Dr. Stephen Henson [Wed, 9 Dec 2009 13:25:38 +0000 (13:25 +0000)]
Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
Dr. Stephen Henson [Tue, 8 Dec 2009 19:06:09 +0000 (19:06 +0000)]
Send no_renegotiation alert as required by spec.
Dr. Stephen Henson [Tue, 8 Dec 2009 13:42:32 +0000 (13:42 +0000)]
Add ctrl and macro so we can determine if peer support secure renegotiation.
Dr. Stephen Henson [Tue, 8 Dec 2009 13:15:12 +0000 (13:15 +0000)]
Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
Dr. Stephen Henson [Tue, 8 Dec 2009 11:38:18 +0000 (11:38 +0000)]
PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Add extension support to DTLS code mainly using existing implementation for
TLS.
Dr. Stephen Henson [Wed, 2 Dec 2009 15:28:05 +0000 (15:28 +0000)]
PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
Dr. Stephen Henson [Wed, 2 Dec 2009 14:41:24 +0000 (14:41 +0000)]
Replace the broken SPKAC certification with the correct version.
Dr. Stephen Henson [Wed, 2 Dec 2009 14:25:55 +0000 (14:25 +0000)]
Check it actually compiles this time ;-)
Dr. Stephen Henson [Wed, 2 Dec 2009 13:57:03 +0000 (13:57 +0000)]
PR: 2120
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
Dr. Stephen Henson [Tue, 1 Dec 2009 18:41:50 +0000 (18:41 +0000)]
check DSA_sign() return value properly
Dr. Stephen Henson [Tue, 1 Dec 2009 17:41:42 +0000 (17:41 +0000)]
PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
Dr. Stephen Henson [Tue, 1 Dec 2009 17:32:33 +0000 (17:32 +0000)]
PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
Dr. Stephen Henson [Mon, 30 Nov 2009 13:53:42 +0000 (13:53 +0000)]
PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org
Check return value of ECDSA_sign() properly.
Dr. Stephen Henson [Sun, 29 Nov 2009 13:45:18 +0000 (13:45 +0000)]
typo
Andy Polyakov [Thu, 26 Nov 2009 21:12:12 +0000 (21:12 +0000)]
cms-test.pl: use EXE_EXT (from HEAD).
PR: 2107
Andy Polyakov [Thu, 26 Nov 2009 20:56:05 +0000 (20:56 +0000)]
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD).
Bodo Möller [Thu, 26 Nov 2009 18:37:11 +0000 (18:37 +0000)]
Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
one in the OpenSSL_0_9_8-stable branch.
Andy Polyakov [Mon, 23 Nov 2009 19:51:24 +0000 (19:51 +0000)]
x86_64-xlate.pl: fix typo introduced in last commit.
PR: 2109
Andy Polyakov [Sun, 22 Nov 2009 12:52:18 +0000 (12:52 +0000)]
x86_64-xlate.pl: new gas requires sign extension.
x86masm.pl: fix linker warning.
PR: 2094,2095
Andy Polyakov [Sun, 22 Nov 2009 12:26:15 +0000 (12:26 +0000)]
VC-32.pl: bufferoverlowu.lib only when needed and remove duplicate code
(update from HEAD).
PR: 2086
Andy Polyakov [Sun, 22 Nov 2009 12:24:43 +0000 (12:24 +0000)]
bio_sock.c and bss_dgram.c: update from HEAD.
PR: 2069
Dr. Stephen Henson [Wed, 18 Nov 2009 15:09:35 +0000 (15:09 +0000)]
Servers can't end up talking SSLv2 with legacy renegotiation disabled
Dr. Stephen Henson [Wed, 18 Nov 2009 14:45:32 +0000 (14:45 +0000)]
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
Dr. Stephen Henson [Wed, 18 Nov 2009 14:19:52 +0000 (14:19 +0000)]
Include a more meaningful error message when rejecting legacy renegotiation
Dr. Stephen Henson [Tue, 17 Nov 2009 13:25:35 +0000 (13:25 +0000)]
PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org
Initialise atm.flags to 0.
