Dr. Stephen Henson
0f776277bc
oops, use correct date
2010-02-26 12:13:36 +00:00
Dr. Stephen Henson
5814d829e6
update NEWS
2010-02-25 18:20:30 +00:00
Dr. Stephen Henson
f6bb465f87
update FAQ
2010-02-25 18:18:46 +00:00
Dr. Stephen Henson
db28aa86e0
add -trusted_first option and verify flag
2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
2da2ff5065
tidy verify code. xn not used any more and check for self signed more efficiently
2010-02-25 11:18:26 +00:00
Dr. Stephen Henson
fbd2164044
Experimental support for partial chain verification: if an intermediate
...
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Dr. Stephen Henson
04e4b82726
allow setting of verify names in command line utilities and print out verify names in verify utility
2010-02-25 00:11:32 +00:00
Dr. Stephen Henson
9b3d75706e
verify parameter enumeration functions
2010-02-25 00:08:23 +00:00
Dr. Stephen Henson
b1efb7161f
Include self-signed flag in certificates by checking SKID/AKID as well
...
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d
add anyExtendedKeyUsage OID
2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
385a488c43
prevent warning
2010-02-24 15:24:19 +00:00
Andy Polyakov
ea746dad5e
Reserve for option to implement AES counter in assembler.
2010-02-23 16:51:24 +00:00
Andy Polyakov
d976f99294
Add AES counter mode to EVP.
2010-02-23 16:48:41 +00:00
Andy Polyakov
e5a4de9e44
Add assigned OIDs, as well as "anonymous" ones for AES counter mode.
2010-02-23 16:47:17 +00:00
Dr. Stephen Henson
7d3d1788a5
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and
...
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
2010-02-23 14:09:09 +00:00
Bodo Möller
2d9dcd4ff0
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Bodo Möller
a839755329
Fix X509_STORE locking
2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
69582a592e
clarify documentation
2010-02-18 12:41:33 +00:00
Dr. Stephen Henson
7512141162
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
2010-02-17 19:43:56 +00:00
Dr. Stephen Henson
c2c49969e2
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
439aab3afc
Submitted by: Dmitry Ivanov <vonami@gmail.com>
...
Don't leave dangling pointers in GOST engine if calls fail.
2010-02-16 14:30:29 +00:00
Dr. Stephen Henson
8d934c2585
PR: 2171
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.
Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:21:11 +00:00
Dr. Stephen Henson
1458b931eb
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
918a5d04e4
PR: 2164
...
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>
Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:00:12 +00:00
Dr. Stephen Henson
f959598866
update references to new RI RFC
2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
5a9e3f05ff
PR: 2170
...
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>
Make -c option in dgst work again.
2010-02-12 17:07:16 +00:00
Dr. Stephen Henson
29e722f031
Fix memory leak in ENGINE autoconfig code. Improve error logging.
2010-02-09 14:17:14 +00:00
Dr. Stephen Henson
05566760da
update year
2010-02-09 14:12:49 +00:00
Dr. Stephen Henson
e3e31ff482
Use supplied ENGINE when initialising CMAC. Restore pctx setting.
2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
bae060c06a
add cvsignore
2010-02-08 15:34:02 +00:00
Dr. Stephen Henson
0ff907caf8
Make update.
2010-02-08 15:33:23 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355
Initial experimental CMAC implementation.
2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
cc0661374f
make update
2010-02-07 13:54:30 +00:00
Dr. Stephen Henson
089f02c577
oops, use new value for new flag
2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
c95bf51167
don't assume 0x is at start of string
2010-02-03 18:19:22 +00:00
Dr. Stephen Henson
2712a2f625
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
17ebc10ffa
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
434745dc19
PR: 2160
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Make session tickets work with DTLS.
2010-02-01 16:51:09 +00:00
Dr. Stephen Henson
b380f9b884
PR: 2159
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Typo in PR#1949 bug, oops!
2010-02-01 12:43:45 +00:00
Richard Levitte
749af8cb61
Typo.
2010-01-29 12:07:46 +00:00
Richard Levitte
1d62de0395
The previous take went wrong, try again.
2010-01-29 12:02:50 +00:00
Richard Levitte
d7b99700c0
Architecture specific header files need special handling.
2010-01-29 11:44:36 +00:00
Richard Levitte
cd6bc02b29
If opensslconf.h and buildinf.h are to be in an architecture specific
...
directory, place it in the same tree as the other architecture
specific things.
2010-01-29 11:43:50 +00:00
Dr. Stephen Henson
da454e4c67
typo
2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b
Experimental renegotiation support in s_server test -www server.
2010-01-28 19:48:36 +00:00