Dr. Stephen Henson [Tue, 10 Nov 2009 00:48:07 +0000 (00:48 +0000)]
PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
Dr. Stephen Henson [Mon, 9 Nov 2009 19:03:34 +0000 (19:03 +0000)]
First cut of renegotiation extension. (port to HEAD)
Dr. Stephen Henson [Mon, 9 Nov 2009 17:33:32 +0000 (17:33 +0000)]
update CHANGES
Dr. Stephen Henson [Mon, 9 Nov 2009 14:56:33 +0000 (14:56 +0000)]
make udpate
Dr. Stephen Henson [Mon, 9 Nov 2009 14:13:23 +0000 (14:13 +0000)]
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
Dr. Stephen Henson [Sun, 8 Nov 2009 14:36:12 +0000 (14:36 +0000)]
If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.
Dr. Stephen Henson [Sat, 7 Nov 2009 22:22:40 +0000 (22:22 +0000)]
Ooops, revert committed conflict.
Dr. Stephen Henson [Mon, 2 Nov 2009 13:38:22 +0000 (13:38 +0000)]
PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Fragment size bug fix.
Dr. Stephen Henson [Sat, 31 Oct 2009 19:22:18 +0000 (19:22 +0000)]
Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
Dr. Stephen Henson [Sat, 31 Oct 2009 13:33:57 +0000 (13:33 +0000)]
Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
Dr. Stephen Henson [Fri, 30 Oct 2009 14:06:03 +0000 (14:06 +0000)]
Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
Dr. Stephen Henson [Fri, 30 Oct 2009 13:29:30 +0000 (13:29 +0000)]
Move CHANGES entry to 0.9.8l section
Dr. Stephen Henson [Fri, 30 Oct 2009 13:22:24 +0000 (13:22 +0000)]
Fix statless session resumption so it can coexist with SNI
Dr. Stephen Henson [Wed, 28 Oct 2009 19:52:18 +0000 (19:52 +0000)]
Don't attempt session resumption if no ticket is present and session
ID length is zero.
Dr. Stephen Henson [Wed, 28 Oct 2009 19:50:59 +0000 (19:50 +0000)]
oops!
Dr. Stephen Henson [Wed, 28 Oct 2009 19:48:09 +0000 (19:48 +0000)]
PR: 2085
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Change domd test to match 1.0.0+ version: check $MAKEDEPEND
ends in "gcc" to support cross compilers.
Dr. Stephen Henson [Wed, 28 Oct 2009 17:49:30 +0000 (17:49 +0000)]
Add -no_cache option to s_server
Dr. Stephen Henson [Wed, 28 Oct 2009 15:33:32 +0000 (15:33 +0000)]
Don't replace whole AR line
Dr. Stephen Henson [Wed, 28 Oct 2009 14:00:29 +0000 (14:00 +0000)]
PR: 2081
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect AR and RANLIB environment variables if set.
Dr. Stephen Henson [Wed, 28 Oct 2009 13:55:44 +0000 (13:55 +0000)]
PR: 2080
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org
Respect MAKE environment variable if set.
Dr. Stephen Henson [Wed, 28 Oct 2009 13:52:07 +0000 (13:52 +0000)]
PR: 2078
Submitted by: Dale Anderson <dra@redevised.net>
Approved by: steve@openssl.org
Corrections to bn_internal documentation.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:36:41 +0000 (12:36 +0000)]
Clarification
Dr. Stephen Henson [Fri, 23 Oct 2009 12:22:54 +0000 (12:22 +0000)]
Add an FAQ.
Dr. Stephen Henson [Fri, 23 Oct 2009 12:06:35 +0000 (12:06 +0000)]
If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
Dr. Stephen Henson [Thu, 22 Oct 2009 23:12:05 +0000 (23:12 +0000)]
Need to check <= 0 here.
Dr. Stephen Henson [Mon, 19 Oct 2009 13:16:01 +0000 (13:16 +0000)]
PR: 2070
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org
Fix wrong cast.