Dr. Stephen Henson [Sun, 15 Nov 2009 19:06:21 +0000 (19:06 +0000)]
PR: 2101 (additional)
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org
Another mingw fix.
Dr. Stephen Henson [Fri, 13 Nov 2009 14:23:44 +0000 (14:23 +0000)]
PR: 2095
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org
Fix for out range of signed 32bit displacement error on newer binutils
in file sha1-x86_64.pl
Dr. Stephen Henson [Fri, 13 Nov 2009 13:44:14 +0000 (13:44 +0000)]
PR: 2101
Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org
Fixes for tests in cms-test.pl
Richard Levitte [Fri, 13 Nov 2009 08:45:52 +0000 (08:45 +0000)]
Add test_cms
Dr. Stephen Henson [Thu, 12 Nov 2009 19:57:39 +0000 (19:57 +0000)]
PR: 2088
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
Dr. Stephen Henson [Thu, 12 Nov 2009 19:24:34 +0000 (19:24 +0000)]
set engine to NULL after releasing it
Richard Levitte [Thu, 12 Nov 2009 14:05:04 +0000 (14:05 +0000)]
Compiling vms.mar doesn't work on other than VAX.
Richard Levitte [Thu, 12 Nov 2009 14:04:26 +0000 (14:04 +0000)]
Another symbol longer than 31 characters.
Richard Levitte [Thu, 12 Nov 2009 14:03:57 +0000 (14:03 +0000)]
Typo
Richard Levitte [Thu, 12 Nov 2009 14:03:35 +0000 (14:03 +0000)]
Everywhere was a little too much.
Dr. Stephen Henson [Wed, 11 Nov 2009 19:04:56 +0000 (19:04 +0000)]
PR: 2098
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org
For Cygwin enable zlib and mdc2 by default.
Dr. Stephen Henson [Wed, 11 Nov 2009 14:51:29 +0000 (14:51 +0000)]
add missing parts of reneg port, fix apps patch
Dr. Stephen Henson [Wed, 11 Nov 2009 14:10:09 +0000 (14:10 +0000)]
commit missing apps code for reneg fix
Dr. Stephen Henson [Tue, 10 Nov 2009 13:23:04 +0000 (13:23 +0000)]
make update
Dr. Stephen Henson [Tue, 10 Nov 2009 13:15:09 +0000 (13:15 +0000)]
Prepare for beta4 release
Dr. Stephen Henson [Tue, 10 Nov 2009 01:52:52 +0000 (01:52 +0000)]
PR: 1686
Submitted by: Hanno BÃ\83¶ck <hanno@hboeck.de>
Approved by: steve@openssl.org
Create engines dir if it doesn't already exist.
Dr. Stephen Henson [Tue, 10 Nov 2009 01:00:23 +0000 (01:00 +0000)]
PR: 2091
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
If an OID has no short name or long name return the numerical representation.
Dr. Stephen Henson [Tue, 10 Nov 2009 00:47:37 +0000 (00:47 +0000)]
PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
Dr. Stephen Henson [Mon, 9 Nov 2009 18:58:50 +0000 (18:58 +0000)]
oops, add missing prototypes
Dr. Stephen Henson [Mon, 9 Nov 2009 18:46:59 +0000 (18:46 +0000)]
fix CHANGES
Dr. Stephen Henson [Mon, 9 Nov 2009 18:45:42 +0000 (18:45 +0000)]
First cut of renegotiation extension. (port to 1.0.0-stable)
Dr. Stephen Henson [Mon, 9 Nov 2009 14:35:30 +0000 (14:35 +0000)]
make update
Dr. Stephen Henson [Mon, 9 Nov 2009 14:11:13 +0000 (14:11 +0000)]
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
Dr. Stephen Henson [Mon, 9 Nov 2009 14:09:53 +0000 (14:09 +0000)]
Combat gcc 4.4.1 aliasing rules. (from HEAD)
Dr. Stephen Henson [Sun, 8 Nov 2009 14:51:55 +0000 (14:51 +0000)]
file t1_reneg.c was added on branch OpenSSL_1_0_0-stable on 2009-11-09 18:45:42 +0000
Dr. Stephen Henson [Sun, 8 Nov 2009 14:36:32 +0000 (14:36 +0000)]
If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.
