fba9d9..5c84339314 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL 
*ssl, int server,
 while (clen > 0) {
 if (!ssl_print_certificate(bio, indent + 2, , ))
 return 0;
-if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
-  , ))
+if (SSL_IS_TLS13(ssl)
+&& !ssl_print_extensions(bio, indent + 2, server,
+ SSL3_MT_CERTIFICATE, , ))
 return 0;
 
 }

[openssl] master update

[Dr . Paul Dale]

The branch master has been updated
   via  65c76cd2c9e8da9468dd490b334e56c51dbef582 (commit)
  from  12fca1afd227a0a750dab7fa51876c42d47ce670 (commit)


- Log -
commit 65c76cd2c9e8da9468dd490b334e56c51dbef582
Author: Daniil Zotkin 
Date:   Tue Sep 24 11:08:23 2019 +0300

Do not print extensions in Certificate message for TLS1.2 and lower

According to RFC8446 CertificateEntry in Certificate message contains
extensions that were not present in the Certificate message in RFC5246.

CLA: trivial

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/9994)

---

Summary of changes:
 ssl/t1_trce.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index a2cb4f7385..c55c172b88 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -1242,8 +1242,9 @@ static int ssl_print_certificates(BIO *bio, const SSL 
*ssl, int server,
 while (clen > 0) {
 if (!ssl_print_certificate(bio, indent + 2, , ))
 return 0;
-if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
-  , ))
+if (SSL_IS_TLS13(ssl)
+&& !ssl_print_extensions(bio, indent + 2, server,
+ SSL3_MT_CERTIFICATE, , ))
 return 0;
 
 }

Still Failing: openssl/openssl#28861 (master - 12fca1a)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28861
Status: Still Failing

Duration: 21 mins and 29 secs
Commit: 12fca1a (master)
Author: Shane Lontis
Message: Fix Coverity issues

CID 1453954 & 1453955

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9977)

View the changeset: 
https://github.com/openssl/openssl/compare/648b53b88ea5...12fca1afd227

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592823904?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit

Commit log since last time:

8dc57d76c9 doc/man1: fix malformed options
705128b0f0 util/find-doc-nits: more precise option and function name checker
2342f68f56 Update "missing documentation" function lists

Build log ended with (last 100 lines):

60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
65-test_cmp_asn.t .. ok
65-test_cmp_ctx.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests 
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . skipped: Only supported in no-shared builds
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz.t . ok

Test Summary Report
---
65-test_cmp_ctx.t(Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=179, Tests=1630, 299 wallclock secs ( 6.19 usr  1.16 sys + 281.05 cusr 
25.75 csys = 314.15 CPU)
Result: FAIL
Makefile:198: recipe for target '_tests' failed
make[1]: *** [_tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit'
Makefile:196: recipe for target 'tests' failed
make: *** [tests] Error 2

[openssl] master update

[shane . lontis]

The branch master has been updated
   via  12fca1afd227a0a750dab7fa51876c42d47ce670 (commit)
  from  648b53b88ea55b4c2f2c8c57d041075731db5f95 (commit)


- Log -
commit 12fca1afd227a0a750dab7fa51876c42d47ce670
Author: Shane Lontis 
Date:   Thu Oct 3 09:29:51 2019 +1000

Fix Coverity issues

CID 1453954 & 1453955

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/9977)

---

Summary of changes:
 providers/default/ciphers/cipher_aes_ocb.c | 12 
 providers/fips/selftest.c  |  7 ---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/providers/default/ciphers/cipher_aes_ocb.c 
b/providers/default/ciphers/cipher_aes_ocb.c
index 8875d79a87..93df4a5dbc 100644
--- a/providers/default/ciphers/cipher_aes_ocb.c
+++ b/providers/default/ciphers/cipher_aes_ocb.c
@@ -285,9 +285,11 @@ static void aes_ocb_freectx(void *vctx)
 {
 PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx;
 
