| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
arguments of X509_PURPOSE_add(3), X509_PURPOSE_get0_name(3),
X509_PURPOSE_get0_sname(3), X509_PURPOSE_get_by_sname(3),
X509_PURPOSE_get_id(3), X509_PURPOSE_get_trust(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
Based on BoringSSL.
Thanks to Dale Ghent <daleg at elemental dot org> for assisting in
identifying the issue and testing this fix.
ok inoguchi@
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
| |
No change to generated assembly excluding line numbers.
|
| |
|
|
|
|
| |
they don't make sense.
ok beck@
|
| |
|
|
|
|
| |
be enabled, mostly since people use SANs instead.
ok beck@ guenther@
|
| |
|
|
| |
15 years.
|
| |
|
|
|
|
|
|
|
|
|
| |
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being
allocated in the function) to be freed if modifying that object would fail
due to a low memory condition, while this object would still be referenced
elsewhere.
Fix this by only cleaning the object if we did not allocate it here.
While there, fail early if either `name' or `sname' are NULL, rather than
allocating an object and realizing we have nothing to strdup() into it.
ok guenther@
|
| |
|
|
|
|
| |
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@
|
| |
|
|
|
|
|
|
| |
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| |
|
|
|
|
| |
are needed in the source files that actually require them.
ok beck@ miod@
|
| |
|
|
|
|
|
|
| |
(Thanks to Brent Cook)
With help from tedu@
OK from tedu@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
|
| |
to -1 to properly search all extensions. ok tedu@
From http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=300b9f0b70
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
|