Dr. Stephen Henson [Wed, 4 Nov 2009 13:29:58 +0000 (13:29 +0000)]
Update ordinals.
Dr. Stephen Henson [Mon, 2 Nov 2009 13:37:17 +0000 (13:37 +0000)]
PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Fragment size bug fix.
Dr. Stephen Henson [Sat, 31 Oct 2009 19:21:47 +0000 (19:21 +0000)]
Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
Dr. Stephen Henson [Sat, 31 Oct 2009 13:34:19 +0000 (13:34 +0000)]
Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
Dr. Stephen Henson [Fri, 30 Oct 2009 14:06:18 +0000 (14:06 +0000)]
Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
Dr. Stephen Henson [Fri, 30 Oct 2009 13:29:08 +0000 (13:29 +0000)]
Move CHANGES entry to 0.9.8l section
Dr. Stephen Henson [Fri, 30 Oct 2009 13:22:44 +0000 (13:22 +0000)]
Fix statless session resumption so it can coexist with SNI
Dr. Stephen Henson [Wed, 28 Oct 2009 19:52:35 +0000 (19:52 +0000)]
Don't attempt session resumption if no ticket is present and session
ID length is zero.
Dr. Stephen Henson [Wed, 28 Oct 2009 17:49:37 +0000 (17:49 +0000)]
Add -no_cache option to s_server
Dr. Stephen Henson [Wed, 28 Oct 2009 15:33:20 +0000 (15:33 +0000)]
Don't replace whole AR line
Dr. Stephen Henson [Wed, 28 Oct 2009 14:00:41 +0000 (14:00 +0000)]
PR: 2081
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect AR and RANLIB environment variables if set.
Dr. Stephen Henson [Wed, 28 Oct 2009 13:55:55 +0000 (13:55 +0000)]
PR: 2080
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect MAKE environment variable if set.
Dr. Stephen Henson [Wed, 28 Oct 2009 13:51:56 +0000 (13:51 +0000)]
PR: 2078
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org
Corrections to bn_internal documentation.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:47:01 +0000 (12:47 +0000)]
Clarification
Dr. Stephen Henson [Fri, 23 Oct 2009 12:24:54 +0000 (12:24 +0000)]
Sync FAQ with HEAD.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:05:54 +0000 (12:05 +0000)]
If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
Dr. Stephen Henson [Thu, 22 Oct 2009 23:14:12 +0000 (23:14 +0000)]
Need to check <= 0 here.
Dr. Stephen Henson [Mon, 19 Oct 2009 13:13:14 +0000 (13:13 +0000)]
PR: 2070
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org
Fix wrong cast.
Dr. Stephen Henson [Sun, 18 Oct 2009 15:28:59 +0000 (15:28 +0000)]
Document additions for X509 chain verification from HEAD
Dr. Stephen Henson [Sun, 18 Oct 2009 14:44:51 +0000 (14:44 +0000)]
make update
Dr. Stephen Henson [Sun, 18 Oct 2009 14:42:27 +0000 (14:42 +0000)]
Add new function X509_STORE_set_verify_cb and use it in apps
Dr. Stephen Henson [Sun, 18 Oct 2009 14:26:46 +0000 (14:26 +0000)]
take install prefix from the environment
Dr. Stephen Henson [Fri, 16 Oct 2009 15:29:34 +0000 (15:29 +0000)]
PR: 2074
Submitted by: Bram Neijt <bneijt@gmail.com>
Approved by: steve@openssl.org
Typo: "contet".
