Bodo Möller
00c1c6cb28
PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:26:08 +00:00
Dr. Stephen Henson
73f3c281ff
Update from HEAD.
2005-05-01 12:47:33 +00:00
Dr. Stephen Henson
4ed56cba63
New function BN_MONT_CTX_set_locked, to set montgomery parameters in a
...
threadsafe manner.
Modify or add calls to use it in rsa, dsa and dh algorithms.
2005-04-22 13:17:49 +00:00
Dr. Stephen Henson
96534114a3
Include error library value in C error source files instead of fixing up
...
at runtime.
2005-04-12 13:30:45 +00:00
Richard Levitte
d060fc9ff2
Now that things have been tagged properly, make preparations for the
...
next version in the 0.9.7 branch.
2005-04-11 15:15:09 +00:00
Richard Levitte
22e5a7935f
Prepare to release 0.9.7g.
...
The tag till be OpenSSL_0_9_7g.
2005-04-11 15:10:07 +00:00
Richard Levitte
93aeac64ce
Merge RFC3820 source into mainstream 0.9.7-stable.
2005-04-11 15:03:37 +00:00
Dr. Stephen Henson
c710c7b3a3
Make kerberos ciphersuites work with newer headers.
2005-04-09 23:32:37 +00:00
Ulf Möller
4cf8f9369c
undo Cygwin change
2005-03-23 22:01:57 +00:00
Dr. Stephen Henson
da26bcb5de
Update CHANGES, opensslv.h
2005-03-22 21:27:36 +00:00
Dr. Stephen Henson
9c29e781a8
Oops, use right date!
2005-03-22 19:14:42 +00:00
Dr. Stephen Henson
5c1fd5e316
Update files ready for release.
2005-03-22 18:17:23 +00:00
Dr. Stephen Henson
d5c2bc4bff
Oops...
2005-03-22 14:31:58 +00:00
Dr. Stephen Henson
61823b6a74
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
...
client random values.
2005-03-22 14:10:32 +00:00
Ulf Möller
6d2a7098d6
Cygwin randomness
2005-03-19 11:40:41 +00:00
Lutz Jänicke
e22e6bf0be
Fix hang in EGD/PRNGD query when communication socket is closed
...
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
2005-02-19 10:17:26 +00:00
Dr. Stephen Henson
370d418a7b
Prompt for passphrases with PKCS12 input format.
2004-12-29 01:05:35 +00:00
Andy Polyakov
fe707c3260
Summarize recent backports in CHANGES.
2004-12-20 13:21:25 +00:00
Dr. Stephen Henson
da8534693c
Add lots of checks for memory allocation failure, error codes to indicate
...
failure and freeing up memory if a failure occurs.
PR:620
2004-12-05 01:04:44 +00:00
Dr. Stephen Henson
3384bdd6fe
Add -passin argument to dgst command.
2004-12-03 12:29:17 +00:00
Dr. Stephen Henson
41191d14ce
Perform partial comparison of different character types in X509_NAME_cmp().
2004-12-01 01:45:57 +00:00
Richard Levitte
d133618ce2
Document the change.
2004-11-29 11:56:57 +00:00
Dr. Stephen Henson
2f547d2c1c
Change version numbers to 0.9.7f-dev
2004-10-25 11:31:28 +00:00
Dr. Stephen Henson
bfb7bac83b
Updates for 0.9.7e release.
2004-10-25 11:24:39 +00:00
Dr. Stephen Henson
8de8bcbe2c
Fix race condition when CRL checking is enabled.
2004-10-04 16:27:36 +00:00
Dr. Stephen Henson
a7f14cb4c6
Delta CRL support in extension code.
2004-07-06 17:26:33 +00:00
Dr. Stephen Henson
bdb4a7e092
Fixes so alerts are sent properly in s3_pkt.c
...
PR: 851
2004-05-15 17:46:50 +00:00
Bodo Möller
535aef9def
update from current 0.9.6-stable CHANGES file
2004-05-04 01:08:33 +00:00
Dr. Stephen Henson
5a9d2d9081
Port the random serial number generation to 0.9.7-stable.
...