Dr. Stephen Henson [Sun, 18 Oct 2009 14:53:00 +0000 (14:53 +0000)]
make update
Dr. Stephen Henson [Sun, 18 Oct 2009 14:40:33 +0000 (14:40 +0000)]
Use new X509_STORE_set_verify_cb function instead of old macro.
Dr. Stephen Henson [Sun, 18 Oct 2009 14:27:01 +0000 (14:27 +0000)]
take install prefix from the environment
Dr. Stephen Henson [Sun, 18 Oct 2009 14:01:17 +0000 (14:01 +0000)]
Document more error codes.
Dr. Stephen Henson [Sun, 18 Oct 2009 13:26:08 +0000 (13:26 +0000)]
Verification callback functions.
Dr. Stephen Henson [Sun, 18 Oct 2009 13:24:16 +0000 (13:24 +0000)]
Add "missing" function X509_STORE_set_verify_cb().
Dr. Stephen Henson [Sat, 17 Oct 2009 23:08:32 +0000 (23:08 +0000)]
Clarification.
Dr. Stephen Henson [Sat, 17 Oct 2009 23:00:18 +0000 (23:00 +0000)]
Preliminary documentation for X509_VERIFY_PARAM.
Dr. Stephen Henson [Sat, 17 Oct 2009 18:05:53 +0000 (18:05 +0000)]
Add docs for X509_STORE_CTX_new() and related functions.
Dr. Stephen Henson [Sat, 17 Oct 2009 17:07:17 +0000 (17:07 +0000)]
More X509 verification docs.
Dr. Stephen Henson [Sat, 17 Oct 2009 17:06:19 +0000 (17:06 +0000)]
Typo.
Dr. Stephen Henson [Sat, 17 Oct 2009 12:46:52 +0000 (12:46 +0000)]
Manual page for X509_verify_cert()
Dr. Stephen Henson [Fri, 16 Oct 2009 15:30:13 +0000 (15:30 +0000)]
PR: 2074
Submitted by: Bram Neijt <bneijt@gmail.com>
Approved by: steve@openssl.org
Typo: "contet".
Dr. Stephen Henson [Fri, 16 Oct 2009 15:24:07 +0000 (15:24 +0000)]
PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Avoid potential doublefree and reuse of freed handshake_buffer.
Dr. Stephen Henson [Fri, 16 Oct 2009 13:41:39 +0000 (13:41 +0000)]
PR: 2073
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Don't access freed SSL_CTX in SSL_free().
Dr. Stephen Henson [Thu, 15 Oct 2009 23:43:54 +0000 (23:43 +0000)]
Fixes to CROSS_COMPILE, don't override command line option from environment
Dr. Stephen Henson [Thu, 15 Oct 2009 18:49:30 +0000 (18:49 +0000)]
Fix for WIN32 and possibly other platforms which don't define in_port_t.
Dr. Stephen Henson [Thu, 15 Oct 2009 18:08:05 +0000 (18:08 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:41:31 +0000 (17:41 +0000)]
PR: 2069
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
IPv6 support for DTLS.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:27:34 +0000 (17:27 +0000)]
PR: 1847
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Integrated patches to CA.sh to bring it into line with CA.pl functionality.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:17:45 +0000 (17:17 +0000)]
Revert extra changes from previous commit.
Dr. Stephen Henson [Thu, 15 Oct 2009 17:13:54 +0000 (17:13 +0000)]
PR: 2066
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org
Add -r option to dgst to produce format compatible with core utilities.
Dr. Stephen Henson [Thu, 15 Oct 2009 13:05:04 +0000 (13:05 +0000)]
Rename CROSS_COMPILE_PREFIX to CROSS_COMPILE
Dr. Stephen Henson [Wed, 7 Oct 2009 16:44:03 +0000 (16:44 +0000)]
Allow uname values to be overridden by the environment
Dr. Stephen Henson [Wed, 7 Oct 2009 16:41:14 +0000 (16:41 +0000)]
Allow cross compilation prefix to come from CROSS_COMPILE environment variable
Andy Polyakov [Tue, 6 Oct 2009 07:17:57 +0000 (07:17 +0000)]
Combat gcc 4.4.1 aliasing rules.