Dr. Stephen Henson [Fri, 16 Oct 2009 15:24:19 +0000 (15:24 +0000)]
PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Avoid potential doublefree and reuse of freed handshake_buffer.
Dr. Stephen Henson [Fri, 16 Oct 2009 13:41:52 +0000 (13:41 +0000)]
PR: 2073
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Don't access freed SSL_CTX in SSL_free().
Dr. Stephen Henson [Thu, 15 Oct 2009 23:44:11 +0000 (23:44 +0000)]
Fixes to CROSS_COMPILE, don't override command line option from environment
Dr. Stephen Henson [Thu, 15 Oct 2009 18:48:47 +0000 (18:48 +0000)]
Fix for WIN32 (and possibly other platforms) which don't define in_port_t.
Dr. Stephen Henson [Thu, 15 Oct 2009 18:04:43 +0000 (18:04 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:41:44 +0000 (17:41 +0000)]
PR: 2069
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
IPv6 support for DTLS.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:27:47 +0000 (17:27 +0000)]
PR: 1847
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Integrated patches to CA.sh to bring it into line with CA.pl functionality.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:18:03 +0000 (17:18 +0000)]
PR: 2066
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org
Add -r option to dgst to produce format compatible with core utilities.
Dr. Stephen Henson [Thu, 15 Oct 2009 13:05:41 +0000 (13:05 +0000)]
Rename CROSS_COMPILE_PREFIX to CROSS_COMPILE
Dr. Stephen Henson [Wed, 7 Oct 2009 16:46:51 +0000 (16:46 +0000)]
Allow uname values to be overridden by the environment
Dr. Stephen Henson [Wed, 7 Oct 2009 16:41:33 +0000 (16:41 +0000)]
Allow cross compilation prefix to come from CROSS_COMPILE environment variable
Dr. Stephen Henson [Sun, 4 Oct 2009 16:52:35 +0000 (16:52 +0000)]
Fix unitialized warnings
Dr. Stephen Henson [Sun, 4 Oct 2009 16:43:21 +0000 (16:43 +0000)]
Fix warnings about ignoring fgets return value
Dr. Stephen Henson [Sun, 4 Oct 2009 14:04:14 +0000 (14:04 +0000)]
Prevent ignored return value warning
Dr. Stephen Henson [Sun, 4 Oct 2009 14:02:03 +0000 (14:02 +0000)]
Prevent aliasing warning
Dr. Stephen Henson [Thu, 1 Oct 2009 12:17:18 +0000 (12:17 +0000)]
Yes it is a typo ;-)
Dr. Stephen Henson [Thu, 1 Oct 2009 00:26:07 +0000 (00:26 +0000)]
PR: 2061
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct i2b_PVK_bio error handling in rsa.c, dsa.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:21:55 +0000 (00:21 +0000)]
PR: 2062
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BN_rand error handling in bntest.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:17:35 +0000 (00:17 +0000)]
PR: 2059
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_SealInit error handling in pem_seal.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:11:49 +0000 (00:11 +0000)]
PR: 2056
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:07:10 +0000 (00:07 +0000)]
PR: 2055
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling in s2_srvr.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:03:50 +0000 (00:03 +0000)]
PR: 2054
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling
Dr. Stephen Henson [Wed, 30 Sep 2009 23:59:16 +0000 (23:59 +0000)]
PR: 2063
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
Dr. Stephen Henson [Wed, 30 Sep 2009 23:55:29 +0000 (23:55 +0000)]
PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
Dr. Stephen Henson [Wed, 30 Sep 2009 23:50:10 +0000 (23:50 +0000)]
PR: 2058
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
Dr. Stephen Henson [Wed, 30 Sep 2009 23:40:52 +0000 (23:40 +0000)]
Change version from 0.9.9 to 1.0.0 in docs