-aes_generic_ocb_cleanup(ctx);
-OPENSSL_cleanse(ctx->base.iv, sizeof(ctx->base.iv));
-OPENSSL_clear_free(ctx,  sizeof(*ctx));
+if (ctx != NULL) {
+aes_generic_ocb_cleanup(ctx);
+OPENSSL_cleanse(ctx->base.iv, sizeof(ctx->base.iv));
+OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
 }
 
 static void *aes_ocb_dupctx(void *vctx)
@@ -300,8 +302,10 @@ static void *aes_ocb_dupctx(void *vctx)
 return NULL;
 }
 *ret = *in;
-if (!aes_generic_ocb_copy_ctx(ret, in))
+if (!aes_generic_ocb_copy_ctx(ret, in)) {
 OPENSSL_free(ret);
+ret = NULL;
+}
 return ret;
 }
 
diff --git a/providers/fips/selftest.c b/providers/fips/selftest.c
index a817b070e0..d954073d64 100644
--- a/providers/fips/selftest.c
+++ b/providers/fips/selftest.c
@@ -141,9 +141,10 @@ end:
 OPENSSL_free(module_checksum);
 OPENSSL_free(indicator_checksum);
 
-(*st->bio_free_cb)(bio_indicator);
-(*st->bio_free_cb)(bio_module);
-
+if (st != NULL) {
+(*st->bio_free_cb)(bio_indicator);
+(*st->bio_free_cb)(bio_module);
+}
 FIPS_state = ok ? FIPS_STATE_RUNNING : FIPS_STATE_ERROR;
 
 return ok;

Failed: openssl/openssl#28860 (OpenSSL_1_1_1-stable - 9e27476)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28860
Status: Failed

Duration: 24 mins and 7 secs
Commit: 9e27476 (OpenSSL_1_1_1-stable)
Author: Michael Osipov
Message: Fix long name of some Microsoft objects

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10029)

(cherry picked from commit 648b53b88ea55b4c2f2c8c57d041075731db5f95)

View the changeset: 
https://github.com/openssl/openssl/compare/eee565ec4b85...9e2747646de3

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592805265?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

Failed: openssl/openssl#28859 (master - 648b53b)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28859
Status: Failed

Duration: 22 mins and 20 secs
Commit: 648b53b (master)
Author: Michael Osipov
Message: Fix long name of some Microsoft objects

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10029)

View the changeset: 
https://github.com/openssl/openssl/compare/8dc57d76c99d...648b53b88ea5

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592805037?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] OpenSSL_1_1_1-stable update

[Dr . Paul Dale]

The branch OpenSSL_1_1_1-stable has been updated
   via  9e2747646de3de12179a2635da9f6c76ab0ed6fb (commit)
  from  eee565ec4b8509b53ee280e8f37243bc5cb5f535 (commit)


- Log -
commit 9e2747646de3de12179a2635da9f6c76ab0ed6fb
Author: Michael Osipov 
Date:   Fri Sep 27 09:04:53 2019 +0200

Fix long name of some Microsoft objects

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10029)

(cherry picked from commit 648b53b88ea55b4c2f2c8c57d041075731db5f95)

---

Summary of changes:
 crypto/objects/obj_dat.h   | 8 
 crypto/objects/objects.txt | 4 ++--
 include/openssl/obj_mac.h  | 4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index ea91db660b..3cb0de78e8 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1728,8 +1728,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
 {"ITU-T", "itu-t", NID_itu_t},
 {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
 {"international-organizations", "International Organizations", 
NID_international_organizations, 1, [4439]},
-{"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 
10, [4440]},
-{"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, [4450]},
+{"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 
10, [4440]},
+{"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, [4450]},
 {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
 {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
 {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
@@ -3578,9 +3578,9 @@ static const unsigned int ln_objs[NUM_LN] = {
  134,/* "Microsoft Individual Code Signing" */
  856,/* "Microsoft Local Key set" */
  137,/* "Microsoft Server Gated Crypto" */
- 648,/* "Microsoft Smartcardlogin" */
+ 648,/* "Microsoft Smartcard Login" */
  136,/* "Microsoft Trust List Signing" */
- 649,/* "Microsoft Universal Principal Name" */
+ 649,/* "Microsoft User Principal Name" */
  393,/* "NULL" */
  404,/* "NULL" */
   72,/* "Netscape Base Url" */
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 5b2bb54eb9..c49d4c568b 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -426,9 +426,9 @@ rsadsi 3 8  : RC5-CBC   : rc5-cbc
 !Cname ms-efs
 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File 
System
 !Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin  : Microsoft Smartcardlogin
+1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin  : Microsoft Smartcard Login
 !Cname ms-upn
-1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal 
Name
+1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name
 