Dr. Stephen Henson [Sun, 4 Oct 2009 16:52:51 +0000 (16:52 +0000)]
Fix unitialized warnings
Dr. Stephen Henson [Sun, 4 Oct 2009 16:42:56 +0000 (16:42 +0000)]
Fix warnings about ignoring fgets return value
Dr. Stephen Henson [Sun, 4 Oct 2009 14:04:27 +0000 (14:04 +0000)]
Prevent ignored return value warning
Dr. Stephen Henson [Sun, 4 Oct 2009 14:02:22 +0000 (14:02 +0000)]
Prevent aliasing warning
Dr. Stephen Henson [Fri, 2 Oct 2009 18:20:22 +0000 (18:20 +0000)]
Typo.
Dr. Stephen Henson [Thu, 1 Oct 2009 12:17:44 +0000 (12:17 +0000)]
Yes it is a typo ;-)
Dr. Stephen Henson [Thu, 1 Oct 2009 00:25:24 +0000 (00:25 +0000)]
PR: 2061
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct i2b_PVK_bio error handling in rsa.c, dsa.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:21:20 +0000 (00:21 +0000)]
PR: 2062
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BN_rand error handling in bntest.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:17:59 +0000 (00:17 +0000)]
PR: 2059
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_SealInit error handling in pem_seal.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:11:04 +0000 (00:11 +0000)]
PR: 2056
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:06:14 +0000 (00:06 +0000)]
PR: 2055
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling in s2_srvr.c
Dr. Stephen Henson [Thu, 1 Oct 2009 00:02:52 +0000 (00:02 +0000)]
PR: 2054
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_ctrl error handling
Dr. Stephen Henson [Wed, 30 Sep 2009 23:58:37 +0000 (23:58 +0000)]
PR: 2063
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
Dr. Stephen Henson [Wed, 30 Sep 2009 23:55:53 +0000 (23:55 +0000)]
PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
Dr. Stephen Henson [Wed, 30 Sep 2009 23:49:11 +0000 (23:49 +0000)]
PR: 2058
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
Dr. Stephen Henson [Wed, 30 Sep 2009 23:43:01 +0000 (23:43 +0000)]
Change version from 0.9.9 to 1.0.0 in docs
Dr. Stephen Henson [Wed, 30 Sep 2009 21:40:55 +0000 (21:40 +0000)]
PR: 2064, 728
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
Dr. Stephen Henson [Wed, 30 Sep 2009 21:36:17 +0000 (21:36 +0000)]
Free SSL_CTX after BIO
Dr. Stephen Henson [Wed, 23 Sep 2009 23:49:04 +0000 (23:49 +0000)]
Fixup sureware ENGINE to handle new RAND_METHOD
Dr. Stephen Henson [Wed, 23 Sep 2009 23:43:49 +0000 (23:43 +0000)]
Audit libcrypto for unchecked return values: fix all cases enountered
Dr. Stephen Henson [Wed, 23 Sep 2009 23:40:13 +0000 (23:40 +0000)]
Add more return value checking attributes to evp.h and hmac.h
Dr. Stephen Henson [Wed, 23 Sep 2009 16:29:20 +0000 (16:29 +0000)]
Add DEBUG_UNUSED to debug-steve* entries
Dr. Stephen Henson [Wed, 23 Sep 2009 16:27:10 +0000 (16:27 +0000)]
Add attribute to check if return value of certain functions is incorrectly
ignored.
Dr. Stephen Henson [Tue, 22 Sep 2009 11:34:45 +0000 (11:34 +0000)]
PR: 2050
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
Dr. Stephen Henson [Sun, 20 Sep 2009 16:41:27 +0000 (16:41 +0000)]
PR: 2047
Submitted by: David Lee <live4thee@gmail.com>, steve@openssl.org
Approved by: steve@openssl.org
Fix for IPv6 handling in BIO_get_accept_socket().
