openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2021-04-15	mention DTLS1_2_VERSION	tb	1	-3/+4

2021-04-15	Mention DTLS1_2_VERSION here, too	tb	1	-6/+8

2021-04-15	Document SSL_OP_NO_DTLSv1{,_2}	tb	1	-2/+15

2021-04-15	Document DTLSv1_2_{,client_,server_}method(3)	tb	1	-4/+36

2021-04-15	Merge documentation for SSL_is_dtls() from OpenSSL	tb	1	-5/+21

2021-04-15	Switch back to the legacy verifier for the release.	tb	1	-2/+2
	This is disappointing as a lot of work was put into the new verifier during this cycle. However, there are still too many known bugs and incompatibilities. It is better to be faced with known broken behavior than with new broken behavior and to switch now rather than via errata. This way we have another cycle to iron out the kinks and to fix some of the remaining bugs. ok jsing
2021-04-14	revert previous. some of the keyupdate tests still fail occasionally	tb	1	-2/+11

2021-04-14	Enable test-tls13-keyupdate.py	tb	1	-9/+2

2021-04-14	move test-record-size-limit.py to unsupported	tb	1	-4/+3

2021-04-14	enable test-record-layer-fragmentation.py	tb	1	-7/+2

2021-04-14	factor argument to catch an alert mismatch into a helper function	tb	1	-7/+8

2021-04-13	enable test-tlsfuzzer-invalid-compression-methods.py	tb	1	-5/+10

2021-04-13	enable test-large-hello.py as a slow test	tb	1	-3/+2

2021-04-13	with new defaults, test-fuzzed-plaintext.py is no longer slow	tb	1	-3/+2

2021-04-13	move a few tests to the unsupported group and fix two comments	tb	1	-15/+15

2021-04-13	annotate test-ecdhe-rsa-key-exchange-with-bad-messages.py with expected	tb	1	-2/+3
	alerts and where to add them.
2021-04-11	Update a stale comment and fix a typo.	tb	1	-3/+3

2021-04-09	An extra internal consistency check and a missing stats adjustment. ok tb@	otto	1	-1/+4

2021-04-09	Cache implementation has changed, we do not hold on to an exact number	otto	1	-3/+4
	of pages anymore, but also cache larger regions; ok tb@
2021-04-08	Enable test-cve-2016-6309.py	tb	1	-3/+2

2021-04-07	Avoid clobbering the error code when sending an alert	tb	1	-2/+3
	In order to fail gracefully on encountering a self-signed cert, curl looks at the top-most error on the stack and needs specific SSL_R_ error codes. This mechanism was broken when the tls13_alert_sent_cb() was added after people complained about unhelpful unknown errors. Fix this by only setting the error code from a fatal alert if no error has been set previously. Issue reported by Christopher Reid ok jsing
2021-04-07	Use ERR_print_error_fp() to avoid leaking a BIO in fatal()	tb	1	-2/+2

2021-04-07	Check function return value in openssl(1) x509.c	inoguchi	1	-24/+71
	input from bcook@, ok and comments from tb@
2021-04-07	Avoid leak in error path	inoguchi	1	-3/+7
	ok and input from tb@
2021-04-06	use errx() instead of err()	tb	1	-8/+8

2021-04-06	spaces -> tabs	tb	1	-5/+5

2021-04-06	minor style tweaks	tb	1	-5/+6

2021-04-05	Don't leak param->name in x509_verify_param_zero()	tb	1	-1/+2
	For dynamically allocated verify parameters, param->name is only ever set in X509_VERIFY_set1_name() where the old one is freed and the new one is assigned via strdup(). Setting it to NULL without freeing it beforehand is a leak. looks correct to millert, ok inoguchi
2021-04-04	Add missing error check for AES_unwrap_key().	tb	1	-1/+3

2021-04-04	Fix two copy paste errors in error messages	tb	1	-3/+3

2021-04-04	Add tests for DTLSv1_2{,_client,_server}_method()	tb	1	-1/+20

2021-04-04	Use correct type for tmp in test_write_bytes()	tb	1	-2/+2

2021-04-04	Explicitly NULL pointers to avoid a double free.	tb	1	-1/+3

2021-04-04	Don't leak key and dh in the error path.	tb	1	-4/+7

2021-04-04	Clean up client and server tls{,_config} contexts in tls_test().	tb	1	-2/+11
	Leaks reported by Ilya Shipitsin.
2021-04-03	Run the CMAC tests through EVP_PKEY_new_CMAC_key().	tb	1	-10/+22

2021-04-02	Two cases of BRE involving counts and backrefs that go wrong and	otto	1	-1/+16
	similar that have no isssues. Reported by Michael Paoli. Failing cases commented out for now.
2021-04-02	Show DTLS1.2 message with openssl(1) s_server and s_client	inoguchi	1	-2/+6
	ok jsing@ tb@
2021-04-01	Compare the pointer variable explicitly with NULL in if condition	inoguchi	1	-18/+17

2021-03-31	one of the examples needs an -N (and explanation);	jmc	1	-4/+7
	diff from robert scheck discussed with and tweaked by sthen
2021-03-31	Update for DTLSv1.2 support.	tb	1	-2/+4

2021-03-31	Remove workarounds for SSL_is_dtls()	tb	2	-11/+2
	Reminded by inoguchi jsing
2021-03-31	Remove workaround for missing d2i_DSAPrivateKey_fp prototype	tb	1	-5/+1

2021-03-31	Bump minors after symbol addition	tb	3	-3/+3

2021-03-31	Expose various DTLSv1.2 specific functions and defines	tb	5	-27/+8
	ok bcook inoguchi jsing
2021-03-31	Document SSL_set_hostflags(3) and SSL_get0_peername(3)	tb	1	-18/+4
	ok bcook inoguchi jsing
2021-03-31	Expose SSL_set_hostflags(3) and SSL_get0_peername(3)	tb	2	-3/+3
	ok bcook inoguchi jsing
2021-03-31	Document SSL_use_certificate_chain_file(3)	tb	1	-11/+3
	ok bcook inoguchi jsing
2021-03-31	Expose SSL_use_certificate_chain_file(3)	tb	2	-3/+2
	ok bcook inoguchi jsing
2021-03-31	Provide missing prototype for d2i_DSAPrivateKey_fp(3)	tb	1	-1/+2
	ok bcook inoguchi jsing