 1 3 6 1 4 1 188 7 1 1 2: IDEA-CBC  : idea-cbc
: IDEA-ECB  : idea-ecb
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 47dafe48d0..ac2ac325da 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1290,12 +1290,12 @@
 #define OBJ_ms_efs  1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
 
 #define SN_ms_smartcard_login   "msSmartcardLogin"
-#define LN_ms_smartcard_login   "Microsoft Smartcardlogin"
+#define LN_ms_smartcard_login   "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login  648
 #define OBJ_ms_smartcard_login  1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
 
 #define SN_ms_upn   "msUPN"
-#define LN_ms_upn   "Microsoft Universal Principal Name"
+#define LN_ms_upn   "Microsoft User Principal Name"
 #define NID_ms_upn  649
 #define OBJ_ms_upn  1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
 

[openssl] master update

[Dr . Paul Dale]

The branch master has been updated
   via  648b53b88ea55b4c2f2c8c57d041075731db5f95 (commit)
  from  8dc57d76c99dffd91e88622e2ca2b4bd7de5e1aa (commit)


- Log -
commit 648b53b88ea55b4c2f2c8c57d041075731db5f95
Author: Michael Osipov 
Date:   Fri Sep 27 09:04:53 2019 +0200

Fix long name of some Microsoft objects

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/10029)

---

Summary of changes:
 crypto/objects/obj_dat.h   | 8 
 crypto/objects/objects.txt | 4 ++--
 include/openssl/obj_mac.h  | 4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 86e307d74d..a719df8e3d 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1737,8 +1737,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
 {"ITU-T", "itu-t", NID_itu_t},
 {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
 {"international-organizations", "International Organizations", 
NID_international_organizations, 1, [4439]},
-{"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 
10, [4440]},
-{"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, [4450]},
+{"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 
10, [4440]},
+{"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, [4450]},
 {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
 {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
 {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
@@ -3619,9 +3619,9 @@ static const unsigned int ln_objs[NUM_LN] = {
  134,/* "Microsoft Individual Code Signing" */
  856,/* "Microsoft Local Key set" */
  137,/* "Microsoft Server Gated Crypto" */
- 648,/* "Microsoft Smartcardlogin" */
+ 648,/* "Microsoft Smartcard Login" */
  136,/* "Microsoft Trust List Signing" */
- 649,/* "Microsoft Universal Principal Name" */
+ 649,/* "Microsoft User Principal Name" */
  393,/* "NULL" */
  404,/* "NULL" */
   72,/* "Netscape Base Url" */
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index bff6714fd6..8833acd500 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -431,9 +431,9 @@ rsadsi 3 8  : RC5-CBC   : rc5-cbc
 !Cname ms-efs
 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File 
System
 !Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin  : Microsoft Smartcardlogin
+1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin  : Microsoft Smartcard Login
 !Cname ms-upn
-1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal 
Name
+1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name
 
 1 3 6 1 4 1 188 7 1 1 2: IDEA-CBC  : idea-cbc
: IDEA-ECB  : idea-ecb
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index df461e50cf..4fb8601bf1 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -1300,12 +1300,12 @@
 #define OBJ_ms_efs  1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
 