Due to the changes in CA.pl in 0.9.8 (use of -self_sign) a slightly different
technique is used to ensure that 'ca' uses the next serial number. It
now initializes the serial number using 'openssl x509 -next_serial'.
2004-04-22 12:19:48 +00:00
Mark J. Cox
494593845c
After tagging
2004-03-17 12:03:38 +00:00
Mark J. Cox
82d63d3028
Fix null-pointer assignment in do_change_cipher_spec() revealed
...
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
Ready for 0.9.7d build
Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
2004-03-17 12:01:19 +00:00
Richard Levitte
051bb5c457
Incorporate the following changes from 0.9.8-dev:
...
2003-04-04 17:10 levitte
* apps/: apps.c (1.72), apps.h (1.56), ca.c (1.135), x509.c (1.82):
Convert save_serial() to work like save_index(), and add a
rotate_serial() that works like rotate_index().
2003-04-03 20:07 levitte
* apps/: apps.c (1.69), ca.c (1.130): Conditionalise all debug
strings.
2003-04-03 18:33 levitte
* apps/apps.c (1.68), apps/apps.h (1.55), apps/ca.c (1.129),
apps/ocsp.c (1.31), apps/openssl.cnf (1.24), apps/x509.c (1.80),
CHANGES (1.1139): Make it possible to have multiple active
certificates with the same subject.
2004-03-08 02:53:46 +00:00
Dr. Stephen Henson
01fc051e8a
Various X509 fixes. Disable broken certificate workarounds
...
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
2004-03-05 17:16:06 +00:00
Dr. Stephen Henson
33ad6eca7a
Use an OCTET STRING for the encoding of an OCSP nonce value.
...
The old raw format can't be handled by some implementations
and updates to RFC2560 will make the OCTET STRING mandatory.
2004-02-19 18:17:35 +00:00
Dr. Stephen Henson
31edde3edc
Add flag to avoid continuous
...
memory allocate when calling EVP_MD_CTX_copy_ex().
Without this HMAC is several times slower than
< 0.9.7.
2004-02-01 13:37:56 +00:00
Dr. Stephen Henson
c22e6753ef
Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
2003-11-10 01:25:11 +00:00
Dr. Stephen Henson
80986c9ced
Retrieve correct content to sign when the
...
type is "other".
2003-10-10 23:24:10 +00:00
Dr. Stephen Henson
0c6fa13fee
In order to get the expected self signed error when
...
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
2003-09-30 13:10:48 +00:00
Dr. Stephen Henson
68f0bcfbc3
Changes for release
2003-09-30 12:08:23 +00:00
Dr. Stephen Henson
662ede2370
Fix for ASN1 parsing bugs.
2003-09-30 12:05:44 +00:00
Bodo Möller
2689b8f326
certain changes have to be listed twice in this file because OpenSSL
...
0.9.6h forked into 0.9.6i and 0.9.7 ...
2003-09-04 12:52:10 +00:00
Dr. Stephen Henson
bd69ac5c93
New -ignore_err option in ocsp application to stop the server
...
exiting on the first error in a request.
2003-09-03 23:54:00 +00:00
Dr. Stephen Henson
33ed371ec9
Only accept a client certificate if the server requests
...
one, as required by SSL/TLS specs.
2003-09-03 23:42:17 +00:00
Bodo Möller
5cc2658cff
tolerate extra data at end of client hello for SSL 3.0
...
PR: 659
2003-07-21 15:17:49 +00:00
Bodo Möller
2f4335ec2b
fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
...
typo in 0.9.6k section
2003-07-21 15:08:03 +00:00
Richard Levitte
e2491c45ab
Document the last change.
...
PR: 587
2003-06-19 19:04:20 +00:00
Richard Levitte
398cd7276f
Prepare for changes in the 0.9.6 branch
2003-06-19 19:01:11 +00:00
Richard Levitte
873ddf7c0c
Prepare for changes in the 0.9.6 branch
2003-06-19 18:59:30 +00:00
Richard Levitte
f63f51dc22
Document the AES_cbc_encrypt() change
2003-06-10 04:42:42 +00:00
Dr. Stephen Henson
16c9148220
Move the base64 BIO fixes to 0.9.7-stable
2003-06-03 00:11:37 +00:00