| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
used in various parts of TLS 1.0/1.1.
This will allow for code simplification in libssl.
The same interface exists in OpenSSL 1.1.
ok beck@ deraadt@ inoguchi@ millert@
|
|
|
|
"ssl3-md5" and "ssl-sha1", call the EVP_md5() and EVP_sha1() functions
directly.
ok beck@ inoguchi@
|
|
RES_USE_DNSSEC is implemented by setting the DNSSEC DO bit in outgoing
queries. The resolver is then supposed to set the AD bit in the reply
if it managed to validate the answer through DNSSEC. Useful when the
application doesn't implement validation internally. This scheme
assumes that the validating resolver is trusted and that the
communication channel between the validating resolver and and the client
is secure.
ok eric@ gilles@
|
|
ok tb@
|
|
|
|
of Japan, they are present in Mozilla's CA store. OK ajacoutot@
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
|
|
- add macro CHECK_GOTO
- unify function return code to rc
- add err: label for error goto
ok bcook@
|
|
that make use of it.
ok bcook@ inoguchi@
|
|
|
|
|
|
and document ERR_asprintf_error_data as their replacement.
ok jsing@, ingo@
|
|
|
|
about tls_error(3), and warn about some traps;
OK jmc@
|
|
EDNS allows for various DNS extensions, among which UDP DNS packets size
bigger than 512 bytes. The default is still to not advertize anything.
ok eric@
|
|
pointer being NULL.
Found by jsg@ with cppcheck; also detected by Coverity.
|
|
free() error path.
ok otto@
|
|
|
|
a page. This is not required by any standard and other malloc
implementation do not document (or implement) this. ok deraadt@
|
|
the unix connect is successful, let nc -z close the socket and exit
with 0.
OK jca@
|
|
|
|
Should make debugging easier, especially when using -x literal_ipv6_address
|
|
|
|
wrapper that calls poll(2) and handles the -w timeout.
OK beck@
|
|
there is already a close(2), so do not do it in readwrite().
OK beck@
|
|
loop. Use an additional poll(2) during the handshake and also
respect the -w timeout option there.
From Shuo Chen; OK beck@
|
|
provided error code matches the error that is currently on the top of the
error stack.
|
|
|
|
1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have
can now be counted on to achieve this level of sophistication nearly
everywhere.
ok jsing@
|
|
Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible
|
|
SSL_{,CTX_}ctrl() functions. As crazy as it is, some software appears to
call the control functions directly rather than using the macros (or
functions) provided by the library.
Discussed with beck@ and sthen@
|
|
ok jsing@
|
|
ok beck@
|
|
before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
|
|
|
don't have EAI_NODATA, so make this easier for people
from bernard spill
|
|
half a page and a page. ok jmatthew@ tb@
|
|
|
|
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.
ok jsing@
|
|
ok beck@ reyk@
|
|
client-initiated renegotiation. The current default behaviour remains
unchanged.
ok beck@ reyk@
|
|
This regress bntest.c patch is originally from master branch of OpenSSL.
- dca2e0e test/bntest.c: regression test for CVE-2016-7055.
- 3e7a496 test/bntest.c: regression test for carry bug in bn_sqr8x_internal.
These tests were added for these commit.
- 2fac86d bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
- 3f4bcf5 bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
ok beck@
|
|
This patch is originally from master branch of OpenSSL.
- 2198b3a crypto/evp: harden AEAD ciphers.
- 8e20499 crypto/evp: harden RC4_MD5 cipher.
ok tom@
|
|
jsing@ confirmed that these are public and worth documenting.
|
|
|
|
jsing@ confirmed that these macros are public and worth documenting.
|
|
and BN_RECP_CTX_init(3). They are not only deprecated but so
dangerous that they are almost unusable. I found these scary
traps while reading the code in order to document BN_set_flags(3).
While here, delete ERR_get_error(3) from SEE ALSO.
|
|
|