 #define SN_ms_smartcard_login   "msSmartcardLogin"
-#define LN_ms_smartcard_login   "Microsoft Smartcardlogin"
+#define LN_ms_smartcard_login   "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login  648
 #define OBJ_ms_smartcard_login  1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
 
 #define SN_ms_upn   "msUPN"
-#define LN_ms_upn   "Microsoft Universal Principal Name"
+#define LN_ms_upn   "Microsoft User Principal Name"
 #define NID_ms_upn  649
 #define OBJ_ms_upn  1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
 

Errored: openssl/openssl#28843 (master - 8dc57d7)

[Travis CI]

Build Update for openssl/openssl
-

Build: #28843
Status: Errored

Duration: 23 mins and 58 secs
Commit: 8dc57d7 (master)
Author: Richard Levitte
Message: doc/man1: fix malformed options

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10073)

View the changeset: 
https://github.com/openssl/openssl/compare/2342f68f5635...8dc57d76c99d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/592680303?utm_medium=notification_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going 
to 
https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email.
Or unsubscribe from *all* email updating your settings at 
https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email.
Or configure specific recipients for build notifications in your .travis.yml 
file. See https://docs.travis-ci.com/user/notifications.

[openssl] master update

[Richard Levitte]

The branch master has been updated
   via  8dc57d76c99dffd91e88622e2ca2b4bd7de5e1aa (commit)
   via  705128b0f0dbc82db9e7b90aa4103eab9a5ce10e (commit)
  from  2342f68f56351601bdb277fbf1e844202d56aee9 (commit)


- Log -
commit 8dc57d76c99dffd91e88622e2ca2b4bd7de5e1aa
Author: Richard Levitte 
Date:   Wed Oct 2 17:13:03 2019 +0200

doc/man1: fix malformed options

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10073)

commit 705128b0f0dbc82db9e7b90aa4103eab9a5ce10e
Author: Richard Levitte 
Date:   Wed Oct 2 13:16:48 2019 +0200

util/find-doc-nits: more precise option and function name checker

The checks for our uses of 'B<' and 'I<' for options, and possibly
function names, was over-reaching quite a bit.

So we fine-tune it a bit:

- by only checking for options in man1 pages, and only in SYNOPSIS
  and *OPTIONS sections.
- by only checking for function names in man3 pages.

The man1 option checker has the additional check that options found in
*OPTIONS are also found in SYNOPSIS andd vice versa.

In all cases, this also handles options and function names with
additional markup, such as 'B<-I>' and 'B_push>'.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/10073)

---

Summary of changes:
 doc/man1/openssl-cms.pod  |   4 +-
 doc/man1/openssl-dgst.pod |   4 +-
 doc/man1/openssl-enc.pod  |   2 +-
 doc/man1/openssl-genpkey.pod  |   4 +-
 doc/man1/openssl-ocsp.pod |   4 +-
 doc/man1/openssl-pkcs8.pod|  12 +--
 doc/man1/openssl-pkey.pod |   4 +-
 doc/man1/openssl-req.pod  |   4 +-
 doc/man1/openssl-rsautl.pod   |   2 +-
 doc/man1/openssl-s_server.pod |   4 +-
 doc/man1/openssl-smime.pod|   6 +-
 doc/man1/openssl-storeutl.pod |   4 +-
 doc/man1/openssl-ts.pod   |  10 +--
 doc/man1/openssl-verify.pod   |   8 +-
 doc/man1/openssl-x509.pod |   4 +-
 util/find-doc-nits| 171 +-
 16 files changed, 192 insertions(+), 55 deletions(-)

diff --git a/doc/man1/openssl-cms.pod b/doc/man1/openssl-cms.pod
index 36b075c655..d50a5d0efe 100644
--- a/doc/man1/openssl-cms.pod
+++ b/doc/man1/openssl-cms.pod
@@ -70,7 +70,7 @@ B B
 [B<-verify_name> I]
 [B<-x509_strict>]
 [B<-md> I]
-[B<->I]
+[B<-I>]
 [B<-nointern>]
 [B<-noverify>]
 [B<-nocerts>]
@@ -309,7 +309,7 @@ Do not load the trusted CA certificates from the default 
directory location
 Digest algorithm to use when signing or resigning. If not present then the
 default digest algorithm for the signing key will be used (usually SHA1).
 
