| Commit message (Collapse) | Author | Files | Lines |
|---|
|
from Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400.
|
|
clarify that SSL_CTX_remove_session(3) marks the session as non-resumable.
From Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
and from Matt Caswell <matt at openssl dot org>
via OpenSSL commit b8964668 Apr 26 15:16:18 2017 +0100.
|
|
from the OpenSSL manual and from code inspection.
Use my own Copyright and license because no Copyright-worthy amount
of text from OpenSSL remains.
And, no, these functions do *NOT* check private keys, not at all.
|
|
from Richard Levitte <levitte at openssl dot org>
via OpenSSL commit e9c9971b Jul 1 18:28:50 2017 +0200
|
|
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
|
|
stating that RSA_padding_check_PKCS1_type_2(3) is weak by design;
from Emilia Kasper <emilia at openssl dot org>
via OpenSSL commit 1e3f62a3 Jul 17 16:47:13 2017 +0200.
|
|
dropping the secmem stuff that we don't want
|
|
now also documents it, in OPENSSL_malloc.pod
|
|
don't have, which implies renaming the file to EVP_PKEY_meth_get0_info.3
|
|
from Rich Salz <rsalz at openssl dot org>
via OpenSSL commit 1722496f Jun 8 15:18:38 2017 -0400
|
|
1. mention three additional functions for stitched ciphers
from Steven Collison <steven at raycoll dot com>
via OpenSSL commit 209fac9f Mar 28 12:46:07 2017 -0700
2. fix wrong data type of an automatic variable in an example
from Paul Yang <paulyang dot inf at gmail dot com>
via OpenSSL commit 719b289d May 22 23:18:45 2017 +0800
3. fix memory leak in sample encryption code and check return value of fopen
from Greg Zaverucha <gregz at microsoft dot com>
via OpenSSL commit 519a5d1e Jun 27 17:38:25 2017 -0700
|
|
|
|
'it works' deraadt@
|
|
from Beat Bolli <dev at drbeat dot li>
via OpenSSL commit 7a67a3ba Jan 18 23:49:43 2017 +0100
|
|
minor improvements. Mostly from Todd Short <tshort at akamai dot com>
via OpenSSL commit cf37aaa3 Aug 4 11:24:03 2017 +1000.
|
|
from Rich Salz, OpenSSL commit a95d7574, July 2, 2017
|
|
the OpenSSL manual page committed on July 27, 2017, and on source
code inspection. Use my own Copyright and license because no
copyright-worthy amount of text from OpenSSL remains.
NOTA BENE:
BUGS Most aspects of the semantics considerably differ from OpenSSL.
|
|
|
|
|
|
While importing:
* Fix the prototypes, they all contained wrong datatypes.
* Delete SSL3_VERSION which is no longer supported.
* Delete TLS1_3_VERSION and DTLS1_2_VERSION, not yet supported.
* Delete the lie that these would be macros.
* Improve SEE ALSO and HISTORY sections.
|
|
both pointed out by jsing@
|
|
|
|
wctrans_l(3), towctrans_l(3), wcscasecmp_l(3), wcsncasecmp_l(3),
and strerror_l(3)
|
|
|
|
|
|
messages, to avoid pulling in piles of other machinery unnecessarily
problem observed by schwarze@
ok deraadt@ millert@
|
|
ok beck@
|
|
|
|
This will only be used in portable. As noted, necessary to
make us conformant to RFC 5280 4.1.2.5.
ok jsing@ bcook@
|
|
Discussed with beck@ and jsing@
ok beck@
|
|
ok guenther@
|
|
Previously, the code would accept NULL and 0 length and try to
malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could
also fail in malloc and leave the old length.
Also, add a note that this public API has backwards semantics of what you
would expect where 0 is success and 1 is failure.
input + ok jsing@ beck@
|
|
strings. The original code is perfectly valid C, however it causes some
compilers to complain since it lacks room for a string NUL terminator and
the compiler is not smart enough to realise that these are only used as
byte arrays and never treated as strings.
ok bcook@ beck@ inoguchi@
|
|
This was added as a workaround for broken F5 TLS termination, which then
created issues talking to broken IronPorts. The size of the padding is
hardcoded so it cannot be used in any generic sense.
ok bcook@ beck@ doug@
|
|
This was a workaround for a server that needed to talk GOST to old/broken
CryptoPro clients. This has no impact on TLS clients that are using GOST.
ok bcook@ beck@ doug@
|
|
ok jsing@
|
|
ok tedu@
|
|
|
|
ok beck@ doug@
|
|
|
|
extension framework.
ok jsing@ beck@
|
|
|
|
ok bcook@ beck@ doug@
|
|
NPN was never standardised and the last draft expired in October 2012.
ALPN was standardised in July 2014 and has been supported in LibreSSL
since December 2014. NPN has also been removed from Chromium in May 2016.
TLS clients and servers that try to use/enable NPN will fail gracefully and
fallback to the default protocol, since it will essentially appear that the
otherside does not support NPN. At some point in the future we will
actually remove the NPN related symbols entirely.
ok bcook@ beck@ doug@
|
|
|
|
|
|
the read accessors we don't have and fixing the prototypes - the
data type of each and every argument differs in the OpenSSL manuals.
Reference the new page from SSL_set_tmp_ecdh(3) as suggested by jsing@.
|
|
Feedback and OK jsing@.
|
|
OK jsing.
|
|
|
