- 15 12月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
s_server was trying to set the ECDH curve when no-ec was defined. This also highlighted the fact that the -no_ecdhe option to s_server is broken, and doesn't make any sense any more (ECDHE is on by default and the only way it can be disabled is through the cipherstring). Therefore this commit removes the option. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 12 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 06 12月, 2015 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> MR: #364
-
- 21 11月, 2015 9 次提交
-
-
由 Matt Caswell 提交于
In theory the pthreads approach for Thread Local Storage should be more portable. This also changes some APIs in order to accommodate this change. In particular ASYNC_init_pool is renamed ASYNC_init_thread and ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init and ASYNC_cleanup. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
s_server already had the ability to wait on an async file descriptor. This adds it to s_client too. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
0 is a valid file descriptor so SSL_get_async_wait_fd should instead return -1 on error. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
If an async event occurs during a renegotiation in SSL_read then s_server was looping around, detecting we were in init and calling init_ssl_connection instead of re-calling SSL_read. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Implement the ASYNC_JOB as a local thread pool. Remove the API support for global pools. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Initial API implemented for notifying applications that an ASYNC_JOB has completed. Currently only s_server is using this. The Dummy Async engine "cheats" in that it notifies that it has completed *before* it pauses the job. A normal async engine would not do that. Only the posix version of this has been implemented so far, so it will probably fail to compile on Windows at the moment. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
It is expensive to create the ASYNC_JOB objects due to the "makecontext" call. This change adds support for pools of ASYNC_JOB objects so that we don't have to create a new ASYNC_JOB every time we want to use one. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The s_server option -WWW was not async aware, and therefore was not handling SSL_ERROR_WANT_ASYNC conditions. This commit fixes that. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
A new -async option is added which activates SSL_MODE_ASYNC. Also SSL_WANT_ASYNC errors are handled appropriately. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 10 11月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
continue on from previous commits but in the apps directory Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 31 10月, 2015 1 次提交
-
-
由 Rich Salz 提交于
All instances of SSLeay (any combination of case) were replaced with the case-equivalent OpenSSL. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 30 10月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer supported. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
s_server was (ab)using SSL_set_state to force a renegotiation. This is a bad way to do things and does not work with the new state machine code, so we need to do it a different way. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Clean up and remove lots of code that is now no longer needed due to the move to the new state machine. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 10月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 10月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#4035 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 28 9月, 2015 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 25 9月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
For those command line options that take the verification options -CApath and -CAfile, if those options are absent then the default path or file is used instead. It is not currently possible to specify *no* path or file at all. This change adds the options -no-CApath and -no-CAfile to specify that the default locations should not be used to all relevant applications. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 23 9月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Use sockaddr_storage not sockaddr for the client IP address to allow for IPv6. Also fixed a section of code which was conditional on OPENSSL_NO_DTLS1 which should not have been. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
由 Matt Caswell 提交于
DTLSv1_listen is a commonly used function within DTLS solutions for listening for new incoming connections. This commit adds support to s_server for using it. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 20 9月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3817 Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 9月, 2015 1 次提交
-
-
由 Ben Laurie 提交于
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require any code changes). Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 9月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
If the output to stdout or the input from stdin is meant to be binary, it's deeply unsetting to get the occasional LF converted to CRLF or the other way around. If someone happens to forget to redirect stdin or stdout, they will get gibberish anyway, line ending conversion will not change that. Therefore, let's not have dup_bio_* decide unilaterally what mode the BIO derived from stdin and stdout, and rather let the app decide by declaring the intended format. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 05 8月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
The -use_srtp s_client/s_server option is supposed to take a colon separated string as an argument. In master this was incorrectly set to expect a filename. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 31 7月, 2015 1 次提交
-
-
由 Adam Eijdenberg 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-
- 10 6月, 2015 2 次提交
-
-
由 Emilia Kasper 提交于
This is a workaround so old that nobody remembers what buggy clients it was for. It's also been broken in stable branches for two years and nobody noticed (see https://boringssl-review.googlesource.com/#/c/1694/). Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Except for VMS startup code. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 03 6月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 5月, 2015 1 次提交
-
-
由 Richard Levitte 提交于
The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 23 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
This fixes compilation with various OPENSSL_NO_* options that got broken during the big apps cleanup. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 19 5月, 2015 1 次提交
-
-
由 Robert Swiecki 提交于
Signed-off-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
This commit changes the way that we do server side protocol version negotiation. Previously we had a whole set of code that had an "up front" state machine dedicated to the negotiating the protocol version. This adds significant complexity to the state machine. Historically the justification for doing this was the support of SSLv2 which works quite differently to SSLv3+. However, we have now removed support for SSLv2 so there is little reason to maintain this complexity. The one slight difficulty is that, although we no longer support SSLv2, we do still support an SSLv3+ ClientHello in an SSLv2 backward compatible ClientHello format. This is generally only used by legacy clients. This commit adds support within the SSLv3 code for these legacy format ClientHellos. Server side version negotiation now works in much the same was as DTLS, i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to that then when a ClientHello is received it will work out the most appropriate version to respond with. Also, SSLv23_method and SSLv23_server_method have been replaced with TLS_method and TLS_server_method respectively. The old SSLv23* names still exist as macros pointing at the new name, although they are deprecated. Subsequent commits will look at client side version negotiation, as well of removal of the old s23* code. Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 15 5月, 2015 1 次提交
-
-
由 Rich Salz 提交于
Follow the same convention the other OPENSSL_NO_xxx header files do, and use #error instead of making the header file be a no-op. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 13 5月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Remove Kerberos related options from the apps to prepare for the subsequent commits which will remove libcrypto and libssl support for Kerberos. Reviewed-by: NRich Salz <rsalz@openssl.org>
-