-=item B<->I
+=item B<-I>
 
 The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
 or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
diff --git a/doc/man1/openssl-dgst.pod b/doc/man1/openssl-dgst.pod
index d9319e5697..c6e2b21b8e 100644
--- a/doc/man1/openssl-dgst.pod
+++ b/doc/man1/openssl-dgst.pod
@@ -7,7 +7,7 @@ openssl-dgst - perform digest operations
 =head1 SYNOPSIS
 
 B
-[B<->I]
+[B<-I>]
 [B<-help>]
 [B<-c>]
 [B<-d>]
@@ -52,7 +52,7 @@ command.
 
 Print out a usage message.
 
-=item B<->I
+=item B<-I>
 
 Specifies name of a supported digest to be used. To see the list of
 supported digests, use the command C.
diff --git a/doc/man1/openssl-enc.pod b/doc/man1/openssl-enc.pod
index d0f876949a..498df90b1f 100644
--- a/doc/man1/openssl-enc.pod
+++ b/doc/man1/openssl-enc.pod
@@ -7,7 +7,7 @@ openssl-enc - symmetric cipher routines
 =head1 SYNOPSIS
 
 B
-[B<->I]
+[B<-I>]
 [B<-help>]
 [B<-ciphers>]
 [B<-in> I]
diff --git a/doc/man1/openssl-genpkey.pod b/doc/man1/openssl-genpkey.pod
index 61390777f4..085f7cb4f8 100644
--- a/doc/man1/openssl-genpkey.pod
+++ b/doc/man1/openssl-genpkey.pod
@@ -11,7 +11,7 @@ B B
 [B<-out> I]
 [B<-outform> B|B]
 [B<-pass> I]
-[B<->I]
+[B<-I>]
 [B<-engine> I]
 [B<-paramfile> I]
 [B<-algorithm> I]
@@ -47,7 +47,7 @@ This specifies the output format DER or PEM. The default 
format is PEM.
 The output file password source. For more information about the format of 
B
 see L.
 
-=item B<->I
+=item B<-I>
 
 This option encrypts the private key with the supplied cipher. Any algorithm
 name accepted by EVP_get_cipherbyname() is acceptable such as B.
diff --git 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-weak-ssl-ciphers

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-weak-ssl-ciphers

Commit log since last time:

1738c0ce44 Add '=for comment ifdef' to pod pages
776cb8358e Make EVP_CIPHER_is_a() work with legacy cipher implementations too
6ef81d388d Remove EVP_CIPH_FLAG_DEFAULT_ASN1 from all provided implementations
c96399e296 Adapt EVP_CIPHER_{param_to_asn1,asn1_to_param} for use with provider.
bbecf04e78 Make manuals with TYPE conform with man-pages(7)
723e9c8983 Make ASN1 manuals conform with man-pages(7)
e8769719c9 Consistent formatting of flags with args

Build log ended with (last 100 lines):

60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
65-test_cmp_asn.t .. ok
65-test_cmp_ctx.t .. ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok
80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/6 subtests 
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . skipped: Only supported in no-shared builds
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz.t . ok

Test Summary Report
---
80-test_ssl_old.t(Wstat: 256 Tests: 6 Failed: 1)
  Failed test:  3
  Non-zero exit status: 1
Files=179, Tests=1706, 308 wallclock secs ( 6.28 usr  0.96 sys + 290.86 cusr 
26.74 csys = 324.84 CPU)
Result: FAIL
Makefile:198: recipe for target '_tests' failed
make[1]: *** [_tests] Error 1
make[1]: Leaving directory '/home/openssl/run-checker/enable-weak-ssl-ciphers'
Makefile:196: recipe for target 'tests' failed
make: *** [tests] Error 2