Dr. Stephen Henson [Sun, 20 Sep 2009 12:46:55 +0000 (12:46 +0000)]
Ooops, missing close quote
Dr. Stephen Henson [Sun, 20 Sep 2009 12:39:32 +0000 (12:39 +0000)]
Don't use __try+__except unless on VC++
Dr. Stephen Henson [Sun, 20 Sep 2009 11:40:13 +0000 (11:40 +0000)]
add version info for VC-WIN64I too
Dr. Stephen Henson [Sat, 19 Sep 2009 23:00:55 +0000 (23:00 +0000)]
PR: 2048
Submitted by: john blair <mailtome200420032002@yahoo.com>
Approved by: steve@openssl.org
Add version info in VC-WIN64A too.
Andy Polyakov [Thu, 17 Sep 2009 19:35:13 +0000 (19:35 +0000)]
cmll-x86_64.pl: small buglet in CBC subroutine.
PR: 2035
Dr. Stephen Henson [Tue, 15 Sep 2009 22:48:57 +0000 (22:48 +0000)]
PR: 2039
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen bug fix,
Dr. Stephen Henson [Sun, 13 Sep 2009 11:29:29 +0000 (11:29 +0000)]
Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
Dr. Stephen Henson [Sat, 12 Sep 2009 23:34:41 +0000 (23:34 +0000)]
PR: 2023
Submitted by: James Beckett <jmb.openssl@nospam.hackery.net>, steve
Approved by: steve@openssl.org
Fix documentation errors in d2i_X509 manual pages.
Dr. Stephen Henson [Sat, 12 Sep 2009 23:17:39 +0000 (23:17 +0000)]
PR: 2025
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
Dr. Stephen Henson [Sat, 12 Sep 2009 23:09:45 +0000 (23:09 +0000)]
PR: 1411
Submitted by: steve@openssl.org
Allow use of trusted certificates in SSL_CTX_use_chain_file()
Dr. Stephen Henson [Fri, 11 Sep 2009 11:02:52 +0000 (11:02 +0000)]
PR: 2038
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org
Avoid double call to BIO_free().
Dr. Stephen Henson [Wed, 9 Sep 2009 17:05:18 +0000 (17:05 +0000)]
PR: 2033
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen support.
Dr. Stephen Henson [Wed, 9 Sep 2009 16:31:32 +0000 (16:31 +0000)]
Add new option --strict-warnings to Configure script. This is used to add
in devteam warnings into other configurations.
Dr. Stephen Henson [Wed, 9 Sep 2009 12:15:08 +0000 (12:15 +0000)]
Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
Dr. Stephen Henson [Mon, 7 Sep 2009 17:57:18 +0000 (17:57 +0000)]
PR: 2031
Submitted by: steve@openssl.org
Tolerate application/timestamp-response which some servers send out.
Dr. Stephen Henson [Sun, 6 Sep 2009 17:56:30 +0000 (17:56 +0000)]
Typo presumably....
Dr. Stephen Henson [Sun, 6 Sep 2009 15:58:19 +0000 (15:58 +0000)]
Make update, deleting bogus DTLS error code
Dr. Stephen Henson [Sun, 6 Sep 2009 15:49:46 +0000 (15:49 +0000)]
PR: 1644
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
Dr. Stephen Henson [Fri, 4 Sep 2009 17:42:53 +0000 (17:42 +0000)]
PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS cookie management bugs.
Dr. Stephen Henson [Fri, 4 Sep 2009 12:27:12 +0000 (12:27 +0000)]
Correction: salt is now default
Dr. Stephen Henson [Fri, 4 Sep 2009 11:30:59 +0000 (11:30 +0000)]
Oops, s can be NULL
Dr. Stephen Henson [Wed, 2 Sep 2009 15:57:24 +0000 (15:57 +0000)]
PR: 2020
Submitted by: Keith Beckman <kbeckman@mcg.edu>, Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org
Fix improperly capitalized references to WWW::Curl::Easy.
Dr. Stephen Henson [Wed, 2 Sep 2009 15:51:19 +0000 (15:51 +0000)]
PR: 2029
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org
Fix so that the legacy digest EVP_dss1() still works.